My computer has something

I

indiancexi

New member
From false internet wanings to AVG saying trijan Horse Dropper.Generic.thc,gneric9.AHRD and Adware Generic2..xwp I ran the Kaspersky scan but could never get the cmputer to go in safe mode.I have tried for three days and have done this dozens of times. and ran spybot and ran hijackthis listed as nijackthislog1
Thanks in advance for your help.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 30, 2007 8:52:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/12/2007
Kaspersky Anti-Virus database records: 500388
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 99343
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 05:35:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12302007-130009.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AA3F1F9C-035F-4099-9FC4-D0E44D0DEB3C} Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\D3389.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\user\Local Settings\Temp\D3389.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\user\Local Settings\Temp\D338E.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\Documents and Settings\user\Local Settings\Temp\D338E.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\Documents and Settings\user\Local Settings\Temp\D338E.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\user\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\hsperfdata_user\3136 Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF7D6F.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF7DC4.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFF181.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Windows Defender\MSASCui.exe Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP514\A0075369.EXE Object is locked skipped
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP514\A0075370.exe Object is locked skipped
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP522\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F6F4B736-479A-4E69-979B-191705285207}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mljif.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Here is the hijackthislog1 file copy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:33 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\HP\PRODUC~1\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.roanoke.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -

C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program

Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro

2007\XPRepairPro.exe /r
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

(User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak

EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program

Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol

toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -

C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

(file missing)
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

http://www.ipix.com/download/ipixx.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) -

http://games.bigfishgames.com/en_mysteryofsharkisla/online/MysteryOfSharkIslandWe

b.1.0.0.8.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) -

http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

http://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader

.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit

e.cab?1152448988654
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) -

http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object)

- http://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -

http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) -

http://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/Spin

TopGamesLauncher.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} -

http://games.bigfishgames.com/en_mysterysolitairese/online/SpinTopGamesLauncher.c

ab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) -

http://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -

http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -

http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -

http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) -

http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) -

http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://aolsvc.aol.com/onlinegames/free-trial-delicious-2-deluxe/zylomplayer.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) -

http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl

Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup163.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc -

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program

Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11218 bytes

Please let me know what to do next.
 
First I am so sorry it took me so long to respond. I ran this but I was having trouble getting my computer in safe mode to run a good scan and AVG is telling me I have a trojan horses Dropper.Generic.THTin C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe and also in C:\WINDOWS\system32\mljif.exe. I ran this scan in safe mode and it deleted both these files. But I had it put msconfig back cause I didn't know if I could switch my computer without this file so of course I am back where I started. So if you could please help me rid my computer of this.
 
hi,

try running vundofix;
you are doing it like this??

restart your computer, tap the f8 key to bring up the menu. chose the first option on the list: safe mode.

vundo:
download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
----------------------------------------------
also download and run:
Download combofix from one of these links and save it to your Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any anti malware programs you might have running so they do not interfere with the running of ComboFix.


Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

post the vundo log, a new hjt log and the combofix log please.

shelf life
 
Last edited:
ok the different viruses and trojans that are on my computer have deleted the msconfig For some reason I can not start my computer in safe mode. I can not start it by start\run\msconfig\boot.ini\safe boot. because msconfig has been deleted cause it had a virus. So I need a little more help. Avg says I have
object name A0000129.exe
path C:\system volume information\_restore(DE8E6E1-509B-4F6A-9F86-CE15892ADc67)\RP3\
virus identified Win32/Prepender.C

object name A0000138.exe
path C:\system volume information\_restore(DE8E6E1-509B-4F6A-9F86-CE15892ADc67)\RP3\
virus identified Win32/Prepender.C

object name mljif.exe
path C:\WINDOWS\system32\
virus identified Win32/Prepender.C

So now what do I do without msconfig
 
hi indiancexi,

this:
C:\system volume information\_restore
is your system restore points, which we can clean out later.
---------------------------------

Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.


Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
here is the file you requested

ComboFix 08-01-13.1 - user 2008-01-13 10:09:40.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\user\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\user\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1196045357.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\fijlm.ini
C:\WINDOWS\system32\fijlm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljif.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 10:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 22:54 . 2008-01-13 09:48 <DIR> d-------- C:\VundoFix Backups
2008-01-12 22:00 . 2008-01-12 22:00 3,584 --a------ C:\WINDOWS\system32\mljif.exe
2008-01-12 12:00 . 2008-01-12 12:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-01-12 11:58 . 2008-01-12 11:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 11:57 . 2008-01-12 11:57 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-12 11:56 . 2008-01-12 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:56 . 2008-01-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 09:27 . 2008-01-10 09:38 196,608 -ra------ C:\icei5_12_05use this.QBW.TLG
2008-01-09 16:50 . 2008-01-09 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-06 14:18 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-03 08:37 . 2008-01-07 07:01 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-03 08:27 . 2008-01-03 08:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 12:59 . 2008-01-02 13:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-30 12:13 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-30 12:13 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-30 12:13 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-30 12:13 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-30 12:13 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-30 12:13 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-30 12:13 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-30 12:13 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-30 12:13 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-29 20:49 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1c
2007-12-27 09:53 . 2007-12-28 12:01 <DIR> d-------- C:\Program Files\AOL 9.1b
2007-12-26 09:35 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1a
2007-12-25 09:57 . 2007-12-25 09:57 <DIR> d-------- C:\WINDOWS\aolshare
2007-12-25 09:56 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-24 23:25 . 2008-01-12 22:13 33,053 --a------ C:\logfile
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:59 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-24 22:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:58 . 2007-12-24 22:58 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-24 22:41 . 2007-12-24 23:00 <DIR> d-------- C:\Program Files\Kodak
2007-12-24 22:38 . 2007-12-24 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-24 15:51 . 2007-12-24 15:51 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-12-19 16:07 . 2007-12-19 16:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Snapfish
2007-12-16 21:14 . 2007-12-16 21:14 <DIR> d-------- C:\Program Files\Disney
2007-12-15 15:40 . 2007-12-15 15:40 <DIR> d-------- C:\Program Files\Simple Star

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 22:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-01-05 08:01 --------- d-----w C:\Program Files\LimeWire
2007-12-31 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 02:05 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-12-30 01:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-30 01:51 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-30 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 16:37 --------- d-----w C:\Program Files\AOL Games
2007-12-26 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 05:59 --------- d-----w C:\Program Files\AOL 9.0a
2007-12-25 08:29 --------- d-----w C:\Program Files\QuickTime
2007-12-24 04:54 --------- d-----w C:\Program Files\John Deere American Farmer
2007-12-15 21:05 --------- d-----w C:\Documents and Settings\user\Application Data\Simple Star
2007-12-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star
2007-12-15 20:53 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-12-14 14:14 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-11-30 08:54 --------- d-----w C:\Program Files\iTunes
2007-11-18 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-11-16 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-13 03:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-03-26 00:47 45,240 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
.
Code: 
<pre>
----a-w            50,736 2007-12-23 04:52:03  C:\Program Files\AOL 9.0a\AOL .EXE
----a-w            50,736 2007-12-23 04:20:15  C:\Program Files\Common Files\AOL\1137963347\EE\AOLSoftware .exe
----a-w           579,072 2007-12-23 04:19:45  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w         1,694,208 2007-12-23 04:20:07  C:\Program Files\Messenger\msmsgs .exe
</pre>


((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 313,472 2006-03-30 20:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 335,872 2003-07-29 18:30:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 42,032 2007-04-12 21:23:31 C:\Program Files\Common Files\AOL\1137963347\EE\bak\AOLSoftware.exe

----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe
----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

----a-w 180,269 2006-02-25 21:34:28 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 421,888 2007-09-21 11:31:42 C:\Program Files\Grisoft\AVG7\bak\avgcc.exe

----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 278,528 2006-06-14 20:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 290,816 2005-04-18 20:35:10 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 11:56 219136]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 15:59:44]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-06-05 20:35:54]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-01-20 14:28:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-12 11:57 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspon]
vtuspon.dll

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S3 DCamUSBSTK016;STK016 Camera;C:\WINDOWS\system32\DRIVERS\STK016W2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 03:39:19 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16
"2008-01-13 15:32:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 10:29:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 10:47:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 15:47:09
.
2008-01-13 08:02:41 --- E O F ---
 
hi,

thanks for the info. two things:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...

i have never seen this before in a combofix log.
its possible that due to malware or other problems the recovery console might have to be used. Let me find out the significance of it in relation to combofix before we continue.

next: you have the new vundo infection making the rounds. normally i like to get these trojans on my own machine first before i help somebody else. I havent "gotten" this one yet so you will be my first. we can stumble through it together.

to start:
download RenV.exe by sUBs:

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Save it to your Desktop
Double click it to run it
When it has finished, it will produce a log for you
Copy and paste that log (Log.txt) in your next reply.

shelf life
 
Here is the renV log you requested

Code: 
Ran on Sun 01/13/2008 - 14:14:15.84

----a-w            50,736 2007-12-23 04:52:03  C:\Program Files\AOL 9.0a\AOL .EXE
----a-w            50,736 2007-12-23 04:20:15  C:\Program Files\Common Files\AOL\1137963347\EE\AOLSoftware .exe
----a-w           579,072 2007-12-23 04:19:45  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w         1,694,208 2007-12-23 04:20:07  C:\Program Files\Messenger\msmsgs .exe

 Entries:                4  (4)
 Directories:            0  Files:             4
 Bytes:          2,374,752  Blocks:        4,640

I keep seeing AOL come up in these tests. Whatever this is it messes up AOL and I have to go threw internet Explorer to get to aol without downloading it again. I have also removed AVG and reinstalled itjust to make sure it was working properly. I did this yesterday.
 
This mess my computer has started with what I listed in the first post. Then later scans with AGV showed this

C:\Documents and Settings\user\Local Settings\Temp\npftmhow.exe Deleted
Trojan horse backdoor.Agent.PTA
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4SEPU7FR\hctp[1] Moved to Vault
Virus found LOP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4SEPU7FR\ptch[1] Moved to Vault
Virus found LOP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\G2HP8B9G\ptch[1] Moved to Vault
Virus found LOP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\IWSCQPKL\gamadril20071203[1] Deleted
Trojan horse backdoor.Agent.PTA
C:\Program Files\Grisoft\AVG7\avgcc.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP3\A0000129.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP3\A0000138.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\WINDOWS\system32\mljif.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe Deleted
Virus identified WIN32/Prepender.C

Every scan I run wether it be spybot or AVG or ad-aware come up with these files

TrackingCookie.2o7 Family TrackingCookie.2o7 Spyware Family
TrackingCookie.Advertising Family TrackingCookie.Advertising Spyware Family
TrackingCookie.Tacoda Family TrackingCookie.Tacoda Spyware Family
TrackingCookie.Ru4 Family TrackingCookie.Ru4 Spyware Family
TrackingCookie.Revsci Family TrackingCookie.Revsci Spyware Family
C:\Documents and Settings\user\Local Settings\Temp\TMP33A0.tmp Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Local Settings\Temp\TMP33A3.tmp Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@2o7[2].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@advertising[2].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@anad.tacoda[1].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@edge.ru4[2].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@revsci[1].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt

I even had it set so every cookie prompted me to accept it or not and told all first and third party NO and these still appeared.
 
hi,

ok thanks for the info. we can continue on.

Copy the entire contents of the Code Box below to Notepad.

Name the file as Log.txt (overwrite the existing one)
Change the Save as Type to: All Files
and Save it on your desktop

Code: 
C:\Program Files\AOL 9.0a\AOL .EXE
C:\Program Files\Common Files\AOL\1137963347\EE\AOLSoftware .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Messenger\msmsgs .exe

drag the Log.txt you just saved right onto the RenV.exe icon
RenV will run:
it will produce another log, post the new RenV log in next reply.
next rerun combofix and post that log as well as a new hjt log please

shelf life
 
RenV log

Code: 
Ran on Mon 01/14/2008 -  8:34:09.24

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0


ComboFix 08-01-13.1 - user 2008-01-14 8:40:04.2 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 10:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 22:54 . 2008-01-13 09:48 <DIR> d-------- C:\VundoFix Backups
2008-01-12 22:00 . 2008-01-12 22:00 3,584 --a------ C:\WINDOWS\system32\mljif.exe
2008-01-12 12:00 . 2008-01-12 12:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-01-12 11:58 . 2008-01-12 11:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 11:57 . 2008-01-12 11:57 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-12 11:56 . 2008-01-12 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:56 . 2008-01-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 09:27 . 2008-01-10 09:38 196,608 -ra------ C:\icei5_12_05use this.QBW.TLG
2008-01-09 16:50 . 2008-01-09 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-06 14:18 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-03 08:37 . 2008-01-07 07:01 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-03 08:27 . 2008-01-03 08:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 12:59 . 2008-01-02 13:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-30 12:13 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-30 12:13 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-30 12:13 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-30 12:13 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-30 12:13 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-30 12:13 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-30 12:13 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-30 12:13 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-30 12:13 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-29 20:49 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1c
2007-12-27 09:53 . 2007-12-28 12:01 <DIR> d-------- C:\Program Files\AOL 9.1b
2007-12-26 09:35 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1a
2007-12-25 09:57 . 2007-12-25 09:57 <DIR> d-------- C:\WINDOWS\aolshare
2007-12-25 09:56 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-24 23:25 . 2008-01-13 10:39 33,205 --a------ C:\logfile
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:59 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-24 22:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:58 . 2007-12-24 22:58 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-24 22:41 . 2007-12-24 23:00 <DIR> d-------- C:\Program Files\Kodak
2007-12-24 22:38 . 2007-12-24 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-24 15:51 . 2007-12-24 15:51 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-12-19 16:07 . 2007-12-19 16:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Snapfish
2007-12-16 21:14 . 2007-12-16 21:14 <DIR> d-------- C:\Program Files\Disney
2007-12-15 15:40 . 2007-12-15 15:40 <DIR> d-------- C:\Program Files\Simple Star

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 13:34 --------- d-----w C:\Program Files\AOL 9.0a
2008-01-11 22:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-01-05 08:01 --------- d-----w C:\Program Files\LimeWire
2007-12-31 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 02:05 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-12-30 01:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-30 01:51 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-30 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 16:37 --------- d-----w C:\Program Files\AOL Games
2007-12-26 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 08:29 --------- d-----w C:\Program Files\QuickTime
2007-12-24 04:54 --------- d-----w C:\Program Files\John Deere American Farmer
2007-12-15 21:05 --------- d-----w C:\Documents and Settings\user\Application Data\Simple Star
2007-12-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star
2007-12-15 20:53 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-12-14 14:14 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-11-30 08:54 --------- d-----w C:\Program Files\iTunes
2007-11-18 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-11-16 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-27 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-07-13 03:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-03-26 00:47 45,240 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_10.45.21.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-26 15:15:10 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:47 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:10 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:47 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:17 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:01 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:10 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:48 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:18 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:02 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:11 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:48 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:18 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:03 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:11 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:49 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:18 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:03 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:19 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:04 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:11 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:50 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:19 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:04 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:12 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:51 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:20 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:05 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:12 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:51 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:20 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:05 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:12 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:52 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:20 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:06 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:21 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:06 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:13 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:52 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:13 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:54 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:21 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:07 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:13 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:54 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:14 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:39:56 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:21 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:40:08 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:15 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:39:57 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:22 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:40:08 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:15 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:57 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:22 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:09 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:16 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:58 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:22 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:09 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:16 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:58 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:23 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:09 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:23 40,960 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2008-01-13 15:40:10 40,960 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2007-03-26 15:15:16 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:59 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:23 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:10 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:17 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:00 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:24 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:11 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:17 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:01 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:24 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:12 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
.
 
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 11:56 219136]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 15:59:44]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-06-05 20:35:54]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-01-20 14:28:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-12 11:57 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspon]
vtuspon.dll

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S3 DCamUSBSTK016;STK016 Camera;C:\WINDOWS\system32\DRIVERS\STK016W2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 03:39:19 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-14 06:37:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 08:45:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 8:46:55
ComboFix-quarantined-files.txt 2008-01-14 13:46:27
ComboFix2.txt 2008-01-13 15:47:17
.
2008-01-14 08:02:26 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:42 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roanoke.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/en_mysteryofsharkisla/online/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152448988654
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/f...itaire-secret-island/SpinTopGamesLauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-delicious-2-deluxe/zylomplayer.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: vtuspon - vtuspon.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10445 bytes
 
hi,

thanks for the info. please refrain from using limewire for now disable it from running at start up.

we will use combofix now.

Click Start > Run and type Notepad and click OK.
Open notepad
Copy/paste the text in the code box below into notepad:

Code: 
File::
C:\WINDOWS\system32\mljif.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspon]
vtuspon.dll

Name the Notepad file CFScript.txt and Save it to your desktop.

locate both the file you just saved and the combofix icon. using your mouse drag the txt file right on top of the combofix icon and release. combofix will run (and may reboot your machine)
and produce a new log. please post the new log and a new hjt log also.

last do a online scan here:

ESET online scanner:

http://www.eset.com/onlinescan/
uses Internet Explorer only

check "YES" to accept terms

click start button

allow the ActiveX component to install

click the start button. the Scanner will update.

Do not check either of : "Remove found threats" and "Scan unwanted applications"

click scan

when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt

please copy/paste that log in next reply. along with the new combofix and the new hjt log.

shelf life
 
Here is the new combofix log. Will post the hijackthis log and results of the scan in next log

ComboFix 08-01-13.1 - user 2008-01-14 18:23:18.3 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\mljif.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mljif.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 10:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 22:54 . 2008-01-13 09:48 <DIR> d-------- C:\VundoFix Backups
2008-01-12 12:00 . 2008-01-12 12:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-01-12 11:58 . 2008-01-12 11:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 11:57 . 2008-01-12 11:57 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-12 11:56 . 2008-01-12 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:56 . 2008-01-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 09:27 . 2008-01-10 09:38 196,608 -ra------ C:\icei5_12_05use this.QBW.TLG
2008-01-09 16:50 . 2008-01-09 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-06 14:18 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-03 08:37 . 2008-01-07 07:01 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-03 08:27 . 2008-01-03 08:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 12:59 . 2008-01-02 13:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-30 12:13 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-30 12:13 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-30 12:13 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-30 12:13 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-30 12:13 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-30 12:13 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-30 12:13 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-30 12:13 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-30 12:13 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-29 20:49 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1c
2007-12-27 09:53 . 2007-12-28 12:01 <DIR> d-------- C:\Program Files\AOL 9.1b
2007-12-26 09:35 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1a
2007-12-25 09:57 . 2007-12-25 09:57 <DIR> d-------- C:\WINDOWS\aolshare
2007-12-25 09:56 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-24 23:25 . 2008-01-14 17:49 34,794 --a------ C:\logfile
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:59 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-24 22:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:58 . 2007-12-24 22:58 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-24 22:41 . 2007-12-24 23:00 <DIR> d-------- C:\Program Files\Kodak
2007-12-24 22:38 . 2007-12-24 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-24 15:51 . 2007-12-24 15:51 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-12-19 16:07 . 2007-12-19 16:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Snapfish
2007-12-16 21:14 . 2007-12-16 21:14 <DIR> d-------- C:\Program Files\Disney
2007-12-15 15:40 . 2007-12-15 15:40 <DIR> d-------- C:\Program Files\Simple Star

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 23:16 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-01-14 13:34 --------- d-----w C:\Program Files\AOL 9.0a
2008-01-05 08:01 --------- d-----w C:\Program Files\LimeWire
2007-12-31 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 02:05 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-12-30 01:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-30 01:51 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-30 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 16:37 --------- d-----w C:\Program Files\AOL Games
2007-12-26 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 08:29 --------- d-----w C:\Program Files\QuickTime
2007-12-24 04:54 --------- d-----w C:\Program Files\John Deere American Farmer
2007-12-15 21:05 --------- d-----w C:\Documents and Settings\user\Application Data\Simple Star
2007-12-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star
2007-12-15 20:53 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-12-14 14:14 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-11-30 08:54 --------- d-----w C:\Program Files\iTunes
2007-11-18 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-11-16 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-27 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-07-13 03:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-03-26 00:47 45,240 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-01-14_ 8.45.47.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:04:59 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 23:23:06 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 15:04:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 23:23:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 15:05:01 5,861,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-14 23:23:06 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 15:05:01 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 23:23:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:05:01 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 23:23:07 5,873,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-13 15:05:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:23:07 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 11:56 219136]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 15:59:44]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-06-05 20:35:54]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-01-20 14:28:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-12 11:57 9216 C:\WINDOWS\system32\avgwlntf.dll

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S3 DCamUSBSTK016;STK016 Camera;C:\WINDOWS\system32\DRIVERS\STK016W2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 03:39:19 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-14 06:37:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 18:33:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 18:34:34
ComboFix-quarantined-files.txt 2008-01-14 23:34:00
ComboFix2.txt 2008-01-14 13:46:55
ComboFix3.txt 2008-01-13 15:47:17
.
2008-01-14 08:02:26 --- E O F ---
 
here is the hjt log and the esetonline scan log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:48 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roanoke.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/en_mysteryofsharkisla/online/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152448988654
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/f...itaire-secret-island/SpinTopGamesLauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_bigcityadventuresa/online/JBGamePlayer.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-delicious-2-deluxe/zylomplayer.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10311 bytes


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2791 (20080114)
# vers_arch_module=1.061 (20080110)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=3137351cdc8f6f4586fd05247c380f69
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-15 02:12:17
# local_time=2008-01-14 09:12:17 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=306215
# found=1
# scan_time=8306
C:\QooBox\Quarantine\C\WINDOWS\system32\mljif.exe.vir Win32/Adware.Virtumonde.CLI application 15E6D8768CD05D6F6160648ACEC29FF0
 
You must log in or register to reply here.
Back
Top