Problems with yahoo_._com.

Bad news...

Hi, I have bad news; I tried to run the F-Secure online scan 5 times and after the download process, an error message appeared every time that says "An error occurred! Please close the scanner and your browser, then try again. (Id: 24)" here is an image of it:

th_fsecureerror.jpg
.

Any idea on what to do next?
 
Lets try this scan Click HERE to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
 
Done...

OK, I ran the Panda's ActiveScan scan overnight and here is the log for it:


Incident Status Location
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Family\Cookies\family@atwola[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Family\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Family\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Possible Virus. Not disinfected C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe


And I also took some screenprint images of the screen before I saved the report and here is the text that they have, if you want me to e-mail you a copy of them let me know.


Spyware:Cookie/Atwola C:\Documents and Settings\Family\Cookies]family@atwola[2].txt Not Disinfected

Potentially unwanted tool:Applcation/NirCmd.A C:\Documents and Settings\Family\Desktop\Combofix.exe[327882R2FWJFW\nircmd.com] Not Disinfected

Potentially unwanted tool:Applcation/NirCmd.A C:\Documents and Settings\Family\Desktop\Combofix.exe[327882R2FWJFW\nircmd.cfexe] Not Disinfected

Possible Virous. C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Not Disinfected

Virus:Trj/Downloader.MDW C:\WINDOWS\Downloaded Program Files\ppcaploader.dll Disinfected

Potentially unwanted tool:Applcation/NirCmd.A C:\WINDOWS\Nircmd.exe Not Disinfected

What's the next step?
Thanks.
 
Well looks Good.

Download the OTMoveIt.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
Press cleanup & it will search for and delete/uninstall all the tools we have used
to fix your problems and all their backup folders and then delete itself when you next reboot.

-----------------------------------------

Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
 
Ok, I just ran...

Ok, I just ran... OTMoveIt. I'm sorry that I have bad news. My comp is doing the same thing. Every time that I try to open the yahoo site and some others (Aol, Netscape, etc.) my comp freezes and I have to manually turn it of and reboot. Before login in here I tried to open the yahoo site and it happen the same thing.
And run the HijackThis program and as you can see the entry that you toll me too delete is there again "O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)" again.

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:36 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\PROGRA~1\AVG7\avgemc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\AOL\1201572665\ee\AOLSoftware.exe
C:\PROGRA~1\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/...|lc:en-us|mt:AOL|snt:ScreenName&seamless=novl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet 0 98\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201572665\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet 0 98\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet 0 98\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet 0 98\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet 0 98\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

--
End of file - 7116 bytes


Waiting for more ideas. Thanks.
 
Download ComboFix from Here or Here to your Desktop.

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
 
I'll do it again...

Ok, I already did that. But I'll do it again. I'll download it and let it run overnight.
And let's see what happens.
Thanks.
 
Here they are... first part.

Here the logs:

Note the log are too long I 'll post them in two parts.


ComboFix 08-02-22.2 - Family 2008-02-23 1:39:49.3 - NTFSx86
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 00:22 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-21 21:49 . 2008-02-22 01:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-21 21:49 . 2008-02-21 21:49 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-21 21:49 . 2008-02-21 21:49 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-21 21:49 . 2008-02-21 21:49 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-16 12:36 . 2008-02-16 12:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-16 12:36 . 2008-02-16 12:36 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Malwarebytes
2008-02-16 12:36 . 2008-02-16 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-14 00:53 . 2008-02-22 15:31 <DIR> d-------- C:\Documents and Settings\Family\Contacts
2008-02-14 00:37 . 2008-02-14 00:37 268 --ah----- C:\sqmdata00.sqm
2008-02-14 00:37 . 2008-02-14 00:37 244 --ah----- C:\sqmnoopt00.sqm
2008-02-14 00:24 . 2008-02-14 00:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-14 00:23 . 2008-02-14 00:24 <DIR> d-------- C:\Program Files\MSN Messenger
2008-02-13 23:55 . 2008-02-13 23:55 <DIR> d-------- C:\Documents and Settings\Family\Application Data\PlayFirst
2008-02-13 23:04 . 2008-02-13 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-02-12 23:19 . 2008-02-12 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm
2008-02-12 22:58 . 2008-02-12 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-09 01:50 . 2008-02-09 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-09 01:49 . 2008-02-09 01:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 23:28 . 2008-02-08 23:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-08 18:52 . 2008-02-08 18:52 <DIR> d-------- C:\Program Files\Windows Live
2008-02-08 18:52 . 2008-02-08 19:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-08 18:51 . 2008-02-08 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-06 02:27 . 2008-02-06 12:55 <DIR> d-------- C:\Documents and Settings\Family\Application Data\LimeWire
2008-02-06 00:49 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 00:46 . 2008-02-06 00:49 <DIR> d-------- C:\Program Files\Java
2008-02-06 00:06 . 2008-02-06 00:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 23:00 . 2008-02-05 23:46 <DIR> d-------- C:\Program Files\LimeWire 4.16.4
2008-02-05 17:35 . 2008-02-22 01:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-05 17:35 . 2008-02-05 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-04 18:41 . 2008-02-04 18:41 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Sonic
2008-02-04 18:09 . 2008-02-04 18:09 <DIR> d-------- C:\Program Files\RecordNow!
2008-02-04 18:05 . 2008-02-04 18:05 <DIR> d-------- C:\Documents and Settings\Family\Application Data\CyberLink
2008-02-04 18:02 . 2008-02-04 18:02 <DIR> d-------- C:\Program Files\CyberLink
2008-02-04 18:02 . 2008-02-04 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-04 18:01 . 2008-02-04 18:02 <DIR> d-------- C:\Program Files\PowerDVD
2008-02-04 17:53 . 2008-02-04 17:53 <DIR> d-------- C:\Program Files\MUSICMATCH Update
2008-02-04 17:53 . 2008-02-04 17:54 28,276 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-02-04 17:51 . 2008-02-07 17:41 <DIR> d-------- C:\Program Files\MUSICMATCH Jukebox
2008-02-04 17:42 . 2008-02-04 17:43 <DIR> d-------- C:\Program Files\MediaFACE
2008-02-04 17:36 . 2008-02-04 17:36 <DIR> d-------- C:\Documents and Settings\Family\Application Data\DivX
2008-02-04 17:25 . 1999-04-23 21:22 26,768 --a------ C:\WINDOWS\system\ctl3d.dll
2008-02-04 17:22 . 2008-02-04 17:25 <DIR> d-------- C:\WINDOWS\MVUNINST
2008-02-04 17:22 . 2008-02-04 17:22 <DIR> d-------- C:\Program Files\Printscape
2008-02-04 16:57 . 2008-02-04 16:57 <DIR> d-------- C:\Program Files\DivX
2008-02-04 16:21 . 2008-02-04 16:22 <DIR> d-------- C:\Program Files\DivX 4 Windows
2008-02-04 16:21 . 2007-12-04 11:38 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-04 16:21 . 2007-12-04 11:38 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-02-04 16:14 . 2008-02-04 16:14 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Apple Computer
2008-02-04 16:13 . 2008-02-04 16:13 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-02-04 16:13 . 2008-02-04 16:13 <DIR> d-------- C:\Program Files\QuickTime
2008-02-04 16:13 . 2008-02-04 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-04 16:13 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-02-04 16:12 . 2008-02-04 16:12 <DIR> d-------- C:\Program Files\iTunes
2008-02-04 16:12 . 2008-02-04 16:12 <DIR> d-------- C:\Program Files\iPod
2008-02-04 16:12 . 2008-02-04 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-04 16:11 . 2008-02-04 16:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-04 16:09 . 2008-02-04 16:10 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Vso
2008-02-04 15:38 . 2008-02-04 15:41 <DIR> d-------- C:\Program Files\Winamp 5 52
2008-02-04 15:38 . 2008-02-04 15:49 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Winamp 5 52
2008-02-04 15:31 . 2008-02-04 15:36 <DIR> d-------- C:\Program Files\RipIt 4 Me
2008-02-04 15:31 . 2008-02-04 15:33 <DIR> d-------- C:\Documents and Settings\Family\Application Data\RipIt4Me
2008-02-04 15:27 . 2008-02-22 00:53 <DIR> d-------- C:\Program Files\FLV Downloader
2008-02-04 15:27 . 2008-02-04 15:27 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Moyea
2008-02-04 14:51 . 2008-02-04 15:32 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-02-04 14:50 . 2008-02-04 14:50 <DIR> d-------- C:\Program Files\DVDFab FreeDVD
2008-02-04 14:49 . 2008-02-04 14:49 <DIR> d-------- C:\Program Files\FixVTS
2008-02-04 14:45 . 2008-02-04 14:45 <DIR> d-------- C:\Program Files\DVD Shrink
2008-02-04 14:45 . 2008-02-07 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\CCleaner 2 03
2008-02-04 14:07 . 2008-02-04 14:41 <DIR> d-------- C:\Downloads
2008-02-04 14:07 . 2008-02-04 14:07 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-02-04 14:06 . 2008-02-04 14:41 <DIR> d-------- C:\Program Files\BitComet 0 98
2008-02-04 14:01 . 2008-02-04 14:01 <DIR> d-------- C:\Program Files\Belarc
2008-02-04 14:01 . 2005-04-07 16:18 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-02-04 13:54 . 2008-02-04 13:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-04 13:54 . 2008-02-04 13:54 <DIR> d-------- C:\Program Files\Adobe Reader 8.0
2008-01-30 17:09 . 2008-01-30 17:09 <DIR> d-------- C:\Documents and Settings\Family\Application Data\COWON
2008-01-30 17:07 . 2008-01-30 17:07 <DIR> d-------- C:\Program Files\Common Files\COWON
2008-01-30 17:06 . 2008-02-04 18:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-01-30 17:05 . 2008-02-04 08:18 <DIR> d-------- C:\Program Files\Jet Audio
2008-01-30 17:03 . 2008-02-04 17:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-30 07:36 . 2008-01-30 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 15:22 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-29 13:08 . 2008-01-29 13:08 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-01-28 23:50 . 2008-02-04 07:47 <DIR> d-------- C:\Documents and Settings\Family\Application Data\FaxCtr
2008-01-28 23:46 . 2008-02-22 19:17 <DIR> d-------- C:\Program Files\lx_cats
2008-01-28 23:45 . 2007-02-22 15:31 344,064 --a------ C:\WINDOWS\system32\lxcycoin.dll
2008-01-28 23:45 . 2006-03-23 01:33 40,960 --a------ C:\WINDOWS\system32\lxcyvs.dll
2008-01-28 23:44 . 2006-08-08 12:58 692,224 --a------ C:\WINDOWS\system32\lxcydrs.dll
2008-01-28 23:44 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-28 23:44 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-28 23:44 . 2006-08-14 14:07 65,536 --a------ C:\WINDOWS\system32\lxcycaps.dll
2008-01-28 23:44 . 2006-01-25 15:11 61,440 --a------ C:\WINDOWS\system32\lxcycnv4.dll
2008-01-28 23:44 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-28 23:44 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-28 23:43 . 2006-04-28 02:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-28 23:43 . 2006-04-28 02:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-28 23:43 . 2006-04-28 02:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-28 23:43 . 2006-04-28 02:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 23:59 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 18:38 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-04 18:38 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-04 18:38 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 18:36 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 18:36 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-04 18:36 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 18:36 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-04 18:36 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-04 18:36 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-04 18:35 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 18:35 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

------- Sigcheck -------

"C:\WINDOWS\system32\svchost.exe"
----a-w 14,336 2006-02-28 12:00:00 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\svchost.exe

"C:\WINDOWS\system32\ws2_32.dll"
----a-w 82,944 2006-02-28 12:00:00 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ws2_32.dll

"C:\WINDOWS\system32\wininet.dll"
----a-w 656,384 2006-02-28 12:00:00 C:\WINDOWS\system32\wininet.dll
-c--a-w 656,384 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wininet.dll

"C:\WINDOWS\system32\drivers\tcpip.sys"
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,040 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
-c--a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys

"C:\WINDOWS\system32\winlogon.exe"
----a-w 502,272 2006-02-28 12:00:00 C:\WINDOWS\system32\winlogon.exe
-c--a-w 502,272 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\winlogon.exe

"C:\WINDOWS\system32\drivers\ndis.sys"
-c--a-w 182,912 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2006-02-28 12:00:00 C:\WINDOWS\system32\drivers\ndis.sys

"C:\WINDOWS\system32\drivers\ip6fw.sys"
-c--a-w 29,056 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2006-02-28 12:00:00 C:\WINDOWS\system32\drivers\ip6fw.sys

"C:\WINDOWS\system32\ntkrnlpa.exe"
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,056,832 2006-02-28 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp2gdr\ntkrnlpa.exe
----a-w 2,056,832 2004-08-04 05:59:00 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp2qfe\ntkrnlpa.exe
----a-w 2,056,832 2006-02-28 12:00:00 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

"C:\WINDOWS\system32\ntoskrnl.exe"
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,180,992 2006-02-28 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp2gdr\ntoskrnl.exe
----a-w 2,180,992 2004-08-04 06:20:00 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\sp2qfe\ntoskrnl.exe
----a-w 2,180,992 2006-02-28 12:00:00 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

"C:\WINDOWS\explorer.exe"
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,192 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-17 23:48 50736]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1201572665\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"AVG7_CC"="C:\PROGRA~1\AVG7\avgcc.exe" [2008-01-28 21:05 579072]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 10:27 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\AVG7\avgw.exe" [2008-01-28 21:05 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2007-06-25 07:34 82608 C:\Program Files\Lexmark 3400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2007-06-25 07:35 295600 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
--a------ 2007-06-25 07:34 291504 C:\Program Files\Lexmark 3400 Series\lxcymon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

R2 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2007-06-20 03:28]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2006-02-28 05:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2006-02-28 05:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2006-02-28 05:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2006-02-28 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 01:43:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-02-23 1:46:27
.
2008-01-31 02:47:13 --- E O F ---
 
Here they are... second part.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:45 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\PROGRA~1\AVG7\avgemc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1201572665\ee\AOLSoftware.exe
C:\PROGRA~1\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/...|lc:en-us|mt:AOL|snt:ScreenName&seamless=novl
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet 0 98\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201572665\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet 0 98\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet 0 98\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet 0 98\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet 0 98\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1431BA40-1483-4AB1-9EA8-790E9133ADE8}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1431BA40-1483-4AB1-9EA8-790E9133ADE8}: NameServer = 205.188.146.145
O17 - HKLM\System\CS2\Services\Tcpip\..\{1431BA40-1483-4AB1-9EA8-790E9133ADE8}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG7\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

--
End of file - 7622 bytes
 
Sorry for the delay
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) is part of Windows Live Call HoverToCall.

We will need to disable TeaTimer of let teatimer allow the change
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

After doing this fix O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
with hijackthis.
 
If it doesn't remove it we may need to remove spybot then delete it. But it is not spyware just a reg key that you do not need.
 
It's gone...

It's gone, but the last time it was gone too. And after some days (2 or 3) it reappeared again.
What should I do now.
Thanks.
 
Download the OTMoveIt.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
Press cleanup & it will search for and delete/uninstall all the tools we have used
to fix your problems and all their backup folders and then delete itself when you next reboot.

Let me know if you have anymore trouble.
 
You must log in or register to reply here.
Back
Top