Smitfraud-C.Toolbar888 & tons of other problems

R

ram7704

New member
After reading some of the information provided in others problems, I have completed a few of the following:

Hijack This Report:
Logfile of HijackThis v1.99.1
Scan saved at 8:10:46 PM, on 07/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {3D9FFB19-932E-488A-91C8-796F0AEC1D58} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7996186E-46A0-4BF8-B85A-CD7274A08E5f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84C39C6B-199E-483C-BDBC-B2A7E88D5605} - (no file)
O2 - BHO: (no name) - {B1AE7512-A7AB-4E7B-B65B-E0CE1E4BE2D7} - C:\WINDOWS\system32\awvvs.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AutoTBar] em32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ebuabjqa.dll",realset
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103w.bay103.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132362226328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177058755218
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

VundoFix Report:
VundoFix V6.3.21

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 6:00:12 PM 07/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\aiqcwghp.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\ccyryowq.dll
C:\WINDOWS\system32\evtigatb.dll
C:\WINDOWS\system32\gycpuhsw.dll
C:\WINDOWS\system32\hgueskpg.dll
C:\WINDOWS\system32\hngxhooy.dll
C:\WINDOWS\system32\hrmdhrno.dll
C:\WINDOWS\system32\hutvjdbe.dll
C:\WINDOWS\system32\ikvbhbbg.dll
C:\WINDOWS\system32\jeuxwoyh.dll
C:\WINDOWS\system32\jgkqjeab.dll
C:\WINDOWS\system32\jsoephwx.dll
C:\WINDOWS\system32\kcnhkdsh.dll
C:\WINDOWS\system32\kpvpfrfm.dll
C:\WINDOWS\system32\lcsntgyo.dll
C:\WINDOWS\system32\lqceyexj.dll
C:\WINDOWS\system32\luduofpr.dll
C:\WINDOWS\system32\lxffqkqc.dll
C:\WINDOWS\system32\nnnmljk.dll
C:\WINDOWS\system32\oawyfiac.dll
C:\WINDOWS\system32\ocqnaxcp.dll
C:\WINDOWS\system32\ocwghrdh.dll
C:\WINDOWS\system32\qlsmvxoq.dll
C:\WINDOWS\system32\qttldagr.dll
C:\WINDOWS\system32\rdckwftf.dll
C:\WINDOWS\system32\rlijujeq.dll
C:\WINDOWS\system32\rorqvyrm.dll
C:\WINDOWS\system32\rxtqxhno.dll
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\svvwa.tmp
C:\WINDOWS\system32\uwewpmnq.dll
C:\WINDOWS\system32\uwsipfoq.dll
C:\WINDOWS\system32\yjrewpou.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aiqcwghp.dll
C:\WINDOWS\system32\aiqcwghp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccyryowq.dll
C:\WINDOWS\system32\ccyryowq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\evtigatb.dll
C:\WINDOWS\system32\evtigatb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gycpuhsw.dll
C:\WINDOWS\system32\gycpuhsw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgueskpg.dll
C:\WINDOWS\system32\hgueskpg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hngxhooy.dll
C:\WINDOWS\system32\hngxhooy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hrmdhrno.dll
C:\WINDOWS\system32\hrmdhrno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hutvjdbe.dll
C:\WINDOWS\system32\hutvjdbe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikvbhbbg.dll
C:\WINDOWS\system32\ikvbhbbg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jeuxwoyh.dll
C:\WINDOWS\system32\jeuxwoyh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jgkqjeab.dll
C:\WINDOWS\system32\jgkqjeab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jsoephwx.dll
C:\WINDOWS\system32\jsoephwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kcnhkdsh.dll
C:\WINDOWS\system32\kcnhkdsh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kpvpfrfm.dll
C:\WINDOWS\system32\kpvpfrfm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lcsntgyo.dll
C:\WINDOWS\system32\lcsntgyo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqceyexj.dll
C:\WINDOWS\system32\lqceyexj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\luduofpr.dll
C:\WINDOWS\system32\luduofpr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lxffqkqc.dll
C:\WINDOWS\system32\lxffqkqc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmljk.dll
C:\WINDOWS\system32\nnnmljk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oawyfiac.dll
C:\WINDOWS\system32\oawyfiac.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocqnaxcp.dll
C:\WINDOWS\system32\ocqnaxcp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocwghrdh.dll
C:\WINDOWS\system32\ocwghrdh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qlsmvxoq.dll
C:\WINDOWS\system32\qlsmvxoq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttldagr.dll
C:\WINDOWS\system32\qttldagr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rdckwftf.dll
C:\WINDOWS\system32\rdckwftf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rlijujeq.dll
C:\WINDOWS\system32\rlijujeq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rorqvyrm.dll
C:\WINDOWS\system32\rorqvyrm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rxtqxhno.dll
C:\WINDOWS\system32\rxtqxhno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\svvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.tmp
C:\WINDOWS\system32\svvwa.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwewpmnq.dll
C:\WINDOWS\system32\uwewpmnq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uwsipfoq.dll
C:\WINDOWS\system32\uwsipfoq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yjrewpou.dll
C:\WINDOWS\system32\yjrewpou.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 8:13:54 PM 07/05/2007

Listing files found while scanning....

No infected files were found.
 
Kaspersky Report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 07, 2007 8:02:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 8/05/2007
Kaspersky Anti-Virus database records: 315218
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 98651
Number of viruses found: 20
Number of infected objects: 129
Number of suspicious objects: 0
Duration of the scan process: 01:23:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007050720070508\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\InstallShield Installation Information\{19234D4B-AA7A-4165-8ECB-0247B420C515}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{26BDE7D8-93F0-4A07-AD47-1707DB417941}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{DE286975-ACF1-45B8-9EF7-34E162B2C817}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}\Setup.ilg Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc37.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc38.sav Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc39.DUS Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc40.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc41.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc42.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1003\Dc43.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1008\Dc12.exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\RECYCLER\S-1-5-21-1355472538-2792187077-1989954115-1003\Dc1.exe Infected: not-a-virus:Porn-Dialer.Win32.AsianRaw.bc skipped
C:\RECYCLER\S-1-5-21-2109563836-3697440518-998460145-1003\Dc218\ErrorSafeFreeInstallW[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RECYCLER\S-1-5-21-2109563836-3697440518-998460145-1003\Dc219\ErrorSafeFreeInstallW[1].cab/UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RECYCLER\S-1-5-21-2109563836-3697440518-998460145-1003\Dc219\ErrorSafeFreeInstallW[1].cab CAB: infected - 1 skipped
C:\RECYCLER\S-1-5-21-2109563836-3697440518-998460145-1003\Dc221\PCTurboProInstallerFree[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.w skipped
C:\RECYCLER\S-1-5-21-2109563836-3697440518-998460145-1003\Dc266.dll Infected: Packed.Win32.Klone.j skipped
C:\RECYCLER\S-1-5-21-2109563836-3697440518-998460145-1003\Dc267.dll Infected: Packed.Win32.Klone.j skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc387.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc388.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc389.bmp Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc390.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc391.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc392.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc393.PSF Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc394.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc395.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc396.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc426.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc427.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc428.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc429.bmp Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc430.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc431.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc432.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc433.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc434.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc435.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc436.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc437.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc438.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc439.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc440.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc441.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-2382219286-3372686796-1432744361-1003\Dc442.lnk Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc62.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc63.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc64.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc65.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc66.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc67.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc68.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc69.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc70.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc71.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc72.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc73.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc74.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc75.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc76.reg Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc77.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-668290192-613363583-4092584357-1003\Dc86.asd Object is locked skipped
 
Kaspersky Report (continued)

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP392\A0069655.dll Infected: not-a-virus:AdWare.Win32.Mirar.f skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP392\A0069695.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP396\A0069741.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP422\A0075903.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP427\A0076188.exe Infected: not-virus:Hoax.Win32.Renos.he skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP429\A0077296.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP430\A0077539.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP430\A0077576.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP430\A0077577.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP430\A0077578.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP431\A0077662.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP431\A0077664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP431\A0077668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP438\A0078095.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078187.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078188.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078262.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078264.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078265.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078266.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078267.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078268.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP443\A0078488.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP443\A0078492.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP443\A0078493.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP443\A0078494.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP445\A0078898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP445\A0078912.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP446\A0079530.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079542.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079547.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079548.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079549.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079550.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079551.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079552.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079553.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079554.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079555.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079556.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079557.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079558.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079572.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP448\A0079599.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP448\A0079600.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP449\A0079664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP449\A0079665.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP449\A0079666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP449\A0079670.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP449\A0079672.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP449\A0079677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079717.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079719.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079720.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079722.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079723.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079724.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079725.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079726.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079727.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079728.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079729.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079730.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079731.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079733.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079734.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079735.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079738.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079739.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079740.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079741.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079742.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079743.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079745.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079746.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079747.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\change.log Object is locked skipped
C:\VundoFix Backups\aiqcwghp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\awvvs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\ccyryowq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\evtigatb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\gycpuhsw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\hgueskpg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\hngxhooy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\hrmdhrno.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\hutvjdbe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\ikvbhbbg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\jeuxwoyh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\jgkqjeab.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\jsoephwx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\kcnhkdsh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\kpvpfrfm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\lcsntgyo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\lqceyexj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\luduofpr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\lxffqkqc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\oawyfiac.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\ocqnaxcp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\ocwghrdh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\qlsmvxoq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\qttldagr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\rdckwftf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\rlijujeq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\rorqvyrm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\rxtqxhno.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\uwewpmnq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\uwsipfoq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\yjrewpou.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA5P_0001_FNI531024NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.h skipped
C:\WINDOWS\Downloaded Program Files\UWA5PNetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\Downloaded Program Files\UWA5P_0001_FNI531024NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.h skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dpvkjkll.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\fwfjumwj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\gsceeihj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\icoedpdw.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\oselcxii.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Help with this is greatly appreciated
 
Hello ram7704 and welcome to the Forums :)

Sorry for the delay...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

:bigthumb:
 
ComboFix Report

Hi Mr. Jak.

Thank you for replying. Here is the report.

"Owner" - 2007-05-13 18:37:02 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dpvkjkll.dll
C:\WINDOWS\system32\ebuabjqa.dll
C:\WINDOWS\system32\fwfjumwj.dll
C:\WINDOWS\system32\gsceeihj.dll
C:\WINDOWS\system32\icoedpdw.dll
C:\WINDOWS\system32\jeavhrlb.dll
C:\WINDOWS\system32\oselcxii.dll
C:\WINDOWS\system32\wqygrtpy.dll
C:\WINDOWS\system32\yesavidw.dll
C:\WINDOWS\system32\aqjbaube.ini
C:\WINDOWS\system32\aqjbaube.ini2
C:\WINDOWS\system32\aqjbaube.tmp
C:\WINDOWS\system32\blrhvaej.ini
C:\WINDOWS\system32\yptrgyqw.ini
C:\WINDOWS\system32\wdivasey.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1\Install.dat
C:\Program Files\p2pnetworks\AlConfig.xml
C:\Program Files\p2pnetworks\alp2plib.log
C:\Program Files\p2pnetworks\alp2plib.log.bak
C:\Program Files\p2pnetworks\install.log
C:\Program Files\p2pnetworks\mpp2pl.exe
C:\Program Files\p2pnetworks\sp2p.cache
C:\Program Files\p2pnetworks\uninst.exe
C:\Program Files\p2pnetworks
C:\Program Files\Common Files\{F8806~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-13 ))))))))))))))))))))))))))))))))))


2007-05-13 18:40 2,053,181 ---hs---- C:\WINDOWS\system32\aqjbaube.ini2
2007-05-12 14:40 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.000\NTUSER.DAT
2007-05-12 14:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\WINDOWS
2007-05-12 14:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Symantec
2007-05-12 14:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\SampleView
2007-05-12 14:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Real
2007-05-08 20:09 3,191,432 --a------ C:\runalyz.exe
2007-05-08 20:09 <DIR> d-------- C:\Program Files\Safer Networking
2007-05-08 18:35 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 21:27 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.YOU\NTUSER.DAT
2007-05-07 21:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1.YOU\APPLIC~1\Real
2007-05-07 20:08 <DIR> d-------- C:\HJT
2007-05-07 18:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-07 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-07 18:00 <DIR> d-------- C:\VundoFix Backups
2007-05-07 10:08 5,505,024 --a------ C:\DOCUME~1\THEGIR~1\ntuser.dat
2007-05-07 03:22 1,462,558 ---hs---- C:\WINDOWS\system32\lcveefct.ini2
2007-05-07 02:30 5,037,072 --a------ C:\spybotsd14.exe
2007-05-07 02:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-03 05:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-04-29 07:31 7,602,176 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-04-28 10:36 <DIR> d-------- C:\DOCUME~1\THEGIR~1\APPLIC~1\SampleView
2007-04-21 15:35 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-20 05:17 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-20 00:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-04-19 03:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SampleView
2007-04-18 13:45 <DIR> d-------- C:\DOCUME~1\THEGIR~1\APPLIC~1\AdobeUM
2007-04-14 23:49 <DIR> d--hs---- C:\WINDOWS\IA


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-18 00:24:12 -------- d-----w C:\Program Files\Lavasoft
2007-04-17 11:22:47 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-06 00:38:19 -------- d-----w C:\Program Files\Yahoo!
2007-04-02 07:05:58 -------- d-----w C:\Program Files\illiminable
2007-04-02 05:02:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-17 16:32:56 -------- d-----w C:\Program Files\Shockwave.com
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-01 09:33:15 374 ----a-w C:\DOCUME~1\Owner\APPLIC~1\internaldb6334.dat
2007-03-01 09:16:49 18,432 ----a-w C:\DOCUME~1\Owner\APPLIC~1\internaldb41.dat
2007-03-01 09:16:45 538 ----a-w C:\DOCUME~1\Owner\APPLIC~1\internaldb8467.dat
2007-03-01 08:57:05 32 ----a-w C:\WINDOWS\system32\winrui.dll
2007-02-28 21:32:06 69,698 ----a-w C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 04:43]
{89AD2930-A9D1-47B9-88F5-7BECF7578E4C}=C:\WINDOWS\system32\awvvs.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"AutoTBar"="em32\\Wbem;c:\\Python22;C:\\Program Files\\PC-Doctor for Windows\\servicesAUTOTBAR.EXE"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"UpdateManager"="\"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"VX3000"="C:\\WINDOWS\\vVX3000.exe"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 05:15]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-13 22:43]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe])
"AGRSMMSG"="AGRSMMSG.exe" [])
"AutoTBar"="em32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 18:04]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 18:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43]
"AlcxMonitor"="ALCXMNTR.EXE" [])

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"RecordNow!"="" [])
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 16:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070508-000023-969
O4 - HKCU\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\tcfeevcl.dll",setvm
backup-20070507-235913-459
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\awvvs.dll,CreateProtectProc
backup-20070507-221603-796
O2 - BHO: (no name) - {B1AE7512-A7AB-4E7B-B65B-E0CE1E4BE2D7} - C:\WINDOWS\system32\awvvs.dll (file missing)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-13 18:41:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-13 18:41:39
C:\ComboFix-quarantined-files.txt ... 2007-05-13 18:41
 
Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==================

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {3D9FFB19-932E-488A-91C8-796F0AEC1D58} - (no file)
O2 - BHO: (no name) - {7996186E-46A0-4BF8-B85A-CD7274A08E5f} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84C39C6B-199E-483C-BDBC-B2A7E88D5605} - (no file)
O2 - BHO: (no name) - {B1AE7512-A7AB-4E7B-B65B-E0CE1E4BE2D7} - C:\WINDOWS\system32\awvvs.dll (file missing)
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ebuabjqa.dll",realset

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\aqjbaube.ini2
C:\WINDOWS\system32\lcveefct.ini2

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon
    foldericon.png
    and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
 
Fresh Hijack This & AVG Report

Hello again Mr. Jak,

Sorry if I don't respond very quick, but I work all day. Here are the reports:

Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 8:41:45 PM, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AutoTBar] em32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103w.bay103.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132362226328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177058755218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:35:35 PM 14/05/2007

+ Scan result:



C:\QooBox\Quarantine\C\WINDOWS\system32\dpvkjkll.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\fwfjumwj.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\gsceeihj.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\icoedpdw.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\oselcxii.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP438\A0078095.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP452\A0079946.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP452\A0079947.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP457\A0080225.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP457\A0080227.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP457\A0080228.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP457\A0080229.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP457\A0080231.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP446\A0079531.exe -> Adware.IWantSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078187.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP443\A0078494.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP446\A0079530.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP392\A0069655.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP392\A0069695.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP439\A0078188.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP443\A0078492.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP447\A0079547.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1156901620-1524690348-4111518195-1008\Dc12.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP450\A0079736.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP452\A0079926.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1355472538-2792187077-1989954115-1003\Dc1.exe -> Dialer.AsianRaw.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP422\A0075903.exe -> Downloader.Adload.jm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP396\A0069735.exe -> Downloader.Agent.bkw : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA5PNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.e : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA5P_0001_FNI531024NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.h : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA5P_0001_FNI531024NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP452\A0079953.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP427\A0076188.exe -> Not-A-Virus.Hoax.Win32.Renos.he : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP396\A0069741.dll -> Trojan.Agent : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\p2pnetworks\mpp2pl.exe.vir -> Trojan.MediaPipe.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP457\A0080223.exe -> Trojan.MediaPipe.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP421\A0075731.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP428\A0076244.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP428\A0076247.vbs -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

**I thought I should let you know that when I log onto "The Girls" account 3 boxes pop-up
1. Error loading C:\WINDOWS\system32\awvvs.dll
2. " " " " " " " " " " \ebuabjqa.dll
3. " " " " " " " " " " \tcfeevcl.dll
All underneath say "The specified module could not be found"
 
Hi :)

OK could you post a HijackThis log taken on "The Girls" account then :bigthumb:
 
Hijack This report on "The Girls" account

Good morning Mr. Jak,

Here is the report you requested:

Logfile of HijackThis v1.99.1
Scan saved at 5:19:01 AM, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AutoTBar] em32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\awvvs.dll,CreateProtectProc
O4 - HKCU\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\tcfeevcl.dll",setvm
O4 - HKCU\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ebuabjqa.dll",realset
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103w.bay103.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132362226328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177058755218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 
Hello :)

Some leftovers...

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:

DriveCleaner Free

and any other programs you didn't install or don't recognize - if your not sure please ask first

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKCU\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\awvvs.dll,CreateProtectProc
O4 - HKCU\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\tcfeevcl.dll",setvm
O4 - HKCU\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ebuabjqa.dll",realset

Delete this folder if found:
C:\Program Files\Common Files\DriveCleaner Free

Reboot the computer.

When you're ready, please post the following logs to here:
- a fresh HijackThis log
 
Hijack This report from "The Girls" Account

Hello again Mr. Jak,

Here is the report from "The Girls" Account. Please note, the pop-ups are no longer coming up when I log on. :bigthumb: Also, in the Add/Remove programs, there is no sign of DriveCleaner Free.

Logfile of HijackThis v1.99.1
Scan saved at 9:22:50 AM, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AutoTBar] em32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\servicesAUTOTBAR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103w.bay103.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132362226328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177058755218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 
Hi again, it is looking clean now :)

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:
You don't have an antivirus on your computer, you must install one antivirus. Otherwise you'll get infected again.

These are good (free) antiviruses:
Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used.

Then you should update your Java to the latest version (6u1)
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Javas, beginning with J2SE Runtime Environment or similar
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Stay clean and be safe ;)
 
Some questions before you leave

Hello Mr. Jak,

First of all, I want to thank you for your help. What you and others are doing on this site is great!!! :bigthumb: to all of you!!!!

I have some questions, if you don't mind answering:

1. I believe I have a firewall. It's an Alpha Shield firewall that connects in between my internet connection and my computer. Is this good enough or should I still download another that you have suggested?

2. I see you suggested using Firefox. I've tried downloading this, but MSN Messenger doesn't seem to be compatible with it. Well when I intially tried. Do you know if there are setting to make it compatible? i.e. when you click on your mail icon from MSN Messenger, Firefox will not bring up your mail the way Internet Explorer does.

3. What is QooBox? Do I need this folder?

4. Also a folder that is named "bintheredunthat." I don't ever recall having a folder named this.

5. Do I need to scan my account and "The Girls" account separate when I run all the scans?

6. With "The Girls" account set to a "Limited Account," does this in any way help my computer?

Thanks again for your help Mr. Jak. I am so grateful. You're great at what you do here.

Roberta
 
Some questions before you leave

Hello Mr. Jak,

First of all, I want to thank you for your help. What you and others are doing on this site is great!!! :bigthumb: to all of you!!!!

I have some questions, if you don't mind answering:

1. I believe I have a firewall. It's an Alpha Shield firewall that connects in between my internet connection and my computer. Is this good enough or should I still download another that you have suggested?

2. I see you suggested using Firefox. I've tried downloading this, but MSN Messenger doesn't seem to be compatible with it. Well when I intially tried. Do you know if there are setting to make it compatible? i.e. when you click on your mail icon from MSN Messenger, Firefox will not bring up your mail the way Internet Explorer does.

3. What is QooBox? Do I need this folder?

4. Also a folder that is named "bintheredunthat." I don't ever recall having a folder named this.

5. Do I need to scan my account and "The Girls" account separate when I run all the scans?

6. With "The Girls" account set to a "Limited Account," does this in any way help my computer?

7. I almost forgot...What is SunJava? Is it part of Java?

Thanks again for your help Mr. Jak. I am so grateful. You're great at what you do here.

Roberta
 
Hello :)

1. Ok an external firewall is a good thing. It propably doesn't monitor which applications connect to the Internet from your computer. This is why it would be good to install a software firewall - protection for inbound threats.

2. Well you can have both browsers, IE and FireFox installed. You can still use IE for checking emails (in this case you may leave IE as your default browser).

3. QooBox is a backup folder created by one of the tools. You may delete it.

4. Also bintheredunthat is a backup folder created by one of the tools. You may delete it.

5. No if your account is an administrator account.

6. If you use this "The Girls" noramlly, it should smaller the risk of some infections/consequenses

7. It is an application. Eg some website features may require it. See more info here

:bigthumb:
 
Thank you

Ok, I will install a firewall.

Your answers are very thorough.

Thanks again for all the help you have given!!!!!!!! :greeting:

Roberta
 
That's great news and you're very welcome :D:

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:
 
You must log in or register to reply here.
Back
Top