Smitfraud problem??

C

catniproses

New member
I got rid of most of the extentions of it,but that main smitfraud won't go away.It says it's locked and I have to release the handles. I have no clue how to do that.
Here are my scans,I hope you can help me.............................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:54 PM Catnip, on 5/6/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\System32\cmd.exe
C:\Documents and Settings\Roses\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.0.1.7/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/applet/addiction/addiction-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.5.27/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.6.21/applet/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/canasta/canasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.7.44/applet/domino2/domino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/9.0.1.9/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.5.27/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/applet/safari/safari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/v/8.1.5.27/applet/slots/showbiz-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.4.1/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.5.27/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.4.1/applet/turbo22/turbo22-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179611103864
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179611371377
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://66.229.225.221/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12037 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 07, 2008 10:00:05 AM Catnip
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 743221
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 67334
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 11:18:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roses\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-6-2008( 15-23-3 ).LOG Object is locked skipped
C:\Documents and Settings\Roses\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Temp\bbassistant.log Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Temp\fla79.tmp Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Temp\Perflib_Perfdata_248.dat Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Temp\~DFE4C1.tmp Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Temporary Internet Files\Content.IE5\8XYZ01QF\Download_mbam-setup[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Roses\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roses\Local Settings\Temporary Internet Files\Content.IE5\OPI3SD2V\xia[1].exe Infected: Trojan-Downloader.Win32.VB.ees skipped
C:\Documents and Settings\Roses\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Roses\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SBExtHost.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Roses.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Roses.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Roses.log Object is locked skipped
C:\System Volume Information\_restore{14C3D905-0F63-4230-82AC-DF1A9BBE2461}\RP404\A0085265.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{14C3D905-0F63-4230-82AC-DF1A9BBE2461}\RP404\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SLEvtLog.evt Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\avg7coree.sys Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

:spider:
 
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 
ComboFix 08-05-01.3 - Roses 2008-05-07 14:34:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.89 [GMT -4:00]
Running from: C:\Documents and Settings\Roses\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roses\Desktop\WinXP_EN_PRO_BF.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\avg7coree.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\noqru.ini
C:\WINDOWS\system32\noqru.ini2
C:\WINDOWS\system32\oriieke.ini
C:\WINDOWS\system32\TEhilnmp.ini
C:\WINDOWS\system32\TEhilnmp.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG7COREE
-------\Service_avg7coree


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-07 14:51 . 2,560 C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-05-05 14:35 . 2008-05-05 14:35 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-05 14:35 . 2008-05-05 14:35 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Sunbelt Software
2008-05-05 12:43 . 2008-05-05 12:43 <DIR> d----c--- C:\Program Files\Sunbelt Software
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d----c--- C:\Program Files\Enigma Software Group
2008-05-05 12:12 . 2008-05-05 12:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-05 12:10 . 2008-05-05 18:17 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-05-05 12:10 . 2008-05-05 12:10 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\SUPERAntiSpyware.com
2008-05-05 12:09 . 2008-05-05 12:09 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 11:32 . 2008-05-05 11:32 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Uniblue
2008-05-03 20:59 . 2008-05-03 20:59 24,064 --a--c--- C:\gyy908.exe
2008-05-03 20:59 . 2008-05-03 20:59 14,848 --a--c--- C:\7ergzo.exe
2008-05-01 21:09 . 2008-05-01 21:43 2,312 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-01 19:19 . 2008-05-01 19:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 19:19 . 2008-05-01 19:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-30 22:51 . 2008-04-30 22:51 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Avant Profiles
2008-04-30 22:38 . 2008-04-30 22:40 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Move Networks
2008-04-30 21:24 . 2008-04-30 21:24 <DIR> d----c--- C:\Program Files\Alwil Software
2008-04-30 21:21 . 2008-04-30 21:21 <DIR> d----c--- C:\Program Files\Avant Browser
2008-04-30 21:06 . 2008-04-30 21:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-27 17:05 . 2008-05-06 17:36 20,480 --a------ C:\WINDOWS\quit.exe
2008-04-26 13:36 . 2008-04-26 13:37 <DIR> d----c--- C:\Program Files\SlimBrowser
2008-04-26 01:47 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-26 01:47 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-26 01:47 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-26 01:47 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-26 01:46 . 2008-05-07 09:18 <DIR> d----c--- C:\Program Files\Spyware Doctor
2008-04-26 01:46 . 2008-04-26 01:46 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\PC Tools
2008-04-25 23:35 . 2008-05-02 10:59 <DIR> d----c--- C:\Program Files\SpywareBlaster
2008-04-24 20:27 . 2008-04-24 20:27 <DIR> d----c--- C:\Program Files\Scholastic
2008-04-20 11:19 . 2008-04-20 11:19 294 --ahs---- C:\WINDOWS\system32\osneyqfa.ini
2008-04-19 13:31 . 2008-04-27 16:47 <DIR> d----c--- C:\Program Files\Common Files\Symantec Shared
2008-04-19 13:07 . 2008-04-26 14:55 <DIR> d----c--- C:\Program Files\Norton Security Scan
2008-04-19 13:03 . 2008-05-07 13:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-19 11:29 . 2008-04-19 11:29 294 --ahs---- C:\WINDOWS\system32\scymdwvh.ini
2008-04-19 02:32 . 2008-04-19 02:32 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Motive
2008-04-19 02:30 . 2005-03-11 11:48 939,224 -ra------ C:\WINDOWS\system32\Flash.ocx
2008-04-18 23:59 . 2008-04-19 00:00 354 --ahs---- C:\WINDOWS\system32\asmvqqwf.ini
2008-04-18 23:30 . 2008-04-19 00:38 <DIR> d-------- C:\WINDOWS\system32\892267
2008-04-18 23:30 . 2008-04-20 01:46 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\zuzolqxg
2008-04-18 23:26 . 2008-04-18 23:26 2 --a--c--- C:\-523676518
2008-04-18 02:36 . 2008-04-18 02:36 <DIR> d----c--- C:\Program Files\ReflexiveArcade
2008-04-17 16:32 . 2008-04-18 14:25 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-17 16:32 . 2008-04-18 14:25 <DIR> d-------- C:\WINDOWS\system32\Vb1
2008-04-17 16:32 . 2008-04-18 14:25 <DIR> d-------- C:\WINDOWS\system32\trcTMP
2008-04-17 16:32 . 2008-04-25 17:32 <DIR> d-------- C:\WINDOWS\system32\slNew
2008-04-17 16:32 . 2008-04-18 14:25 <DIR> d-------- C:\WINDOWS\system32\iTmp
2008-04-16 10:33 . 2008-04-16 10:33 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-15 11:50 . 2008-04-15 11:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-04-15 11:48 . 2008-04-15 11:48 <DIR> d----c--- C:\Program Files\Siber Systems
2008-04-14 16:59 . 2008-04-14 22:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-09 18:18 . 2008-04-09 18:18 <DIR> d----c--- C:\Program Files\LimeWire
2008-04-09 13:23 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-04-07 01:48 . 2008-04-22 12:15 4,566 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 18:54 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 18:29 --------- dc----w C:\Documents and Settings\Roses\Application Data\SlimBrowser
2008-05-06 22:31 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-05-06 22:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 16:45 --------- dc----w C:\Documents and Settings\Roses\Application Data\WeatherBug
2008-05-03 22:56 2,411,217 ----a-w C:\WINDOWS\java\Packages\VXZBFTN1.ZIP
2008-05-01 03:28 14,526 ----a-w C:\WINDOWS\java\Packages\7FHZJ7JR.ZIP
2008-05-01 03:28 1,713,011 ----a-w C:\WINDOWS\java\Packages\8GFR5Z1V.ZIP
2008-04-30 01:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-26 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 18:17 --------- d-----w C:\Program Files\Lavasoft
2008-04-19 17:04 --------- dc----w C:\Program Files\Google
2008-04-19 14:07 --------- dc----w C:\Program Files\CleanUp!
2008-04-16 14:33 --------- dc----w C:\Program Files\Apple Software Update
2008-04-10 02:31 --------- d-----w C:\Program Files\Oberon Media
2008-04-10 01:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-09 23:23 5,483 ----a-w C:\WINDOWS\java\Packages\GYLJX7NP.ZIP
2008-04-09 23:23 1,946,947 ----a-w C:\WINDOWS\java\Packages\2LVN57DB.ZIP
2008-04-09 22:21 --------- dc----w C:\Documents and Settings\Roses\Application Data\LimeWire
2008-04-08 22:38 5,483 ----a-w C:\WINDOWS\java\Packages\WBFNFLJB.ZIP
2008-04-08 22:38 2,213,521 ----a-w C:\WINDOWS\java\Packages\BNNPBPJZ.ZIP
2008-04-06 16:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 02:51 3,495,221 ----a-w C:\WINDOWS\java\Packages\SIM43PZB.ZIP
2008-04-04 20:13 2,486,713 ----a-w C:\WINDOWS\java\Packages\1N377LBB.ZIP
2008-04-03 00:27 --------- d-----w C:\Program Files\MySpace
2008-03-27 04:33 --------- dc----w C:\Documents and Settings\Roses\Application Data\Yahoo!
2008-03-27 04:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-27 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\EA
2008-03-24 19:18 --------- dc----w C:\Program Files\Canon
2008-03-24 19:06 --------- dc----w C:\Program Files\Common Files\CANON
2008-03-24 19:04 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-24 19:01 --------- dc-h--w C:\Program Files\CanonBJ
2008-03-20 15:44 --------- dc----w C:\Program Files\Common Files\Adobe
2008-03-20 14:43 --------- dc----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-03-19 17:28 --------- dc----w C:\Documents and Settings\Roses\Application Data\Apple Computer
2008-03-15 14:46 --------- d-----w C:\Program Files\Java
2008-03-07 03:51 --------- dc----w C:\Program Files\Common Files\Intuit
2008-02-23 22:42 3,118,381 ----a-w C:\WINDOWS\java\Packages\GUIXFZDB.ZIP
2008-02-19 19:43 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2008-02-19 19:43 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-02-19 19:43 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-02-12 02:45 2,193,315 ----a-w C:\WINDOWS\java\Packages\2697JHB7.ZIP
2008-02-07 04:38 2,776,833 ----a-w C:\WINDOWS\java\Packages\5RV9NXF9.ZIP
2008-02-07 00:34 2,366,432 ----a-w C:\WINDOWS\java\Packages\CEMECEPZ.ZIP
2007-12-11 19:42 56 --sh--r C:\WINDOWS\system32\87A14A05CC.sys
2007-12-11 19:42 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02 1343488]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-02-19 15:43 40960]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 03:07 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-08-27 11:02:27 217088]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 13:03:47 124400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe3fa67a9]
C:\WINDOWS\System32\gbrbdkjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0c95435]
C:\WINDOWS\System32\fwqqvmsa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-07-17 07:45 90112 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-07-17 07:59 143360 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2001-08-02 07:14 1077277 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-02-09 15:02 6051144 C:\Program Files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winupdates]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 13:31]
R3 Ptserli;PCTEL Serial Device Driver for INTEL;C:\WINDOWS\System32\DRIVERS\ptserli.sys [2001-08-17 09:28]
S2 oriieke478e553c;oriieke478e553c;C:\WINDOWS\System32\oriieke478e553c.sys []
S3 iAimFP8;iAimFP8;C:\WINDOWS\System32\DRIVERS\wADV11nt.sys [2002-07-23 09:01]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 14:34:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-19 17:08:47 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-28 18:39:14 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 14:50:28
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-05-07 15:18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 19:17:13

Pre-Run: 9,932,103,680 bytes free
Post-Run: 10,360,918,016 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

252 --- E O F --- 2008-04-09 02:41:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:06 PM Catnip, on 5/7/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\Roses\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.0.1.7/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/applet/addiction/addiction-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.5.27/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.6.21/applet/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/canasta/canasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.7.44/applet/domino2/domino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/9.0.1.9/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.5.27/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/applet/safari/safari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/v/8.1.5.27/applet/slots/showbiz-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.4.1/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.5.27/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.4.1/applet/turbo22/turbo22-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179611103864
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179611371377
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://66.229.225.221/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12440 bytes
 
Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\gyy908.exe
C:\7ergzo.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\osneyqfa.ini
C:\WINDOWS\system32\scymdwvh.ini
C:\WINDOWS\system32\asmvqqwf.ini
C:\WINDOWS\System32\gbrbdkjj.dll
C:\WINDOWS\System32\fwqqvmsa.dll

Folder::
C:\WINDOWS\system32\892267
C:\Documents and Settings\All Users\Application Data\zuzolqxg
C:\-523676518
C:\WINDOWS\system32\xcsDd01
C:\WINDOWS\system32\Vb1
C:\WINDOWS\system32\trcTMP
C:\WINDOWS\system32\slNew
C:\WINDOWS\system32\iTmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe3fa67a9]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0c95435]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winupdates]

Driver::
oriieke478e553c
Click to expand...

Save this as CFScript.txt, in the same location as ComboFix.exe


Combo-Do.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\java\Packages\7FHZJ7JR.ZIP

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Also post a new HijackThis log
 
ComboFix 08-05-01.3 - Roses 2008-05-07 17:43:30.2 - NTFSx86
Running from: C:\Documents and Settings\Roses\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roses\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\7ergzo.exe
C:\gyy908.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\asmvqqwf.ini
C:\WINDOWS\System32\fwqqvmsa.dll
C:\WINDOWS\System32\gbrbdkjj.dll
C:\WINDOWS\system32\osneyqfa.ini
C:\WINDOWS\system32\scymdwvh.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-523676518\
C:\7ergzo.exe
C:\Documents and Settings\All Users\Application Data\zuzolqxg
C:\gyy908.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\892267
C:\WINDOWS\system32\asmvqqwf.ini
C:\WINDOWS\system32\iTmp
C:\WINDOWS\system32\osneyqfa.ini
C:\WINDOWS\system32\scymdwvh.ini
C:\WINDOWS\system32\slNew
C:\WINDOWS\system32\trcTMP
C:\WINDOWS\system32\Vb1
C:\WINDOWS\system32\xcsDd01

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ORIIEKE478E553C
-------\Service_oriieke478e553c


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-05 14:35 . 2008-05-05 14:35 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-05 14:35 . 2008-05-05 14:35 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Sunbelt Software
2008-05-05 12:43 . 2008-05-05 12:43 <DIR> d----c--- C:\Program Files\Sunbelt Software
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d----c--- C:\Program Files\Enigma Software Group
2008-05-05 12:12 . 2008-05-05 12:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-05 12:10 . 2008-05-05 18:17 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-05-05 12:10 . 2008-05-05 12:10 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\SUPERAntiSpyware.com
2008-05-05 12:09 . 2008-05-05 12:09 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 11:32 . 2008-05-05 11:32 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Uniblue
2008-05-01 21:09 . 2008-05-01 21:43 2,312 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-01 19:19 . 2008-05-01 19:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 19:19 . 2008-05-01 19:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-30 22:51 . 2008-04-30 22:51 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Avant Profiles
2008-04-30 22:38 . 2008-04-30 22:40 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Move Networks
2008-04-30 21:24 . 2008-04-30 21:24 <DIR> d----c--- C:\Program Files\Alwil Software
2008-04-30 21:21 . 2008-04-30 21:21 <DIR> d----c--- C:\Program Files\Avant Browser
2008-04-30 21:06 . 2008-04-30 21:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-26 13:36 . 2008-04-26 13:37 <DIR> d----c--- C:\Program Files\SlimBrowser
2008-04-26 01:47 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-26 01:47 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-26 01:47 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-26 01:47 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-26 01:46 . 2008-05-07 09:18 <DIR> d----c--- C:\Program Files\Spyware Doctor
2008-04-26 01:46 . 2008-04-26 01:46 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\PC Tools
2008-04-25 23:35 . 2008-05-02 10:59 <DIR> d----c--- C:\Program Files\SpywareBlaster
2008-04-24 20:27 . 2008-04-24 20:27 <DIR> d----c--- C:\Program Files\Scholastic
2008-04-19 13:31 . 2008-04-27 16:47 <DIR> d----c--- C:\Program Files\Common Files\Symantec Shared
2008-04-19 13:07 . 2008-04-26 14:55 <DIR> d----c--- C:\Program Files\Norton Security Scan
2008-04-19 13:03 . 2008-05-07 13:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-19 02:32 . 2008-04-19 02:32 <DIR> d----c--- C:\Documents and Settings\Roses\Application Data\Motive
2008-04-19 02:30 . 2005-03-11 11:48 939,224 -ra------ C:\WINDOWS\system32\Flash.ocx
2008-04-18 23:26 . 2008-04-18 23:26 2 --a--c--- C:\-523676518
2008-04-18 02:36 . 2008-04-18 02:36 <DIR> d----c--- C:\Program Files\ReflexiveArcade
2008-04-16 10:33 . 2008-04-16 10:33 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-15 11:50 . 2008-04-15 11:50 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-04-15 11:48 . 2008-04-15 11:48 <DIR> d----c--- C:\Program Files\Siber Systems
2008-04-14 16:59 . 2008-04-14 22:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-09 18:18 . 2008-04-09 18:18 <DIR> d----c--- C:\Program Files\LimeWire
2008-04-09 13:23 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-04-07 01:48 . 2008-04-22 12:15 4,566 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 22:02 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-07 21:38 --------- dc----w C:\Documents and Settings\Roses\Application Data\SlimBrowser
2008-05-06 22:31 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-05-06 22:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 16:45 --------- dc----w C:\Documents and Settings\Roses\Application Data\WeatherBug
2008-05-03 22:56 2,411,217 ----a-w C:\WINDOWS\java\Packages\VXZBFTN1.ZIP
2008-05-01 03:28 14,526 ----a-w C:\WINDOWS\java\Packages\7FHZJ7JR.ZIP
2008-05-01 03:28 1,713,011 ----a-w C:\WINDOWS\java\Packages\8GFR5Z1V.ZIP
2008-04-30 01:09 --------- d-----w C:\Program Files\IncrediMail
2008-04-26 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 18:17 --------- d-----w C:\Program Files\Lavasoft
2008-04-19 17:04 --------- dc----w C:\Program Files\Google
2008-04-19 14:07 --------- dc----w C:\Program Files\CleanUp!
2008-04-16 14:33 --------- dc----w C:\Program Files\Apple Software Update
2008-04-10 02:31 --------- d-----w C:\Program Files\Oberon Media
2008-04-10 01:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-09 23:23 5,483 ----a-w C:\WINDOWS\java\Packages\GYLJX7NP.ZIP
2008-04-09 23:23 1,946,947 ----a-w C:\WINDOWS\java\Packages\2LVN57DB.ZIP
2008-04-09 22:21 --------- dc----w C:\Documents and Settings\Roses\Application Data\LimeWire
2008-04-08 22:38 5,483 ----a-w C:\WINDOWS\java\Packages\WBFNFLJB.ZIP
2008-04-08 22:38 2,213,521 ----a-w C:\WINDOWS\java\Packages\BNNPBPJZ.ZIP
2008-04-06 16:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 02:51 3,495,221 ----a-w C:\WINDOWS\java\Packages\SIM43PZB.ZIP
2008-04-04 20:13 2,486,713 ----a-w C:\WINDOWS\java\Packages\1N377LBB.ZIP
2008-04-03 00:27 --------- d-----w C:\Program Files\MySpace
2008-03-27 04:33 --------- dc----w C:\Documents and Settings\Roses\Application Data\Yahoo!
2008-03-27 04:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-27 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\EA
2008-03-24 19:18 --------- dc----w C:\Program Files\Canon
2008-03-24 19:06 --------- dc----w C:\Program Files\Common Files\CANON
2008-03-24 19:04 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-24 19:01 --------- dc-h--w C:\Program Files\CanonBJ
2008-03-20 15:44 --------- dc----w C:\Program Files\Common Files\Adobe
2008-03-20 14:43 --------- dc----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-03-19 17:28 --------- dc----w C:\Documents and Settings\Roses\Application Data\Apple Computer
2008-03-15 14:46 --------- d-----w C:\Program Files\Java
2008-03-07 03:51 --------- dc----w C:\Program Files\Common Files\Intuit
2008-02-23 22:42 3,118,381 ----a-w C:\WINDOWS\java\Packages\GUIXFZDB.ZIP
2008-02-19 19:43 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2008-02-19 19:43 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-02-12 02:45 2,193,315 ----a-w C:\WINDOWS\java\Packages\2697JHB7.ZIP
2008-02-07 04:38 2,776,833 ----a-w C:\WINDOWS\java\Packages\5RV9NXF9.ZIP
2008-02-07 00:34 2,366,432 ----a-w C:\WINDOWS\java\Packages\CEMECEPZ.ZIP
2007-12-11 19:42 56 --sh--r C:\WINDOWS\system32\87A14A05CC.sys
2007-12-11 19:42 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_15.16.01.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 18:46:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 21:54:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-22 16:16:46 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-07 19:00:31 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-22 16:16:46 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-07 19:00:32 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-07 18:48:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
+ 2008-05-07 21:55:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-04-23 17:45 243072]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02 1343488]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-02-19 15:43 40960]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 03:07 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-08-27 11:02:27 217088]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-19 13:03:47 124400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2002-07-17 07:45 90112 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-07-17 07:59 143360 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2001-08-02 07:14 1077277 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-02-09 15:02 6051144 C:\Program Files\Pando Networks\Pando\pando.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized


.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 14:34:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-19 17:08:47 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-28 18:39:14 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 17:58:10
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Completion time: 2008-05-07 18:33:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 22:31:59
ComboFix2.txt 2008-05-07 19:18:50

Pre-Run: 10,335,944,704 bytes free
Post-Run: 10,331,729,920 bytes free

248 --- E O F --- 2008-04-09 02:41:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:41 PM Catnip, on 5/7/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Roses\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.0.1.7/applet/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/8.2.1.19/applet/addiction/addiction-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.7.44/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/8.1.5.27/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/8.1.6.21/applet/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/canasta/canasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.7.44/applet/domino2/domino2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/firstclass2/firstclass2-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/9.0.1.9/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.5.27/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/8.2.1.23/applet/safari/safari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.6.21/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/v/8.1.5.27/applet/slots/showbiz-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.4.1/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.5.27/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.4.1/applet/turbo22/turbo22-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179611103864
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179611371377
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://66.229.225.221/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11847 bytes


File 7FHZJ7JR.ZIP received on 05.08.2008 00:59:27 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.5.3.0 2008.05.07 -
AntiVir 7.8.0.11 2008.05.07 -
Authentium 4.93.8 2008.05.07 -
Avast 4.8.1169.0 2008.05.06 -
AVG 7.5.0.516 2008.05.07 -
BitDefender 7.2 2008.05.07 -
CAT-QuickHeal 9.50 2008.05.06 -
ClamAV 0.92.1 2008.05.07 -
DrWeb 4.44.0.09170 2008.05.07 -
eSafe 7.0.15.0 2008.05.06 -
eTrust-Vet 31.4.5766 2008.05.07 -
Ewido 4.0 2008.05.06 -
F-Prot 4.4.2.54 2008.05.06 -
F-Secure 6.70.13260.0 2008.05.07 -
Fortinet 3.14.0.0 2008.05.07 -
Ikarus T3.1.1.26.0 2008.05.07 -
Kaspersky 7.0.0.125 2008.05.07 -
McAfee 5289 2008.05.06 -
Microsoft 1.3408 2008.05.07 -
NOD32v2 3082 2008.05.07 -
Norman 5.80.02 2008.05.06 -
Panda 9.0.0.4 2008.05.06 -
Prevx1 V2 2008.05.08 -
Rising 20.43.12.00 2008.05.07 -
Sophos 4.29.0 2008.05.07 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.07 -
TheHacker 6.2.92.302 2008.05.07 -
VBA32 3.12.6.5 2008.05.06 -
VirusBuster 4.3.26:9 2008.05.06 -
Webwasher-Gateway 6.6.2 2008.05.07 -

Additional information
File size: 14526 bytes
MD5...: d8910ad7a5bdf2439063bccc3f5568d4
SHA1..: afd464280d584af4bc455c63e35d7b9ce4f20f4a
SHA256: 3f862b0d9d9a9e9f999b9227557424db3616ca29368f6d112bb1277e3efe5d8e
SHA512: 05f527fea77ad65f5e2e51f080dddbedd36e0fc9eb7f3c31061ec1b05df3f02a<BR>29a7bc036d480c4c9eca125c980344094770a5b998ebf0a64651f51bb21985b9
PEiD..: -
PEInfo: -
 
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\-523676518

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
 
File -523676518 received on 05.08.2008 03:37:21 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.5.3.0 2008.05.07 -
AntiVir 7.8.0.11 2008.05.07 -
Authentium 4.93.8 2008.05.08 -
Avast 4.8.1169.0 2008.05.07 -
AVG 7.5.0.516 2008.05.07 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.07 -
ClamAV 0.92.1 2008.05.07 -
DrWeb 4.44.0.09170 2008.05.07 -
eSafe 7.0.15.0 2008.05.07 -
eTrust-Vet 31.4.5768 2008.05.07 -
Ewido 4.0 2008.05.07 -
F-Prot 4.4.2.54 2008.05.07 -
F-Secure 6.70.13260.0 2008.05.07 -
Fortinet 3.14.0.0 2008.05.08 -
Ikarus T3.1.1.26.0 2008.05.08 -
Kaspersky 7.0.0.125 2008.05.08 -
McAfee 5290 2008.05.07 -
Microsoft 1.3408 2008.05.08 -
NOD32v2 3084 2008.05.08 -
Norman 5.80.02 2008.05.07 -
Panda 9.0.0.4 2008.05.07 -
Prevx1 V2 2008.05.08 -
Rising 20.43.12.00 2008.05.07 -
Sophos 4.29.0 2008.05.08 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.08 -
TheHacker 6.2.92.302 2008.05.07 -
VBA32 3.12.6.5 2008.05.07 -
VirusBuster 4.3.26:9 2008.05.07 -
Webwasher-Gateway 6.6.2 2008.05.07 -

Additional information
File size: 2 bytes
MD5...: 444bcb3a3fcf8389296c49467f27e1d6
SHA1..: 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
SHA512: 9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936c<BR>e83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570
PEiD..: -
PEInfo: -

Malwarebytes' Anti-Malware 1.12
Database version: 730

Scan type: Full Scan (C:\|)
Objects scanned: 95720
Time elapsed: 1 hour(s), 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 37
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{06faccd2-c7bb-4612-88de-338120477578} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0bc37c25-432c-4ec4-95b4-0f860c1bdfe3} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{18c0c3dc-9b12-45c8-8243-11a32babc050} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{20b5789d-76b8-41c3-92d2-72b322d0d81d} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248c5ea6-af58-4a11-97a4-72b183232e58} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e8986d0-b571-4a3a-a831-0621cfcd7be1} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30073d4c-957a-4a2b-8dc7-ff57ea3d3dfb} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30576ee7-054c-4faf-801b-703845928839} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59fe90af-3bf6-489b-9181-b1ee2a6ce64a} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65f3c1a2-ec45-445f-b2e5-7fff05344ca0} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{78f4493f-42f4-4ef6-a417-042dd0a7e0af} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{818dd1ed-83b4-4ef0-99f9-e4a6d73e2456} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{853be7bd-f267-4750-b072-2b6b11d3d70c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8eb10171-6058-4822-baf3-3da829caca4e} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91a4a1c5-7fe7-41f1-9d23-cee9d3064175} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91bd0deb-7196-46b1-9cd0-c26b7b3ab72e} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{93c9f61d-51b6-47ee-8fe5-36185021222b} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99bcd932-0d63-4f7e-8faa-dbd12b9f494c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9b99e76d-9081-41c2-ae6e-e43cf752ac71} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9da1ffd9-3cd7-4cb5-8c0b-dcdea5663ae0} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abe1716e-6f32-4d6f-8f3d-73425d396bdb} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae4a9ec4-1dfe-425f-8fc7-501fb6cbf132} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c53fef45-3339-4d96-83c7-2f4bf389fa7b} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd0ab90e-4a7f-4f0e-9cfa-5cc428649265} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0271652-93b4-4bc5-afc7-fb41e0d5004c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e187f1a7-86bf-4df8-8d3c-33c1d1e50f3a} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e98f32d4-89dd-4e7d-96b8-e1b8d1c22eb2} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3847cce-f74a-43ea-a323-3ac984c3443e} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ffe3c26d-fa6d-4884-bd7a-bc1d778eee94} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f4aaeb6d-3735-45aa-a22b-924cc4882d9c} (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
 
I forgot to tell you how my pc is.Sorry.

I haven't seen any more pop-ups. The core.cache.dsk file has dissappeared.Which is good,I couldn't get rid of thing for the life of me.
I have more spyware programs than anybody I know. LMAO!
I haven't run another spybot yet though,I'll run that when I go to sleep.
Thanks for all your help.
 
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
 
Thanks so much!!! I will do all these things today! This is the first time in 6yrs. I have gotten something this hard to get rid of. So glad you were here to help!!:heart::eek::heart::eek::heart:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top