Virus, Spyware

C

chuck0410

New member
I have spyware that spybot will not remove and virus I can't seem to get rid of.

Thank you

Here is the Virus scan log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 2:14:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/02/2008
Kaspersky Anti-Virus database records: 567905
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 70940
Number of viruses found: 18
Number of infected objects: 29
Number of suspicious objects: 2
Duration of the scan process: 00:45:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\drivethatdentclock\oncekeep.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\All Users\Application Data\drivethatdentclock\plan regs.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\447ae606e85b812fde0aba949f7cb887_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96b9eddaaa0a41160eeda005958962c5_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip/asmend.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Application Data\FREE LOG\wnqastee.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\Matt\Local Settings\Temp\sta10.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\Mimi\Application Data\FREE LOG\cyvmnjhq.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Mimi\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mimi\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\history.dat Object is locked skipped
C:\Documents and Settings\Mimi\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\key3.db Object is locked skipped
C:\Documents and Settings\Mimi\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mimi\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Mimi\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mimi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3sy7lc7h.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\Documents and Settings\Mimi\Local Settings\Temp\Perflib_Perfdata_650.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Temporary Internet Files\Content.IE5\G5M3WXQ7\!update-4495[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\Documents and Settings\Mimi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\My Documents\Міcrosoft.NET\fast.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\Documents and Settings\Mimi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mimi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scooter\Local Settings\Temp\sta3A.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Program Files\Common Files\rybit.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\Common Files\SpyGuardPro\bm .exe Infected: not-a-virus:Downloader.Win32.WinFixer.cv skipped
C:\Program Files\Common Files\vikoj.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Dot1XCfg\Dot1XCfg .exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\Program Files\EbatesMoeMoneyMaker4\e10350.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.dll Infected: not-a-virus:AdWare.Win32.WebRebates.q skipped
C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker2.dll Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\72827163-9432-4F15-9F82-2445FF\DF88D244-1B5E-4C79-817B-BEDB7C Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\WINDOWS\17PHolmes572.exe Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\WINDOWS\cache329\B_329_0_1_570600.htm Infected: Trojan-Clicker.HTML.IFrame.bk skipped
C:\WINDOWS\cache329\B_329_2_1_570600.htm Infected: Trojan-Clicker.HTML.IFrame.bk skipped
C:\WINDOWS\cache329\B_329_3_1_570600.htm Infected: Trojan-Clicker.HTML.IFrame.bk skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\WINDOWS\mrofinu572.exe Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\bqrukst.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\OPRGHDLRR.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\edcA01\edcA011065.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\t8\tycodllz83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\SYSTEM32\t8\tycodllz83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\tk58.exe Infected: Trojan.Win32.BHO.ab skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\ΑрpPatch\javaw .exe Object is locked skipped
C:\WINDOWS\ΑрpPatch\javaw.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped

Scan process completed.

Here is Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:45 PM, on 2/15/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Documents and Settings\Mimi\My Documents\??crosoft.NET\fast.exe
C:\WINDOWS\PPATCH~1\javaw.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12049CEB-9C50-4E05-B096-D4D41C4F335A} - (no file)
O2 - BHO: (no name) - {258AE19A-664F-43F1-AF69-403385381546} - C:\WINDOWS\System32\sstqo.dll (file missing)
O2 - BHO: {6387fece-1e21-4808-7f74-02a28f1544d2} - {2d4451f8-2a20-47f7-8084-12e1ecef7836} - (no file)
O2 - BHO: (no name) - {4512CCE6-0179-6ED0-061B-5900BBCA8BC1} - C:\WINDOWS\System32\bqrukst.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {59668D40-761E-44D2-8F12-72993489A374} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A76688ED-8555-43BF-8485-6E7852E20219} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: 0 - {C8AFFD11-20B4-4F80-72A8-316C8E3E83A8} - C:\Program Files\Common Files\rybit.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\System32\awttrsr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: awttrsr - awttrsr.dll (file missing)
O20 - Winlogon Notify: dpnkcrhp - dpnkcrhp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5056 bytes
 
Hi chuck0410

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
 
ComboFix, Hijack log

Here is what you requested:

Thank you

Comboxfix Log:

ComboFix 08-02-18.1 - Mimi 2008-02-18 10:14:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.37 [GMT -6:00]Running from: C:\Documents and Settings\Mimi\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 10:47 . 2008-02-15 10:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 10:47 . 2008-02-15 10:47 3,445 --a------ C:\WINDOWS\unins000.dat
2008-02-15 10:44 . 2008-02-15 10:44 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\VCOM
2008-02-15 10:41 . 2008-02-15 10:41 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\AVG7
2008-02-15 10:40 . 2008-02-15 10:42 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\GTek
2008-02-15 10:39 . 2004-01-03 13:14 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Sonic
2008-02-15 10:39 . 2004-01-03 13:18 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Jasc Software Inc
2008-02-15 10:37 . 2008-02-15 10:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-15 08:53 . 2008-02-15 08:59 <DIR> d-------- C:\VundoFix Backups
2008-02-14 13:42 . 2008-02-14 13:42 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\AVG7
2008-02-13 15:29 . 2008-02-18 10:05 <DIR> d-------- C:\Hijack This
2008-01-29 13:18 . 2008-01-29 13:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-29 13:17 . 2008-01-29 13:17 84 --a------ C:\WINDOWS\encore_launcher.ini
2008-01-29 13:16 . 2001-08-17 22:36 112,640 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-01-29 13:16 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-01-29 13:16 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-01-29 13:16 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-01-29 13:16 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-01-29 13:16 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-01-29 13:16 . 2001-08-17 22:36 7,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-01-29 13:16 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-01-29 13:14 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-01-29 13:13 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-01-29 13:12 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-01-29 13:11 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-01-29 13:10 . 2001-08-17 22:36 2,134,528 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-01-29 12:00 . 2008-01-29 12:00 <DIR> d--hs---- C:\VCOM
2008-01-29 11:57 . 2008-01-29 11:57 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\VCOM
2008-01-29 11:54 . 2008-01-29 11:54 <DIR> d-------- C:\Program Files\VCOM
2008-01-29 11:54 . 2008-01-29 11:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 09:56 . 2008-02-14 15:12 16,596 --a------ C:\WINDOWS\BM0f5ded4a.xml
2008-01-29 09:56 . 2008-02-14 13:43 22 --a------ C:\WINDOWS\pskt.ini
2008-01-25 15:24 . 2008-01-25 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-25 15:06 . 2008-02-18 08:47 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\AVG7
2008-01-25 15:06 . 2008-01-25 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-25 15:05 . 2008-01-25 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 15:05 . 2008-01-25 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-18 15:37 . 2008-01-18 15:37 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\Lavasoft
2008-01-18 15:34 . 2008-01-18 15:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-18 15:34 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-18 15:34 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-18 15:34 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-18 15:34 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2008-01-18 15:33 . 2008-01-18 15:33 <DIR> d-------- C:\Program Files\Webroot
2008-01-18 15:33 . 2008-01-18 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-18 14:13 . 2008-01-18 14:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-18 14:13 . 2008-01-18 14:13 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\Webroot
2008-01-18 14:13 . 2008-01-18 14:13 164 --a------ C:\install.dat
2008-01-18 14:12 . 2008-01-18 15:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-18 12:36 . 2008-01-18 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-18 12:19 . 2008-01-18 12:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-18 12:19 . 2008-01-28 16:02 <DIR> d-------- C:\Program Files\Hitman Pro
2008-01-18 12:17 . 2008-02-18 09:32 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 15:07 246 ----a-w C:\Program Files\Common Files\rybit
2008-02-15 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 21:48 --------- d-----w C:\Documents and Settings\Mimi\Application Data\FREE LOG
2008-01-29 19:36 --------- d-----w C:\Program Files\EbatesMoeMoneyMaker4
2008-01-25 22:20 --------- d-----w C:\Program Files\Dot1XCfg
2008-01-25 20:53 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-25 20:53 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-25 20:53 --------- d-----w C:\Program Files\Dell AIO Printer A940
2008-01-25 20:43 --------- d-----w C:\Program Files\Registry Cleaner Trial
2008-01-25 20:42 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2008-01-25 20:38 --------- d-----w C:\Documents and Settings\Mimi\Application Data\Registry Cleaner
2008-01-17 20:52 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-17 20:52 --------- d-----w C:\Program Files\Winamp
2008-01-17 20:52 --------- d-----w C:\Program Files\iTunes
2008-01-17 03:32 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 03:25 36,864 ----a-w C:\WINDOWS\17PHolmes572.exe
2008-01-16 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\drivethatdentclock
2008-01-16 21:24 --------- d-----w C:\Program Files\FREE LOG
2008-01-13 01:32 --------- d-----w C:\Program Files\America Online 9.0
2008-01-13 01:19 --------- d-----w C:\Program Files\QuickTime
2007-12-31 06:00 --------- d-----w C:\Program Files\PokerStars
2007-12-29 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 20:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:54 --------- d-----w C:\Documents and Settings\Scooter\Application Data\Apple Computer
2007-12-28 20:46 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 20:32 54,330,664 ----a-w C:\iTunesSetup.exe
2007-12-25 19:27 --------- d-----w C:\Documents and Settings\Mimi\Application Data\Apple Computer
2007-07-28 09:06 135 ----a-w C:\Program Files\Common Files\vikoj.html
2004-06-12 04:39 32 ----a-w C:\Program Files\MFCD4WAVE
2005-07-29 22:24 472 --sha-r C:\WINDOWS\TWltaQ\nq5Quk.vbs
.
Code: 
<pre>
----a-w           368,706 2008-01-17 20:52:30  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w            50,736 2008-01-17 20:52:32  C:\Program Files\Common Files\AOL\1189612128\ee\AOLSoftware .exe
----a-w           151,597 2008-01-17 20:52:26  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2008-01-17 20:52:21  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2008-01-17 20:52:25  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            86,102 2008-01-25 20:53:46  C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
----a-w            61,440 2008-01-17 20:53:02  C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w           278,528 2008-01-17 20:52:29  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,670,144 2008-01-25 20:54:11  C:\Program Files\Messenger\msmsgs .exe
----a-w         4,530,176 2008-01-25 20:43:19  C:\Program Files\Registry Cleaner Trial\RegClean .exe
----a-w            33,792 2008-01-17 20:52:27  C:\Program Files\Winamp\winampa .exe
----a-w           145,408 2008-01-25 20:42:57  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w            28,672 2008-01-17 20:52:23  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-25 20:53:45  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-25 20:53:44  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258AE19A-664F-43F1-AF69-403385381546}]
C:\WINDOWS\System32\sstqo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-13 13:05 1503232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-25 15:05 411648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 15:05 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttrsr]
awttrsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpnkcrhp]
dpnkcrhp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c6eded6]
C:\WINDOWS\System32\cvneqlup.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\WINDOWS\PPATCH~1\javaw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f5ded4a]
C:\WINDOWS\System32\nbwydidk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eggs joy math type]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\license road]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mbv]
C:\Documents and Settings\Mimi\My Documents\??crosoft.NET\fast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pgrvlwy]
C:\WINDOWS\SYSTEM32\?racle\javaw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuardPro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugac]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Network Monitor"=2 (0x2)
"NetSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DomainService"=2 (0x2)
"cmdService"=2 (0x2)
"AOL ACS"=2 (0x2)
"WZCSVC"=2 (0x2)

S3 MagicBox;Embroidery Conversion Box Plus;C:\WINDOWS\System32\Drivers\MagicBox.sys [2004-04-10 22:55]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 16:00:00 C:\WINDOWS\Tasks\A94C0D50918F83B0.job"
- c:\docume~1\matt\applic~1\freelo~1\isoblehref.exe
"2008-02-18 16:00:00 C:\WINDOWS\Tasks\AC26CA0491CD7E54.job"
- c:\docume~1\scooter\applic~1\freelo~1\isoblehref.exe
"2008-02-18 16:00:00 C:\WINDOWS\Tasks\ACEF483F9184C463.job"
- c:\docume~1\mimi\applic~1\freelo~1\isoblehref.exe
"2007-12-28 20:46:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 10:19:10
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 10:21:03
ComboFix-quarantined-files.txt 2008-02-18 16:20:58

HERE IS HIJACK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:33 AM, on 2/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\explorer.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {258AE19A-664F-43F1-AF69-403385381546} - C:\WINDOWS\System32\sstqo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: awttrsr - awttrsr.dll (file missing)
O20 - Winlogon Notify: dpnkcrhp - dpnkcrhp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3899 bytes
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
RenV::
----a-w           368,706 2008-01-17 20:52:30  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w            50,736 2008-01-17 20:52:32  C:\Program Files\Common Files\AOL\1189612128\ee\AOLSoftware .exe
----a-w           151,597 2008-01-17 20:52:26  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2008-01-17 20:52:21  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2008-01-17 20:52:25  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            86,102 2008-01-25 20:53:46  C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
----a-w           278,528 2008-01-17 20:52:29  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,670,144 2008-01-25 20:54:11  C:\Program Files\Messenger\msmsgs .exe
----a-w         4,530,176 2008-01-25 20:43:19  C:\Program Files\Registry Cleaner Trial\RegClean .exe
----a-w            33,792 2008-01-17 20:52:27  C:\Program Files\Winamp\winampa .exe
----a-w           145,408 2008-01-25 20:42:57  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w            28,672 2008-01-17 20:52:23  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-25 20:53:45  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-25 20:53:44  C:\WINDOWS\SYSTEM32\igfxtray .exe

File::
C:\WINDOWS\17PHolmes572.exe
C:\Program Files\Common Files\vikoj.html
C:\WINDOWS\Tasks\A94C0D50918F83B0.job
C:\WINDOWS\Tasks\AC26CA0491CD7E54.job
C:\WINDOWS\Tasks\ACEF483F9184C463.job

Folder::
C:\WINDOWS\TWltaQ
C:\Program Files\EbatesMoeMoneyMaker4
C:\Program Files\Dot1XCfg
C:\Documents and Settings\Mimi\Application Data\FREE LOG
c:\docume~1\matt\applic~1\freelo~1
c:\docume~1\scooter\applic~1\freelo~1

Driver::
MSControlService

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{258AE19A-664F-43F1-AF69-403385381546}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttrsr]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpnkcrhp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c6eded6]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f5ded4a]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eggs joy math type]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mbv]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pgrvlwy]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyGuardPro]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugac]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=-
"DomainService"=-
"cmdService"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

Post:

- a fresh HijackThis log
- combofix report
- nolop log
 
Combofix LOG

TEXT TOO LONG WILL HAVE TO SEND SEPARATLY:

Thank you, Here is the info you requested:

COMBOFIX LOG:

ComboFix 08-02-18.1 - Mimi 2008-02-18 12:31:18.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.72 [GMT -6:00]Running from: C:\Documents and Settings\Mimi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mimi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\vikoj.html
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\Tasks\A94C0D50918F83B0.job
C:\WINDOWS\Tasks\AC26CA0491CD7E54.job
C:\WINDOWS\Tasks\ACEF483F9184C463.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\matt\applic~1\freelo~1
c:\docume~1\matt\applic~1\freelo~1\0
c:\docume~1\matt\applic~1\freelo~1\wnqastee.exe
c:\docume~1\scooter\applic~1\freelo~1
c:\docume~1\scooter\applic~1\freelo~1\0
C:\Documents and Settings\Mimi\Application Data\FREE LOG
C:\Documents and Settings\Mimi\Application Data\FREE LOG\0
C:\Documents and Settings\Mimi\Application Data\FREE LOG\cyvmnjhq.exe
C:\Program Files\Common Files\vikoj.html
C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\EbatesMoeMoneyMaker4
C:\Program Files\EbatesMoeMoneyMaker4\e10350.exe
C:\Program Files\EbatesMoeMoneyMaker4\ebateatmmm\ebmm10350.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebateatmmm\ebmmp10385.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatesdmmm\e43938a7457b.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatesdmmm\ebateszmmm.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatesdmmm\Matt\e43938a8361b2.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatesdmmm\Mimi\e43938a8361b2.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatesdmmm\r43938a8661c9.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatesdmmm\Scooter\e43938a8361b2.dat
C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.dll
C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker2.dll
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatessmmm\ebateslmmm.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatessmmm\ebatespmmm.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatessmmm\ebatessmmm.dat
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmh0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmp0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmp0_dis.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmr0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmrnicp0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmrpmp0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmrpms0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\log.txt
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmC0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmH0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmP0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmP0_dis.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmR0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmRNICP0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmRPMP0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Html\ebmmRPMS0.htm
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm.ico
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_button_clickhere.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_button_getcashbck.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_button_no.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_button_submit.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_button_yes.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_clear.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_clrpxl.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_cou_button_savenow.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_cou_logo_greenbground.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_cou_moe.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_cou_moe_logo.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_dotted_divider.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_doublelines_bot.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_doublelines_bot_grn.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_grayblock.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_green_bg.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_hot.ico
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_instructions_header.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_logo_lrg.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_logo_topmox.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_logo1.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_moe_question.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_moe_reminder.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_moe_top.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_moe_with_cash.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_preferences.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_prefs_browser.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_spacer.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_step1.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_step2.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_step3.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_step4.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_step5_tear.gif
C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\Images\ebmm_step6_tear.gif
C:\Program Files\EbatesMoeMoneyMaker4\README.txt
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\Tasks\A94C0D50918F83B0.job
C:\WINDOWS\Tasks\AC26CA0491CD7E54.job
C:\WINDOWS\Tasks\ACEF483F9184C463.job
C:\WINDOWS\TWltaQ
C:\WINDOWS\TWltaQ\nq5Quk.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 10:47 . 2008-02-15 10:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 10:47 . 2008-02-15 10:47 3,445 --a------ C:\WINDOWS\unins000.dat
2008-02-15 10:44 . 2008-02-15 10:44 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\VCOM
2008-02-15 10:41 . 2008-02-15 10:41 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\AVG7
2008-02-15 10:40 . 2008-02-15 10:42 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\GTek
2008-02-15 10:39 . 2004-01-03 13:14 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Sonic
2008-02-15 10:39 . 2004-01-03 13:18 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Jasc Software Inc
2008-02-15 10:37 . 2008-02-15 10:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-15 08:53 . 2008-02-15 08:59 <DIR> d-------- C:\VundoFix Backups
2008-02-14 13:42 . 2008-02-14 13:42 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\AVG7
2008-02-13 15:29 . 2008-02-18 10:23 <DIR> d-------- C:\Hijack This
2008-01-29 13:18 . 2008-01-29 13:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-29 13:17 . 2008-01-29 13:17 84 --a------ C:\WINDOWS\encore_launcher.ini
2008-01-29 13:16 . 2001-08-17 22:36 112,640 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-01-29 13:16 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-01-29 13:16 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-01-29 13:16 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-01-29 13:16 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-01-29 13:16 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-01-29 13:16 . 2001-08-17 22:36 7,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-01-29 13:16 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-01-29 13:14 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-01-29 13:13 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-01-29 13:12 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-01-29 13:11 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-01-29 13:10 . 2001-08-17 22:36 2,134,528 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-01-29 12:00 . 2008-01-29 12:00 <DIR> d--hs---- C:\VCOM
2008-01-29 11:57 . 2008-01-29 11:57 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\VCOM
2008-01-29 11:54 . 2008-01-29 11:54 <DIR> d-------- C:\Program Files\VCOM
2008-01-29 11:54 . 2008-01-29 11:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 09:56 . 2008-02-14 15:12 16,596 --a------ C:\WINDOWS\BM0f5ded4a.xml
2008-01-29 09:56 . 2008-02-14 13:43 22 --a------ C:\WINDOWS\pskt.ini
2008-01-25 15:24 . 2008-01-25 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-25 15:06 . 2008-02-18 08:47 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\AVG7
2008-01-25 15:06 . 2008-01-25 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-25 15:05 . 2008-01-25 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 15:05 . 2008-01-25 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-18 15:37 . 2008-01-18 15:37 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\Lavasoft
2008-01-18 15:34 . 2008-01-18 15:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-18 15:34 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-18 15:34 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-18 15:34 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-18 15:34 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2008-01-18 15:33 . 2008-01-18 15:33 <DIR> d-------- C:\Program Files\Webroot
2008-01-18 15:33 . 2008-01-18 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-18 14:13 . 2008-01-18 14:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-18 14:13 . 2008-01-18 14:13 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\Webroot
2008-01-18 14:13 . 2008-01-18 14:13 164 --a------ C:\install.dat
2008-01-18 14:12 . 2008-01-18 15:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-18 12:36 . 2008-01-18 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-18 12:19 . 2008-01-18 12:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-18 12:19 . 2008-01-28 16:02 <DIR> d-------- C:\Program Files\Hitman Pro
2008-01-18 12:17 . 2008-02-18 10:21 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 15:07 246 ----a-w C:\Program Files\Common Files\rybit
2008-02-15 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-25 20:53 --------- d-----w C:\Program Files\Dell AIO Printer A940
2008-01-25 20:43 --------- d-----w C:\Program Files\Registry Cleaner Trial
2008-01-25 20:38 --------- d-----w C:\Documents and Settings\Mimi\Application Data\Registry Cleaner
2008-01-17 20:52 --------- d-----w C:\Program Files\Winamp
2008-01-17 20:52 --------- d-----w C:\Program Files\iTunes
2008-01-17 03:32 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-16 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\drivethatdentclock
2008-01-16 21:24 --------- d-----w C:\Program Files\FREE LOG
2008-01-13 01:32 --------- d-----w C:\Program Files\America Online 9.0
2008-01-13 01:19 --------- d-----w C:\Program Files\QuickTime
2007-12-31 06:00 --------- d-----w C:\Program Files\PokerStars
2007-12-29 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 20:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:54 --------- d-----w C:\Documents and Settings\Scooter\Application Data\Apple Computer
2007-12-28 20:46 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 20:32 54,330,664 ----a-w C:\iTunesSetup.exe
2007-12-25 19:27 --------- d-----w C:\Documents and Settings\Mimi\Application Data\Apple Computer
2004-06-12 04:39 32 ----a-w C:\Program Files\MFCD4WAVE
.
Code: 
<pre>
----a-w            50,736 2008-01-17 20:52:32  C:\Program Files\Common Files\AOL\1189612128\ee\AOLSoftware .exe
----a-w           151,597 2008-01-17 20:52:26  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2008-01-17 20:52:21  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2008-01-17 20:52:25  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w            86,102 2008-01-25 20:53:46  C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
----a-w           278,528 2008-01-17 20:52:29  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,670,144 2008-01-25 20:54:11  C:\Program Files\Messenger\msmsgs .exe
----a-w         4,530,176 2008-01-25 20:43:19  C:\Program Files\Registry Cleaner Trial\RegClean .exe
----a-w            33,792 2008-01-17 20:52:27  C:\Program Files\Winamp\winampa .exe
----a-w           145,408 2008-01-25 20:42:57  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w            28,672 2008-01-17 20:52:23  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-25 20:53:45  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-25 20:53:44  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-13 13:05 1503232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-25 15:05 411648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 15:05 145920]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\license road]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"NetSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"AOL ACS"=2 (0x2)
"WZCSVC"=2 (0x2)

S3 MagicBox;Embroidery Conversion Box Plus;C:\WINDOWS\System32\Drivers\MagicBox.sys [2004-04-10 22:55]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 20:46:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 12:36:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
.
**************************************************************************
.
Completion time: 2008-02-18 12:39:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 18:39:53
ComboFix2.txt 2008-02-18 16:21:04
 
Hj, Nolop Log

TEXT TOO LONG WILL HAVE TO SEND SEPARATLY:

Thank you, Here is the info you requested:

HJ LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:50 PM, on 2/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3546 bytes

NOLOP LOG

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Mimi\Desktop
[2/18/2008]
[12:43:26 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Avg7
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Amok Curb Type Bind -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Dell
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Prevx -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Salesmon
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Webroot
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Chuck\Application Data\Avg7
C:\Documents and Settings\Chuck\Application Data\Gtek
C:\Documents and Settings\Chuck\Application Data\Identities
C:\Documents and Settings\Chuck\Application Data\Jasc Software Inc
C:\Documents and Settings\Chuck\Application Data\Microsoft
C:\Documents and Settings\Chuck\Application Data\Real
C:\Documents and Settings\Chuck\Application Data\Sonic
C:\Documents and Settings\Chuck\Application Data\Sun
C:\Documents and Settings\Chuck\Application Data\Vcom
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Webroot
C:\Documents and Settings\Matt\Application Data\.bittornado
C:\Documents and Settings\Matt\Application Data\Adobe
C:\Documents and Settings\Matt\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Matt\Application Data\Aol
C:\Documents and Settings\Matt\Application Data\Apple Computer
C:\Documents and Settings\Matt\Application Data\Avg7
C:\Documents and Settings\Matt\Application Data\Corel
C:\Documents and Settings\Matt\Application Data\Gtek
C:\Documents and Settings\Matt\Application Data\Identities
C:\Documents and Settings\Matt\Application Data\Jasc Software Inc
C:\Documents and Settings\Matt\Application Data\Leadertech
C:\Documents and Settings\Matt\Application Data\Macromedia
C:\Documents and Settings\Matt\Application Data\Microsoft
C:\Documents and Settings\Matt\Application Data\Mozilla
C:\Documents and Settings\Matt\Application Data\Real
C:\Documents and Settings\Matt\Application Data\Sonic
C:\Documents and Settings\Matt\Application Data\Sun
C:\Documents and Settings\Matt\Application Data\Viewpoint
C:\Documents and Settings\Mimi\Application Data\Adobe
C:\Documents and Settings\Mimi\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Mimi\Application Data\Aol
C:\Documents and Settings\Mimi\Application Data\Apple Computer
C:\Documents and Settings\Mimi\Application Data\Avg7
C:\Documents and Settings\Mimi\Application Data\Corel
C:\Documents and Settings\Mimi\Application Data\Gtek
C:\Documents and Settings\Mimi\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Mimi\Application Data\Identities
C:\Documents and Settings\Mimi\Application Data\Jasc Software Inc
C:\Documents and Settings\Mimi\Application Data\Lavasoft
C:\Documents and Settings\Mimi\Application Data\Macromedia
C:\Documents and Settings\Mimi\Application Data\Microsoft
C:\Documents and Settings\Mimi\Application Data\Mozilla
C:\Documents and Settings\Mimi\Application Data\Real
C:\Documents and Settings\Mimi\Application Data\Registry Cleaner
C:\Documents and Settings\Mimi\Application Data\Sonic
C:\Documents and Settings\Mimi\Application Data\Sun
C:\Documents and Settings\Mimi\Application Data\U3
C:\Documents and Settings\Mimi\Application Data\Vcom
C:\Documents and Settings\Mimi\Application Data\Viewpoint
C:\Documents and Settings\Mimi\Application Data\Webroot
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Scooter\Application Data\Adobe
C:\Documents and Settings\Scooter\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Scooter\Application Data\Aol
C:\Documents and Settings\Scooter\Application Data\Apple Computer
C:\Documents and Settings\Scooter\Application Data\Corel
C:\Documents and Settings\Scooter\Application Data\Gtek
C:\Documents and Settings\Scooter\Application Data\Identities
C:\Documents and Settings\Scooter\Application Data\Jasc Software Inc
C:\Documents and Settings\Scooter\Application Data\Macromedia
C:\Documents and Settings\Scooter\Application Data\Microsoft
C:\Documents and Settings\Scooter\Application Data\Mozilla
C:\Documents and Settings\Scooter\Application Data\Real
C:\Documents and Settings\Scooter\Application Data\Registry Cleaner
C:\Documents and Settings\Scooter\Application Data\Smartftp
C:\Documents and Settings\Scooter\Application Data\Sonic
C:\Documents and Settings\Scooter\Application Data\Sun
C:\Documents and Settings\Scooter\Application Data\Viewpoint
 
Hi

You may need to re-install some startup programs as vundo file infector has infected them and restore was unsuccessful.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Program Files\Common Files\AOL\1189612128\ee\AOLSoftware .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Registry Cleaner Trial\RegClean .exe
C:\Program Files\Winamp\winampa .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe

Folder::
C:\Documents and Settings\All Users\Application Data\Amok Curb Type Bind 
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
New Comboxfix, HJ Logs

It will be tomorrow before I can fool with this again. Thanks for your help. Any other suggestions?

COMBOFIX LOG:

ComboFix 08-02-18.1 - Mimi 2008-02-18 13:34:12.4 - NTFSx86
Running from: C:\Documents and Settings\Mimi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mimi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\AOL\1189612128\ee\AOLSoftware .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Registry Cleaner Trial\RegClean .exe
C:\Program Files\Winamp\winampa .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Amok Curb Type Bind
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock\amokopenbike
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock\oncekeep.exe
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock\plan regs.exe
C:\Documents and Settings\All Users\Application Data\Drivethatdentclock\SkipRegsTest
C:\Program Files\Common Files\AOL\1189612128\ee\AOLSoftware .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Registry Cleaner Trial\RegClean .exe
C:\Program Files\Winamp\winampa .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 12:43 . 2008-02-18 12:43 106 --a------ C:\delete.bat
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-15 12:56 . 2008-02-15 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 10:47 . 2008-02-15 10:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 10:47 . 2008-02-15 10:47 3,445 --a------ C:\WINDOWS\unins000.dat
2008-02-15 10:44 . 2008-02-15 10:44 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\VCOM
2008-02-15 10:41 . 2008-02-15 10:41 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\AVG7
2008-02-15 10:40 . 2008-02-15 10:42 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\GTek
2008-02-15 10:39 . 2004-01-03 13:14 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Sonic
2008-02-15 10:39 . 2004-01-03 13:18 <DIR> d-------- C:\Documents and Settings\Chuck\Application Data\Jasc Software Inc
2008-02-15 10:37 . 2008-02-15 10:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-15 08:53 . 2008-02-15 08:59 <DIR> d-------- C:\VundoFix Backups
2008-02-14 13:42 . 2008-02-14 13:42 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\AVG7
2008-02-13 15:29 . 2008-02-18 12:45 <DIR> d-------- C:\Hijack This
2008-01-29 13:18 . 2008-01-29 13:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-29 13:17 . 2008-01-29 13:17 84 --a------ C:\WINDOWS\encore_launcher.ini
2008-01-29 13:16 . 2001-08-17 22:36 112,640 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-01-29 13:16 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-01-29 13:16 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-01-29 13:16 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-01-29 13:16 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-01-29 13:16 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-01-29 13:16 . 2001-08-17 22:36 7,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-01-29 13:16 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-01-29 13:14 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-01-29 13:13 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-01-29 13:12 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-01-29 13:11 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-01-29 13:10 . 2001-08-17 22:36 2,134,528 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpsnap.dll
2008-01-29 12:00 . 2008-01-29 12:00 <DIR> d--hs---- C:\VCOM
2008-01-29 11:57 . 2008-01-29 11:57 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\VCOM
2008-01-29 11:54 . 2008-01-29 11:54 <DIR> d-------- C:\Program Files\VCOM
2008-01-29 11:54 . 2008-01-29 11:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 09:56 . 2008-02-14 15:12 16,596 --a------ C:\WINDOWS\BM0f5ded4a.xml
2008-01-29 09:56 . 2008-02-14 13:43 22 --a------ C:\WINDOWS\pskt.ini
2008-01-25 15:24 . 2008-01-25 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-25 15:06 . 2008-02-18 08:47 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\AVG7
2008-01-25 15:06 . 2008-01-25 15:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-25 15:05 . 2008-01-25 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 15:05 . 2008-01-25 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-18 15:37 . 2008-01-18 15:37 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\Lavasoft
2008-01-18 15:34 . 2008-01-18 15:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-18 15:34 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-18 15:34 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-18 15:34 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-18 15:34 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0509.sys
2008-01-18 15:33 . 2008-01-18 15:33 <DIR> d-------- C:\Program Files\Webroot
2008-01-18 15:33 . 2008-01-18 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-18 14:13 . 2008-01-18 14:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-18 14:13 . 2008-01-18 14:13 <DIR> d-------- C:\Documents and Settings\Mimi\Application Data\Webroot
2008-01-18 14:13 . 2008-01-18 14:13 164 --a------ C:\install.dat
2008-01-18 14:12 . 2008-01-18 15:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-18 12:36 . 2008-01-18 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-18 12:19 . 2008-01-18 12:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-18 12:19 . 2008-01-28 16:02 <DIR> d-------- C:\Program Files\Hitman Pro
2008-01-18 12:17 . 2008-02-18 10:21 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 19:35 --------- d-----w C:\Program Files\Winamp
2008-02-18 19:35 --------- d-----w C:\Program Files\Registry Cleaner Trial
2008-02-18 19:35 --------- d-----w C:\Program Files\iTunes
2008-02-18 19:34 --------- d-----w C:\Program Files\Dell AIO Printer A940
2008-02-18 15:07 246 ----a-w C:\Program Files\Common Files\rybit
2008-02-15 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-15 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-25 20:38 --------- d-----w C:\Documents and Settings\Mimi\Application Data\Registry Cleaner
2008-01-17 03:32 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-16 21:24 --------- d-----w C:\Program Files\FREE LOG
2008-01-13 01:32 --------- d-----w C:\Program Files\America Online 9.0
2008-01-13 01:19 --------- d-----w C:\Program Files\QuickTime
2007-12-31 06:00 --------- d-----w C:\Program Files\PokerStars
2007-12-29 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-28 20:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:54 --------- d-----w C:\Documents and Settings\Scooter\Application Data\Apple Computer
2007-12-28 20:46 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 20:32 54,330,664 ----a-w C:\iTunesSetup.exe
2007-12-25 19:27 --------- d-----w C:\Documents and Settings\Mimi\Application Data\Apple Computer
2004-06-12 04:39 32 ----a-w C:\Program Files\MFCD4WAVE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-13 13:05 1503232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-25 15:05 411648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-25 15:05 145920]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\license road]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"NetSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"AOL ACS"=2 (0x2)
"WZCSVC"=2 (0x2)

S3 MagicBox;Embroidery Conversion Box Plus;C:\WINDOWS\System32\Drivers\MagicBox.sys [2004-04-10 22:55]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 20:46:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 13:38:10
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 13:39:36
ComboFix-quarantined-files.txt 2008-02-18 19:39:32
ComboFix2.txt 2008-02-18 18:40:00
ComboFix3.txt 2008-02-18 16:21:04

HJ LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:02 PM, on 2/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3540 bytes
 
Hi

Looks better :)

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
New Virus Rpt, HJ Log

Thank you.

Virus Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 19, 2008 10:27:07 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 573113
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 55533
Number of viruses found: 18
Number of infected objects: 36
Number of suspicious objects: 2
Duration of the scan process: 00:39:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\447ae606e85b812fde0aba949f7cb887_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96b9eddaaa0a41160eeda005958962c5_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip/asmend.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mimi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\History\History.IE5\MSHist012008021920080220\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Temp\Perflib_Perfdata_17c.dat Object is locked skipped
C:\Documents and Settings\Mimi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mimi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mimi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\72827163-9432-4F15-9F82-2445FF\DF88D244-1B5E-4C79-817B-BEDB7C Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\drivethatdentclock\oncekeep.exe.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\drivethatdentclock\plan regs.exe.vir Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\QooBox\Quarantine\C\Documents and Settings\Matt\Application Data\FREELO~1\wnqastee.exe.vir Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\QooBox\Quarantine\C\Documents and Settings\Mimi\Application Data\FREE LOG\cyvmnjhq.exe.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\QooBox\Quarantine\C\Documents and Settings\Mimi\My Documents\CROSOF~1.NET\fast.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\rybit.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\SpyGuardPro\bm .exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.cv skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\vikoj.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\Program Files\Dot1XCfg\Dot1XCfg .exe.vir Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\QooBox\Quarantine\C\Program Files\EbatesMoeMoneyMaker4\e10350.exe.vir Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\QooBox\Quarantine\C\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.dll.vir Infected: not-a-virus:AdWare.Win32.WebRebates.q skipped
C:\QooBox\Quarantine\C\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker2.dll.vir Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes572.exe.vir Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\QooBox\Quarantine\C\WINDOWS\PPATCH~1\javaw.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bqrukst.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\t8\tycodllz83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\t8\tycodllz83122.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\catchme2008-02-18_ 92132.07.zip/OPRGHDLRR.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-02-18_ 92132.07.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000098.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000099.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000100.exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000101.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000102.dll Infected: not-a-virus:AdWare.Win32.WebRebates.q skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000103.dll Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000107.exe Infected: Trojan-Downloader.Win32.Agent.hql skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000172.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000173.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\change.log Object is locked skipped
C:\WINDOWS\cache329\B_329_0_1_570600.htm Infected: Trojan-Clicker.HTML.IFrame.bk skipped
C:\WINDOWS\cache329\B_329_2_1_570600.htm Infected: Trojan-Clicker.HTML.IFrame.bk skipped
C:\WINDOWS\cache329\B_329_3_1_570600.htm Infected: Trojan-Clicker.HTML.IFrame.bk skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\edcA01\edcA011065.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HJ LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:15 AM, on 2/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Hijack This\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 3546 bytes
 
Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
C:\Program Files\Microsoft AntiSpyware\Quarantine
C:\QooBox\Quarantine

Delete these:

C:\WINDOWS\cache329
C:\WINDOWS\SYSTEM32\edcA01

Empty Recycle Bin.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Thank you

Thanks for all of your help. I am not getting the pop ups and brower redirections. Spyware Doctor still shows WebSearch Toolbar as an elevated risk with 4 registry entries I cannot delete. Spyware Doctor does not fix the problem, even after rebooting into safe mode.

I have turned off system restore and turned it back on. I assume that will get rid of anything in the restore points.

Do I have to live with WebSearch Toolbar?

I've tried everything to get rid of it. I have not run Spybot again since we have been doing all of this. Should I run that in Advanced Mode?
 
Hi

"Spyware Doctor still shows WebSearch Toolbar as an elevated risk with 4 registry entries I cannot delete. Spyware Doctor does not fix the problem, even after rebooting into safe mode."

Please post then spyware doctor report.

"I have turned off system restore and turned it back on. I assume that will get rid of anything in the restore points."

Yes.
 
Spyware Doctor Activity Report

Thank you

Here is the Report:

I've tried everything to get rid of this, but can't. It will not let me delete the registry entry either even though I am logged in as an Administrator. Boot into safe mode and still cannot get rid of it.

*Spyware Doctor Activity Report
Generated on 2/20/2008 8:24:38 AM*
Spyware Doctor Homepage <http://www.pctools.com/spyware-doctor/> PC
Tools Homepage <http://www.pctools.com/> Technical Support
<http://www.pctools.com/support/faq.php?guide=site>

Scans (basic information only):
*Scan Results:*
scan start: 2/20/2008 9:08:16 AM
scan stop: 2/20/2008 9:17:34 AM
scanned items: 72175
found items: 4
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP
Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap
Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner


*Infection Name* *Location* *Risk*
WebSearch Toolbar HKCR\TBPS.PluginCfgObj Elevated
WebSearch Toolbar HKCR\TBPS.PluginCfgObj##(Default) Elevated
WebSearch Toolbar HKCR\TBPS.PluginCfgObj\Clsid Elevated
WebSearch Toolbar HKCR\TBPS.PluginCfgObj\Clsid##(Default) Elevated


Other Sections:

Copyright © 2003-2005. Distributed by PC Tools. Legal Notice
<http://www.pctools.com/legal.php>
 
Hi

  • Download Registrar Lite from here and install it.
  • Start Registrar Lite.
  • Type in to Address field this and click ok: HKEY_CLASSES_ROOT\TBPS.PluginCfgObj
  • Right-click that key and choose Properties. Click "Take ownership".
  • Right-click that key again and choose Delete.
  • If no success, do that also for subkey first:
    HKEY_CLASSES_ROOT\TBPS.PluginCfgObj\Clsid
 
Mission Accomplished!!

Shaba,

Thanks for all of your help. Absolutly genius. Gob Bless You and thanks again.

All Problems Solved!!
 
Hi

Nice to hear that it worked :)

Some registry entries can be sometimes stubborn and may need special treatment like take ownership.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

Please download OTMoveIt2 and save it to desktop.
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top