winlogon.exe and others (2posts but all 1 problem

Hello :)

That is the quarantine log.

I would like to see the C:\ComboFix.txt log, please post that to here :bigthumb:
 
oops :S - here is the right log :)

"Ben" - 2007-07-09 23:06:00 - ComboFix 07-07-10.1 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\winpop
C:\WINDOWS\system32\drivers\sfsync02.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-09 23:18 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-07-09 23:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 22:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-08 15:25 <DIR> d-------- C:\silentrunners
2007-07-07 17:34 <DIR> d-------- C:\DOCUME~1\Ben\APPLIC~1\Ventrilo
2007-07-07 16:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-05 17:18 1,308,216 --a------ C:\Program Files\scanner.exe
2007-07-02 10:51 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\RegistrySmart
2007-07-01 19:34 <DIR> d-------- C:\WINDOWS\system32\New Folder
2007-07-01 19:06 <DIR> d-------- C:\DOCUME~1\Andrea\Contacts
2007-07-01 18:56 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\RegistrySmart
2007-07-01 14:40 <DIR> d-------- C:\DOCUME~1\Ben\APPLIC~1\RegistrySmart
2007-07-01 14:01 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-30 15:14 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\Media Player Classic
2007-06-30 15:13 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\DivX
2007-06-29 17:21 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2007-06-29 17:19 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\HP
2007-06-29 17:18 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\Teleca
2007-06-29 17:17 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\Sony Ericsson
2007-06-29 17:16 <DIR> d-------- C:\DOCUME~1\Andrea\APPLIC~1\PGP Corporation
2007-06-29 17:11 <DIR> d-------- C:\Program Files\GameSpy
2007-06-29 17:05 <DIR> d-------- C:\Program Files\Electronic Arts
2007-06-28 13:45 <DIR> d-------- C:\Program Files\Prey
2007-06-27 17:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-27 12:53 52,736 --a------ C:\WINDOWS\ipuninst.exe
2007-06-27 12:52 <DIR> d-------- C:\Program Files\BlackIsle
2007-06-26 14:36 <DIR> d-------- C:\Program Files\Save
2007-06-26 14:35 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-26 14:35 <DIR> d-------- C:\Program Files\Common Files\WhenU
2007-06-26 14:16 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-26 13:47 <DIR> d-------- C:\Program Files\THQ
2007-06-26 13:20 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-26 13:20 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-26 13:20 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-06-26 13:20 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-06-26 13:20 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-26 13:20 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-26 13:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-26 13:20 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-25 13:11 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-06-25 12:49 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-06-25 12:48 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-06-24 17:29 <DIR> d-------- C:\DOCUME~1\Ben\APPLIC~1\InstallShield
2007-06-24 17:07 <DIR> d-------- C:\DOCUME~1\Ben\APPLIC~1\GetRightToGo
2007-06-18 23:26 <DIR> d-------- C:\DOCUME~1\Ben\APPLIC~1\Apple Computer
2007-06-15 23:41 <DIR> d-------- C:\DOCUME~1\Sam\APPLIC~1\Media Player Classic
2007-06-15 23:40 <DIR> d-------- C:\DOCUME~1\Sam\APPLIC~1\DivX
2007-06-15 17:22 <DIR> d--hs---- C:\WINDOWS\system32\aghlaqt
2007-06-15 16:56 <DIR> d-------- C:\Program Files\Symbian


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 12:50:26 -------- d-----w C:\Program Files\Napster
2007-07-09 12:10:04 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\OpenOffice.org2
2007-07-07 16:06:02 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-05 08:18:22 -------- d-----w C:\Program Files\Symantec
2007-07-05 08:18:21 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-01 13:47:32 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-06-30 08:10:07 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\uTorrent
2007-06-28 21:08:57 -------- d-----w C:\Program Files\Ubisoft
2007-06-28 19:19:41 -------- d-----w C:\Program Files\World of Warcraft
2007-06-25 12:10:51 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-25 11:48:40 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-19 19:16:02 -------- d-----w C:\Program Files\Lx_cats
2007-06-16 16:19:51 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\Roxio
2007-06-15 22:57:42 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-06-15 15:59:48 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\Teleca
2007-06-15 15:56:33 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-06-15 15:56:28 -------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-06-01 17:14:21 -------- d-----w C:\Program Files\Microids
2007-06-01 07:48:49 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\Skype
2007-05-31 09:06:49 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\Lionhead Studios
2007-05-23 00:21:09 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\AdobeUM
2007-05-21 16:24:39 -------- d-----w C:\Program Files\Tencent
2007-05-21 11:51:34 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-20 16:44:08 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\Creative
2007-05-18 16:42:25 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\Turbine
2007-05-16 17:38:21 -------- d-----w C:\DOCUME~1\Ben\APPLIC~1\teamspeak2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 18:06:58 71,208 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-05-13 09:58:32 -------- d-----w C:\Program Files\Kontiki
2007-05-13 09:58:28 -------- d-----w C:\Program Files\KService
2007-05-12 21:14:44 -------- d-----w C:\Program Files\Channel4
2007-05-11 16:16:18 -------- d-----w C:\Program Files\rip.NET
2007-05-10 17:08:11 -------- d-----w C:\Program Files\avi.NET
2007-05-10 15:36:40 -------- d-----w C:\Program Files\cladDVD .NET 3.5.6
2007-05-09 07:40:33 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 12:47:39 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-14 14:57:06 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
2007-04-14 14:57:06 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
2007-04-14 14:57:06 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
2007-04-14 14:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
2007-04-14 14:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
2007-04-14 14:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
2007-04-14 14:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
2007-04-14 14:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
2007-04-14 14:57:04 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-09-29 13:53 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2005-05-26 12:39 181352 --------- C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
2005-01-24 10:55 115832 --------- C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-11-19 15:32 501384 --a------ C:\Program Files\Java\jre1.6.0\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-07-07 12:29 324416 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2006-04-14 12:20 94384 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
2007-05-23 12:13 140912 --a------ C:\Program Files\Yahoo!\NAV\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D81AB57B-7327-4347-B7C7-9EF7CA87CE09}]
2001-12-19 13:06 49152 --a------ C:\WINDOWS\system32\SlimBho2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
2005-02-03 18:07 124032 --a------ C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 12:06]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-12-10 17:30]
"nwiz"="nwiz.exe" [2006-11-17 18:29 C:\WINDOWS\system32\nwiz.exe]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2005-04-14 10:32 C:\WINDOWS\system32\WF2KCPL.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-11-19 15:32]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-08-31 17:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-28 20:18]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-06-29 14:17]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [2005-10-16 02:15]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 11:51]
"BTVision Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2006-07-30 10:25]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-29 15:51]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 03:43]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-09 14:49]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"CahootWebcard"="C:\Program Files\cahoot webcard\CahootWebcard.exe" [2001-12-19 13:06]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" [2006-05-24 14:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-20 22:23]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32]
"mRouterConfig"="c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe" [2006-03-02 11:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli PGPpwflt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

*Newly Created Service* - WINFOXIO

Contents of the 'Scheduled Tasks' folder
2007-07-08 15:40:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-10 06:28:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-07-06 19:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Michael.job
2007-07-10 06:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Michael.job
2007-07-10 02:30:00 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 08:12:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 8:16:22
C:\ComboFix-quarantined-files.txt ... 2007-07-10 08:16

--- E O F ---
 
Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Open AVG Anti-Spyware:
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

==================

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\sfsync02.dll

Go to the My Computer and delete the following folders (if present):
C:\WINDOWS\system32\aghlaqt

Run ATF Cleaner
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Restart the computer to the normal mode.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
 
HJT log: Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:19:05, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\cahoot webcard\CahootWebcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ben\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - SlimBho2.dll' - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Orbiscom - {D81AB57B-7327-4347-B7C7-9EF7CA87CE09} - C:\WINDOWS\system32\SlimBho2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [BTVision Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:BTVision
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [CahootWebcard] C:\Program Files\cahoot webcard\CahootWebcard.exe /dontopenmycards
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [mRouterConfig] "c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter® 2 Demo.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter 2 Demo\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: PGPtray.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4A8E7724-D54D-47DA-A906-E4B2BF3BBA93} (BTVision Class) - http://www.downloadstore.bt.com/BTVision_3_4_0_10.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128082573562
O16 - DPF: {8A443B21-E4F3-4856-A30A-4A80F2AA9D80} (DTPickerWrap.DTPickWrap) - http://216.199.17.186/DTPickerWrap.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.downloadstore.bt.com/Entriq_3_4_0_10_Silent.cab
O16 - DPF: {D75CC892-8952-4F6A-B082-FF1103E0D5A7} (WRControlLite.WaveletReader) - http://216.199.17.186/WRControlLite.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ukfreetrial.webex.com/client/T23L/webex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: PGPmapih.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 17372 bytes
 
the AVG report was empty......I go into AVG Anti-spyware, click on the Reports tab and there is just an empty report.
 
Ok good :)

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - SlimBho2.dll' - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.
 
Ok...i don't think i am able to post this, the results are 32872 characters, mostly due to the fact that my farther has a large amount of protected files on this PC due to his work. Is there anything that you are looking for, so that maybe i can look for it myself and post it ?

I will post this:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 12, 2007 12:11:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 361423
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
Z:\

Scan Statistics:
Total number of scanned objects: 327693
Number of viruses found: 11
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:08:30


I will post these results, as the other files i recognise to be my farthers work:
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Motive\btbb\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\WINDOWS\Motive\btbb\UninstallHelper.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\WINDOWS\Motive\btbb\UninstallHelper.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_198.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hello :)

The infections were inside Norton's quarantine so nothing to worry about.

How is the computer running now? Any issues? :bigthumb:
 
Seems to be running fine, thanks so much for the help Jake ! You really helped me out, so thanks alot, i really had no clue what to do :) Any ideas how i got the problem by the way ?
 
You're very welcome :)

We'll there are many ways to get infected. Prehaps you downloaded something bad or weren't up-to-date. Below are some hints to prevent re-infection.

Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used.

Then you should update your Java to the latest version (6u2)
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Java,
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Stay clean and be safe ;)
 
Yep I know ;)

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:
 
You must log in or register to reply here.
Back
Top