Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Computer virus, cant remove

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 6th March 2008   #1
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
Computer virus, cant remove
I am trying to help my sister who seems to have gotten some kind of Virus on her computer, i have done many scans with many different programs but none of them seem to work. i am busy trying to find out the name of the virus on her computer but im not sure yet.

so far what ive found is it attaches itself to other programs, but i could be wrong. i tried going in and manually removing the files that were infected but what i removed did not fix it *removed sound driver before i noticed the virus was just attached to it*

I have run out of idea on what to try and do so i decided to come here for some help. i hope i did this right.

the following is the log of it. once i find the name of the virus, or suspected name. i will post that as well

Logfile of HijackThis v1.99.1
Scan saved at 7:02:59 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkll.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [BM47d97be7] Rundll32.exe "C:\WINDOWS\system32\emypltqo.dll",s
O4 - HKLM\..\Run: [44ea487b] rundll32.exe "C:\WINDOWS\system32\wnqcsnhq.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tiffany\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks for any help i can get, i have been working on this for a couple weeks now.
AdmSirRed is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 6th March 2008   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS AdmSirRed

Download ComboFix by sUBs from here, saving the file to your desktop.

It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.
noahdfear is offline   Reply With Quote
Old 6th March 2008   #3
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
Ok i have done that and ran it an everything, it seems to have gone smoothly, how do i know it worked and things? do i have to post any kind of a log here again??

i have gone over a few things a small test. things seem to be working ok, but i still don't got a sound driver on it. and i was wondering if i could get help on that? or should i start a new thread for it.
Last edited by AdmSirRed; 6th March 2008 at 06:26.
AdmSirRed is offline   Reply With Quote
Old 6th March 2008   #4
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Quote:
Originally Posted by noahdfear View Post
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Please post the C:\combofix.txt log and a new HijackThis log.
noahdfear is offline   Reply With Quote
Old 6th March 2008   #5
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
Hijack list

Logfile of HijackThis v1.99.1
Scan saved at 10:49:59 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tiffany\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Combo Fix

ComboFix 08-03-05.1 - Tiffany 2008-03-05 22:03:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT -7:00]
Running from: C:\Documents and Settings\Tiffany\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\WINDOWS\BM47d97be7.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apsvdkgr.ini
C:\WINDOWS\system32\axnupgni.dll
C:\WINDOWS\system32\bafgxifp.dll
C:\WINDOWS\system32\baithkbq.ini
C:\WINDOWS\system32\bisewcsl.dll
C:\WINDOWS\system32\blppvcbp.dll
C:\WINDOWS\system32\cjyuwsbm.dll
C:\WINDOWS\system32\cqaycvap.ini
C:\WINDOWS\system32\crqprgma.dll
C:\WINDOWS\system32\csvaynqd.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cuxfuefl.dll
C:\WINDOWS\system32\cxqibalj.dll
C:\WINDOWS\system32\dafxnnep.ini
C:\WINDOWS\system32\deggmamx.dll
C:\WINDOWS\system32\dfojdrtj.ini
C:\WINDOWS\system32\dleqshsw.dll
C:\WINDOWS\system32\dqmtxlrf.ini
C:\WINDOWS\system32\dvdsvrjl.dll
C:\WINDOWS\system32\eifkeutp.ini
C:\WINDOWS\system32\emapgemb.dll
C:\WINDOWS\system32\emypltqo.dll
C:\WINDOWS\system32\eodlvtau.ini
C:\WINDOWS\system32\euttocvw.ini
C:\WINDOWS\system32\fauibccb.dll
C:\WINDOWS\system32\fijcrkue.ini
C:\WINDOWS\system32\fuiihsfc.dll
C:\WINDOWS\system32\ggsarcwe.dll
C:\WINDOWS\system32\gkgdjgyy.dll
C:\WINDOWS\system32\gonmfcgc.ini
C:\WINDOWS\system32\hhvxkqgw.dll
C:\WINDOWS\system32\hmrklfxk.dll
C:\WINDOWS\system32\hpudytvm.dll
C:\WINDOWS\system32\hvnbskxa.dll
C:\WINDOWS\system32\ieoyxsil.dll
C:\WINDOWS\system32\ikbqmeys.ini
C:\WINDOWS\system32\ilwbgdse.ini
C:\WINDOWS\system32\jhepvuyo.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.exe
C:\WINDOWS\system32\jmhkhnlf.dll
C:\WINDOWS\system32\jonukeya.dll
C:\WINDOWS\system32\jsuahlyk.dll
C:\WINDOWS\system32\kecimknb.dll
C:\WINDOWS\system32\khgwamiy.dll
C:\WINDOWS\system32\khijyyjj.ini
C:\WINDOWS\system32\kraflvgv.ini
C:\WINDOWS\system32\kryddpia.dll
C:\WINDOWS\system32\ktkhxxjs.dll
C:\WINDOWS\system32\kxflkrmh.ini
C:\WINDOWS\system32\ljjigec.dll
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\lrmgvqmk.ini
C:\WINDOWS\system32\mrqknwmn.dll
C:\WINDOWS\system32\mvtyduph.ini
C:\WINDOWS\system32\ngilfiod.dll
C:\WINDOWS\system32\nlvulqby.ini
C:\WINDOWS\system32\nmwnkqrm.ini
C:\WINDOWS\system32\nnpjbbtb.dll
C:\WINDOWS\system32\ntkdoxcj.dll
C:\WINDOWS\system32\ojwdcbdl.ini
C:\WINDOWS\system32\oppvxone.dll
C:\WINDOWS\system32\osslkums.dll
C:\WINDOWS\system32\oyoxgeti.ini
C:\WINDOWS\system32\pfixgfab.ini
C:\WINDOWS\system32\piuiekpv.dll
C:\WINDOWS\system32\pjyldqst.dll
C:\WINDOWS\system32\pooqeaie.ini
C:\WINDOWS\system32\qbkhtiab.dll
C:\WINDOWS\system32\qhnscqnw.ini
C:\WINDOWS\system32\qhsslhpf.ini
C:\WINDOWS\system32\qukmmcuv.ini
C:\WINDOWS\system32\qvjdikpq.dll
C:\WINDOWS\system32\qwujvfim.ini
C:\WINDOWS\system32\rbxmobno.ini
C:\WINDOWS\system32\rlroreoq.ini
C:\WINDOWS\system32\rrmjgxoi.dll
C:\WINDOWS\system32\sioyhrwf.ini
C:\WINDOWS\system32\smuklsso.ini
C:\WINDOWS\system32\tayrexfm.dll
C:\WINDOWS\system32\tdincvpv.dll
C:\WINDOWS\system32\tgahfnlq.dll
C:\WINDOWS\system32\tsqdlyjp.ini
C:\WINDOWS\system32\uhjufeke.dll
C:\WINDOWS\system32\wgqkxvhh.ini
C:\WINDOWS\system32\wkdqaerp.ini
C:\WINDOWS\system32\wnqcsnhq.dll
C:\WINDOWS\system32\wxgkghgo.dll
C:\WINDOWS\system32\wxwiyblv.dll
C:\WINDOWS\system32\xlekhrxa.dll
C:\WINDOWS\system32\xsockrkv.dll
C:\WINDOWS\system32\yasekxwx.dll
C:\WINDOWS\system32\ybfkndsp.ini
C:\WINDOWS\system32\yimawghk.ini
C:\WINDOWS\system32\ysmxjmkg.ini
C:\WINDOWS\system32\ytpigqbm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTNDIS
-------\ntndis


((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-02-09 10:13 . 2008-02-09 10:13 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-09 09:35 . 2008-02-13 19:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-02-09 09:35 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2008-02-09 09:35 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-02-09 09:35 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-02-09 09:34 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-02-09 09:34 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-02-09 09:34 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-02-09 09:34 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-02-09 09:34 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-02-09 08:56 . 2008-02-09 08:56 <DIR> d-------- C:\Program Files\VIAudioi
2008-02-09 08:56 . 2005-01-05 15:21 36,864 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2008-02-09 08:52 . 2004-11-01 15:19 163,712 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-09 08:38 . 2008-02-09 08:38 <DIR> d-------- C:\swsetup
2008-02-09 08:06 . 2008-02-09 08:49 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-09 08:02 . 2008-02-09 08:48 <DIR> d-------- C:\Analogue devices
2008-02-07 20:26 . 2008-02-07 20:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-07 20:25 . 2008-02-07 21:56 <DIR> d-------- C:\Documents and Settings\Tiffany\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 02:04 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AVG7
2008-02-28 23:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2008-02-28 23:10 --------- d-----w C:\Program Files\Windows Live
2008-02-28 23:05 --------- d-----w C:\Program Files\StarForge
2008-02-28 23:05 --------- d-----w C:\Program Files\Starcraft
2008-02-28 23:04 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-02-28 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 23:00 --------- d-----w C:\Program Files\MySpace
2008-02-28 22:59 --------- d-----w C:\Program Files\Microsoft Games
2008-02-28 22:58 --------- d-----w C:\Program Files\Guild Wars
2008-02-28 22:58 --------- d-----w C:\Program Files\Google
2008-02-28 22:55 --------- d-----w C:\Program Files\DJ Music Mixer
2008-02-28 21:43 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Hellrazer\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Chris\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-02-22 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-19 05:48 --------- d-----w C:\Program Files\Diablo II2
2008-01-30 06:30 --------- d-----w C:\Program Files\QuickTime
2008-01-30 06:30 --------- d-----w C:\Program Files\Incomplete
2008-01-29 23:25 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\Grisoft
2008-01-29 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-29 02:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-29 02:07 --------- d-----w C:\Program Files\Lavasoft
2008-01-29 02:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 22:49 40,183 --sh--w C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-12-15 04:35 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2006-01-23 21:35 64 ----a-w C:\Program Files\BF-X5.ini
2005-04-29 04:42 77 ----a-w C:\Program Files\Desktop.ini
2004-12-27 08:13 8,007,680 ----a-w C:\Program Files\Microsoft.mshtml.dll
2004-12-27 08:13 5,694 ----a-w C:\Program Files\ico 5.ico
2004-12-27 08:13 45,056 ----a-w C:\Program Files\AxInterop.SHDocVw.dll
2004-12-27 08:13 122,880 ----a-w C:\Program Files\Interop.SHDocVw.dll
2004-12-27 08:13 1,406 ----a-w C:\Program Files\donate.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\up.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\down.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chaton.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chatoff.ico
2004-11-27 05:08 139,264 ----a-w C:\Program Files\BF-X5.exe
.
Code:
<pre>
----a-w           125,528 2008-01-29 22:23:34  C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager .exe
----a-w           125,528 2008-01-29 22:24:06  C:\Program Files\Common Files\AOL\1166158722\EE\AOLHOS~1 .EXE
----a-w            79,448 2008-01-29 22:23:38  C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
----a-w           185,896 2008-01-29 22:23:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            30,208 2008-01-29 22:23:30  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w            49,152 2008-01-29 22:23:31  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w           421,888 2008-01-29 22:23:28  C:\Program Files\Grisoft\AVG Free\avgcc .exe
----a-w           353,280 2008-01-29 22:23:31  C:\Program Files\Grisoft\AVG Free\avgemc .exe
----a-w           132,496 2008-01-29 22:23:34  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w         4,670,968 2008-01-21 17:50:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w           968,696 2008-01-29 22:23:45  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w            15,360 2008-02-14 03:04:37  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [ ]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1166158722\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=

S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 12:47]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\Tiffany\LOCALS~1\Temp\iMSPCLOj.sys []
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 02:59]
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 02:59]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{220abe93-bc52-11db-b13a-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{c60997ee-ddb5-11da-9bba-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 16:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 16:00:01 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 22:13:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
.
**************************************************************************
.
Completion time: 2008-03-05 22:15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 05:15:54
.
2008-02-28 23:20:18 --- E O F ---


ok those are the two.
AdmSirRed is offline   Reply With Quote
Old 7th March 2008   #6
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Check the Add?remove programs list for and remove RegistryPowerCleaner by Winferno if listed.
Make sure the C:\Program Files\Winferno folder gets deleted afterwards.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:
File::
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\Tasks\rpc.job
RenV::
C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager .exe
C:\Program Files\Common Files\AOL\1166158722\EE\AOLHOS~1 .EXE
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
C:\Program Files\Grisoft\AVG Free\avgcc .exe
C:\Program Files\Grisoft\AVG Free\avgemc .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\system32\ctfmon .exe
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
noahdfear is offline   Reply With Quote
Old 7th March 2008   #7
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
ComboFix 08-03-05.1 - Tiffany 2008-03-07 15:35:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT -7:00]
Running from: C:\Documents and Settings\Tiffany\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tiffany\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\Tasks\rpc.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\Tasks\rpc.job

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-02-09 10:13 . 2008-02-09 10:13 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-09 09:35 . 2008-02-13 19:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-02-09 09:35 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2008-02-09 09:35 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-02-09 09:35 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-02-09 09:34 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-02-09 09:34 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-02-09 09:34 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-02-09 09:34 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-02-09 09:34 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-02-09 08:56 . 2008-02-09 08:56 <DIR> d-------- C:\Program Files\VIAudioi
2008-02-09 08:56 . 2005-01-05 15:21 36,864 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2008-02-09 08:52 . 2004-11-01 15:19 163,712 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-09 08:38 . 2008-02-09 08:38 <DIR> d-------- C:\swsetup
2008-02-09 08:06 . 2008-02-09 08:49 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-09 08:02 . 2008-02-09 08:48 <DIR> d-------- C:\Analogue devices
2008-02-07 20:26 . 2008-02-07 20:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-07 20:25 . 2008-02-07 21:56 <DIR> d-------- C:\Documents and Settings\Tiffany\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 23:36 --------- d-----w C:\Program Files\Diablo II2
2008-03-06 02:04 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AVG7
2008-02-28 23:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2008-02-28 23:10 --------- d-----w C:\Program Files\Windows Live
2008-02-28 23:05 --------- d-----w C:\Program Files\StarForge
2008-02-28 23:05 --------- d-----w C:\Program Files\Starcraft
2008-02-28 23:04 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-02-28 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 23:00 --------- d-----w C:\Program Files\MySpace
2008-02-28 22:59 --------- d-----w C:\Program Files\Microsoft Games
2008-02-28 22:58 --------- d-----w C:\Program Files\Guild Wars
2008-02-28 22:58 --------- d-----w C:\Program Files\Google
2008-02-28 22:55 --------- d-----w C:\Program Files\DJ Music Mixer
2008-02-28 21:43 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Hellrazer\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Chris\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-01-30 06:30 --------- d-----w C:\Program Files\QuickTime
2008-01-30 06:30 --------- d-----w C:\Program Files\Incomplete
2008-01-29 23:25 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\Grisoft
2008-01-29 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-29 02:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-29 02:07 --------- d-----w C:\Program Files\Lavasoft
2008-01-29 02:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-15 04:35 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2006-01-23 21:35 64 ----a-w C:\Program Files\BF-X5.ini
2005-04-29 04:42 77 ----a-w C:\Program Files\Desktop.ini
2004-12-27 08:13 8,007,680 ----a-w C:\Program Files\Microsoft.mshtml.dll
2004-12-27 08:13 5,694 ----a-w C:\Program Files\ico 5.ico
2004-12-27 08:13 45,056 ----a-w C:\Program Files\AxInterop.SHDocVw.dll
2004-12-27 08:13 122,880 ----a-w C:\Program Files\Interop.SHDocVw.dll
2004-12-27 08:13 1,406 ----a-w C:\Program Files\donate.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\up.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\down.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chaton.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chatoff.ico
2004-11-27 05:08 139,264 ----a-w C:\Program Files\BF-X5.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_22.15.29.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-19 05:46:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
+ 2008-03-06 23:36:18 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-01-21 10:50 4670968]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-29 15:23 421888]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-29 15:23 353280]
"HostManager"="C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe" [2008-01-29 15:23 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2008-01-29 15:23 79448]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1166158722\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=

S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 12:47]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\Tiffany\LOCALS~1\Temp\iMSPCLOj.sys []
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 02:59]
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 02:59]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{220abe93-bc52-11db-b13a-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{c60997ee-ddb5-11da-9bba-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 16:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 15:42:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
.
**************************************************************************
.
Completion time: 2008-03-07 15:45:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 22:45:29
ComboFix2.txt 2008-03-06 05:15:59
.
2008-03-07 21:17:13 --- E O F ---
AdmSirRed is offline   Reply With Quote
Old 8th March 2008   #8
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=-
Driver::
iMSPCLOj
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
noahdfear is offline   Reply With Quote
Old 8th March 2008   #9
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
Logfile of HijackThis v1.99.1
Scan saved at 3:15:43 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tiffany\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



new combo log

ComboFix 08-03-05.1 - Tiffany 2008-03-07 15:35:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT -7:00]
Running from: C:\Documents and Settings\Tiffany\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tiffany\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\Tasks\rpc.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\Tasks\rpc.job

.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-02-09 10:13 . 2008-02-09 10:13 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-09 09:35 . 2008-02-13 19:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-02-09 09:35 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2008-02-09 09:35 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-02-09 09:35 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-02-09 09:34 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-02-09 09:34 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-02-09 09:34 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-02-09 09:34 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-02-09 09:34 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-02-09 08:56 . 2008-02-09 08:56 <DIR> d-------- C:\Program Files\VIAudioi
2008-02-09 08:56 . 2005-01-05 15:21 36,864 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2008-02-09 08:52 . 2004-11-01 15:19 163,712 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-09 08:38 . 2008-02-09 08:38 <DIR> d-------- C:\swsetup
2008-02-09 08:06 . 2008-02-09 08:49 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-09 08:02 . 2008-02-09 08:48 <DIR> d-------- C:\Analogue devices
2008-02-07 20:26 . 2008-02-07 20:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-07 20:25 . 2008-02-07 21:56 <DIR> d-------- C:\Documents and Settings\Tiffany\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 23:36 --------- d-----w C:\Program Files\Diablo II2
2008-03-06 02:04 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AVG7
2008-02-28 23:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2008-02-28 23:10 --------- d-----w C:\Program Files\Windows Live
2008-02-28 23:05 --------- d-----w C:\Program Files\StarForge
2008-02-28 23:05 --------- d-----w C:\Program Files\Starcraft
2008-02-28 23:04 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-02-28 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 23:00 --------- d-----w C:\Program Files\MySpace
2008-02-28 22:59 --------- d-----w C:\Program Files\Microsoft Games
2008-02-28 22:58 --------- d-----w C:\Program Files\Guild Wars
2008-02-28 22:58 --------- d-----w C:\Program Files\Google
2008-02-28 22:55 --------- d-----w C:\Program Files\DJ Music Mixer
2008-02-28 21:43 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Hellrazer\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Chris\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-01-30 06:30 --------- d-----w C:\Program Files\QuickTime
2008-01-30 06:30 --------- d-----w C:\Program Files\Incomplete
2008-01-29 23:25 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\Grisoft
2008-01-29 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-29 02:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-29 02:07 --------- d-----w C:\Program Files\Lavasoft
2008-01-29 02:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-15 04:35 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2006-01-23 21:35 64 ----a-w C:\Program Files\BF-X5.ini
2005-04-29 04:42 77 ----a-w C:\Program Files\Desktop.ini
2004-12-27 08:13 8,007,680 ----a-w C:\Program Files\Microsoft.mshtml.dll
2004-12-27 08:13 5,694 ----a-w C:\Program Files\ico 5.ico
2004-12-27 08:13 45,056 ----a-w C:\Program Files\AxInterop.SHDocVw.dll
2004-12-27 08:13 122,880 ----a-w C:\Program Files\Interop.SHDocVw.dll
2004-12-27 08:13 1,406 ----a-w C:\Program Files\donate.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\up.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\down.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chaton.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chatoff.ico
2004-11-27 05:08 139,264 ----a-w C:\Program Files\BF-X5.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_22.15.29.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-19 05:46:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
+ 2008-03-06 23:36:18 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-01-21 10:50 4670968]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-29 15:23 421888]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-29 15:23 353280]
"HostManager"="C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe" [2008-01-29 15:23 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2008-01-29 15:23 79448]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1166158722\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=

S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 12:47]
S3 iMSPCLOj;iMSPCLOj;C:\DOCUME~1\Tiffany\LOCALS~1\Temp\iMSPCLOj.sys []
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 02:59]
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 02:59]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{220abe93-bc52-11db-b13a-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{c60997ee-ddb5-11da-9bba-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 16:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 15:42:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
.
**************************************************************************
.
Completion time: 2008-03-07 15:45:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 22:45:29
ComboFix2.txt 2008-03-06 05:15:59
.
2008-03-07 21:17:13 --- E O F ---
AdmSirRed is offline   Reply With Quote
Old 8th March 2008   #10
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
im sorry please ignore the first post i thought i already ran it but dident. heres the updated version.

ComboFix 08-03-05.1 - Tiffany 2008-03-08 15:18:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.270 [GMT -7:00]
Running from: C:\Documents and Settings\Tiffany\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tiffany\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-02-09 10:13 . 2008-02-09 10:13 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-02-09 09:35 . 2008-02-13 19:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-02-09 09:35 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2008-02-09 09:35 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-02-09 09:35 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-02-09 09:34 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-02-09 09:34 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-02-09 09:34 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-02-09 09:34 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-02-09 09:34 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-02-09 08:56 . 2008-02-09 08:56 <DIR> d-------- C:\Program Files\VIAudioi
2008-02-09 08:56 . 2005-01-05 15:21 36,864 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2008-02-09 08:52 . 2004-11-01 15:19 163,712 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-09 08:38 . 2008-02-09 08:38 <DIR> d-------- C:\swsetup
2008-02-09 08:06 . 2008-02-09 08:49 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-09 08:02 . 2008-02-09 08:48 <DIR> d-------- C:\Analogue devices

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 15:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 23:36 --------- d-----w C:\Program Files\Diablo II2
2008-03-06 02:04 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AVG7
2008-02-28 23:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2008-02-28 23:10 --------- d-----w C:\Program Files\Windows Live
2008-02-28 23:05 --------- d-----w C:\Program Files\StarForge
2008-02-28 23:05 --------- d-----w C:\Program Files\Starcraft
2008-02-28 23:04 --------- d-----w C:\Program Files\Common Files\NewSoft
2008-02-28 23:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 23:00 --------- d-----w C:\Program Files\MySpace
2008-02-28 22:59 --------- d-----w C:\Program Files\Microsoft Games
2008-02-28 22:58 --------- d-----w C:\Program Files\Guild Wars
2008-02-28 22:58 --------- d-----w C:\Program Files\Google
2008-02-28 22:55 --------- d-----w C:\Program Files\DJ Music Mixer
2008-02-28 21:43 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Hellrazer\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\Chris\Application Data\AOL
2008-02-28 21:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-02-08 03:25 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-30 06:30 --------- d-----w C:\Program Files\QuickTime
2008-01-30 06:30 --------- d-----w C:\Program Files\Incomplete
2008-01-29 23:25 --------- d-----w C:\Documents and Settings\Tiffany\Application Data\Grisoft
2008-01-29 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-29 02:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-01-29 02:07 --------- d-----w C:\Program Files\Lavasoft
2008-01-29 02:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-15 04:35 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2006-01-23 21:35 64 ----a-w C:\Program Files\BF-X5.ini
2005-04-29 04:42 77 ----a-w C:\Program Files\Desktop.ini
2004-12-27 08:13 8,007,680 ----a-w C:\Program Files\Microsoft.mshtml.dll
2004-12-27 08:13 5,694 ----a-w C:\Program Files\ico 5.ico
2004-12-27 08:13 45,056 ----a-w C:\Program Files\AxInterop.SHDocVw.dll
2004-12-27 08:13 122,880 ----a-w C:\Program Files\Interop.SHDocVw.dll
2004-12-27 08:13 1,406 ----a-w C:\Program Files\donate.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\up.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\down.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chaton.ico
2004-12-27 08:13 1,078 ----a-w C:\Program Files\chatoff.ico
2004-11-27 05:08 139,264 ----a-w C:\Program Files\BF-X5.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-05_22.15.29.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-19 05:46:01 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
+ 2008-03-06 23:36:18 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-01-21 10:50 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-29 15:23 421888]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-29 15:23 353280]
"HostManager"="C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe" [2008-01-29 15:23 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2008-01-29 15:23 79448]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1166158722\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=

S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-09-05 12:47]
S3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 02:59]
S3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 02:59]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{220abe93-bc52-11db-b13a-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{c60997ee-ddb5-11da-9bba-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 16:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 15:24:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
.
**************************************************************************
.
Completion time: 2008-03-08 15:27:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 22:27:31
ComboFix2.txt 2008-03-07 22:45:35
ComboFix3.txt 2008-03-06 05:15:59
.
2008-03-08 10:01:38 --- E O F ---

HJT

Logfile of HijackThis v1.99.1
Scan saved at 3:33:21 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\116615~1\EE\AOLServiceHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166158722\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tiffany\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
AdmSirRed is offline   Reply With Quote
Old 9th March 2008   #11
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Looks good. One of the infections you had disabled AVG AntiSpyware from starting with Windows. You can remedy that by Clicking Start>All Programs>AVG AntiSpyware. Once it opens, an icon for it will appear in your Notification area (down by the clock). Right click the icon and select Start with Windows. You can close the AVG AntiSpyware application.

Download ATF Cleaner by Atribune and save it to your Desktop.
  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    • Recycle bin

  • The rest are optional - if you want it to remove everything check "Select All".
  • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
Reboot

Now lets get an online scan to see if we've missed anything. Please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Post the Kaspersky log here please.
noahdfear is offline   Reply With Quote
Old 12th March 2008   #12
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
i clicked the link and followed it to the site howeever i was not prompted to download the active X contrl, and still was not prompted even after clicking the "scan now" button.
AdmSirRed is offline   Reply With Quote
Old 12th March 2008   #13
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Lets run another tool then. Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
noahdfear is offline   Reply With Quote
Old 13th March 2008   #14
Member
 
Profile:
Join Date: Mar 2008
Posts: 46
Computer Experience:
Intermediate
AdmSirRed Reputation Level
Malwarebytes' Anti-Malware 1.08
Database version: 471

Scan type: Full Scan (C:\|)
Objects scanned: 124733
Time elapsed: 44 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41D88CBE-861B-46BD-AFB6-7085CF7E8C4C}\RP583\A0264711.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41D88CBE-861B-46BD-AFB6-7085CF7E8C4C}\RP635\A0274845.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer.001 (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer.002 (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer.005 (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
AdmSirRed is offline   Reply With Quote
Old 13th March 2008   #15
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Now, in your Internet Explorer browser, click Tools>Internet Options on the menu. Select the Security tab. Make sure Internet Zone is selected then click Default Level, then Apply.
Now select the Programs tab and click Reset Web Settings. Your option when prompted for the Homepage to be reset.

OK out, then close all open IE windows.
Re-open IE and try the Kaspersky scan again.
noahdfear is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« [Resolved] I Have the Win32.Agent.gvu Trojan. | when i boot up i,m told windows cannot find scvhost.exe »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
virus that turns off computer eyedea40 Windows XP 4 9th June 2006 20:30
Major trojan downloader problems unyquity Malware and Virus Removal 9 24th May 2005 09:47
I got zipzapped. bostonz Malware and Virus Removal 16 14th May 2005 05:02
error report bobm735 Windows XP 24 23rd October 2004 10:45
SpyWare/slyware/adware & Misc articles Lonny Jones General Security 5 11th June 2004 14:05


All times are GMT +1. The time now is 14:05.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32