Solved Registry Editing Has Been Disabled

I'm getting a WinSock error message

When I try to run it (even before transferring it to the flash drive), it says it is not a valid Win32 application.

Claudia

 

I'm not sure what you mean by 'even before transferring it'. Are you saying you tried running it on the working computer and got that message?

 

I first tried running it on the problem computer

and I got that message. So I thought maybe it lost something in the transfer. So, went back to the "good" computer and got the same message. In other words, I get that message on both computers.

 

Click Start>Run and type cmd then hit enter to open a command window. Type the following bolded command and hit enter.

netsh winsock reset

Restart the computer and see if the internet connection works.

 

Back on the Internet, Here are Jotti Scan Results

Thanks

Claudia

Scan taken on 05 Nov 2007 01:07:21 (GMT)
A-Squared Found nothing
AntiVir Found TR/Spy.BZub.B
ArcaVir Found nothing
Avast Found Win32:Jaber-B
AVG Antivirus Found Proxy.VLN
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably a variant of Win32/TrojanProxy.Jaber (probable variant)
Norman Virus Control Found W32/LdPinch.RBK
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found nothing

 

Glad to see it's online again.

Thanks for the scan results. Would you please run Deckard's System Scanner again and post the log?

 

DSS Results

Thanks again!!

Claudia

Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-04 18:31:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:25 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1188531747\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Documents and Settings\Owner\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188531747\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O10 - Unknown file in Winsock LSP: rsvp322.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188936500812
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8703 bytes

-- Files created between 2007-10-04 and 2007-11-04 -----------------------------

2007-11-04 17:48:20 11 --a------ C:\WINDOWS\system32\uiqzmtaim.dll
2007-11-04 13:18:46 66 --a------ C:\WINDOWS\system32\sfxzmtwbmail.dll
2007-11-04 13:18:46 66 --a------ C:\WINDOWS\system32\sfxzmtsmt.dll
2007-11-04 13:18:46 66 --a------ C:\WINDOWS\system32\sfxzmtforum.dll
2007-11-04 13:18:46 66 --a------ C:\WINDOWS\system32\pfxzmtymsg.dll
2007-11-04 13:18:46 66 --a------ C:\WINDOWS\system32\pfxzmtsmtspm.dll
2007-11-04 13:18:45 66 --a------ C:\WINDOWS\system32\pfxzmticq.dll
2007-11-04 13:18:45 66 --a------ C:\WINDOWS\system32\pfxzmtgtal.dll
2007-11-04 13:18:45 66 --a------ C:\WINDOWS\system32\pfxzmtaim.dll
2007-11-04 13:18:08 118784 --a------ C:\WINDOWS\system32\rsvp322.dll
2007-11-03 20:44:03 0 d-------- C:\Program Files\Trend Micro
2007-11-03 18:00:32 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:42:31 8704 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-03 15:42:30 59904 --a------ C:\WINDOWS\kmexuknc.exe
2007-11-01 20:13:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2007-11-01 19:53:35 92928 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-11-01 13:52:07 0 d-------- C:\WINDOWS\ERUNT
2007-11-01 13:26:47 0 d-------- C:\Program Files\SDFix
2007-11-01 12:09:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-01 12:05:53 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-01 12:05:53 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-15 22:31:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-10-13 15:58:25 0 d-------- C:\CGH
2007-10-13 15:52:49 0 d-------- C:\Just Cream
2007-10-09 13:15:55 0 d-------- C:\Documents and Settings\Owner\WINDOWS
2007-10-09 13:12:43 56 -r-hs---- C:\WINDOWS\system32\F0DF34988D.sys
2007-10-09 13:12:42 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


-- Find3M Report ---------------------------------------------------------------

2007-11-04 13:21:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-03 18:00:50 3492 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-09 13:12:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Corel
2007-09-22 09:38:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-09-16 21:13:02 1005176 --a------ C:\Program Files\SmitfraudFix.exe
2007-09-12 09:19:34 0 d-------- C:\Program Files\Lavasoft
2007-09-12 09:18:57 0 d-a------ C:\Program Files\Common Files
2007-09-12 09:18:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 21:29:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-09-11 11:07:31 0 d-------- C:\Program Files\Norton Internet Security
2007-09-11 11:07:15 0 d-------- C:\Program Files\Symantec
2007-09-05 23:22:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-04 12:02:50 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-04 12:02:49 0 d-------- C:\Program Files\Real
2007-09-04 12:02:43 0 d-------- C:\Program Files\Common Files\Real
2007-08-30 21:46:33 117103 --a------ C:\WINDOWS\hpoins11.dat
2007-08-30 19:40:51 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-09 10:14:07 61678 --a------ C:\Documents and Settings\Owner\Application Data\PFP120JPR.{PB
2007-08-09 10:14:07 12358 --a------ C:\Documents and Settings\Owner\Application Data\PFP120JCM.{PB


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/2004 05:03 AM]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/16/2004 05:03 AM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [02/10/2004 10:55 AM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [02/10/2004 10:51 AM]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 12:50 AM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 01:41 AM]
"HostManager "= "C:\Program Files\Common Files\AOL\1188531747\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/2007 12:02 PM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"osCheck "= "C:\Program Files\Norton Internet Security\osCheck.exe" [01/13/2007 11:11 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"AAWTray "= "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 12:06 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 09:37 AM]
"AOL Fast Start "= "C:\Program Files\AOL 9.0\AOL.exe" [04/17/2007 10:49 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 3:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 6:56:20 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-11-04 18:34:09 ------------

 

Download LSPFix.exe from here and save it to your desktop.

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\uiqzmtaim.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\kmexuknc.exe
C:\WINDOWS\system32\F0DF34988D.sys

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Should you lose your internet connection, run LSPFix. If the file C:\WINDOWS\system32\rsvp322.dll is listed in the keep side, select each instance of it and click the arrow to move it to the Remove side. Check the box labled 'I know what I am doing' then click Finish. Reboot

 

ComboFix does not run

when I drag the CFScript.txt file onto it. I get the box with "run" listed as an option. I click on run, then the blue box appears and says "pause." Then it switches to an empty blue box and nothing happens.

 

Try running ComboFix in safe mode.

 

Here are the latest ComboFix Results

Thanks!

Claudia

ComboFix 07-11-05.1 - Owner 2007-11-05 10:39:33.4 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.356 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript_used_2007-11-04@22.07_used_2007-11-04@22.32.txt

FILE::
C:\WINDOWS\kmexuknc.exe
C:\WINDOWS\system32\F0DF34988D.sys
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\sfxzmtforum.dll
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtwbmail.dll
C:\WINDOWS\system32\uiqzmtaim.dll
.

((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-03 21:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 20:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-03 18:00 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-03 15:42 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-11-01 19:53 92,928 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-11-01 19:28 <DIR> d-------- C:\Deckard
2007-11-01 13:52 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-01 13:26 <DIR> d-------- C:\Program Files\SDFix
2007-11-01 12:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-01 12:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-01 12:05 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-15 22:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-10-13 15:52 <DIR> d-------- C:\Just Cream
2007-10-09 13:15 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2007-10-09 13:12 1,682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-07 09:02 10,920 --a------ C:\aolconnfix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 06:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-05 06:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2007-11-04 02:00 3,492 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-09 21:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2007-09-17 05:13 1,005,176 ----a-w C:\Program Files\SmitfraudFix.exe
2007-09-12 17:19 --------- d-----w C:\Program Files\Lavasoft
2007-09-12 17:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-09-12 17:18 19,142,000 ----a-w C:\Program Files\aaw2007.exe
2007-09-12 17:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 05:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-09-12 05:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-09-11 19:07 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-11 19:07 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-11 19:07 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-11 19:07 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-11 19:07 --------- d-----w C:\Program Files\Symantec
2007-09-11 19:07 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-11 18:26 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-09-06 07:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-08-31 06:04 468,230,432 ----a-w C:\Program Files\office_professional_plus_2007_english_x12-38663.EXE
2007-08-31 05:13 312,884,752 ----a-w C:\Program Files\AiO_071_000_201_000_CDA_Default-Full_NonNetwork_AmericasEuro1.exe
2007-08-31 04:12 7,106,392 ----a-w C:\Program Files\ITP32Eng.exe
2007-08-31 04:05 23,402,288 ----a-w C:\Program Files\AdbeRdr810_en_US.exe
2007-07-15 21:16 36,856 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-05-23 18:30 271 --sh--w C:\Program Files\desktop.ini
2007-05-23 18:30 21,952 ---ha-w C:\Program Files\folder.htt
2006-10-28 04:19 2,480 ----a-w C:\Program Files\README.HTM
2006-02-19 10:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-03_21.35.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-02 22:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 00:50]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"HostManager "= "C:\Program Files\Common Files\AOL\1188531747\ee\AOLSoftware.exe" [2006-09-25 16:52]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-04 12:02]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck "= "C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"AAWTray "= "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37]
"AOL Fast Start "= "C:\Program Files\AOL 9.0\AOL.exe" [2007-04-17 22:49]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-04 14:37:40 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job "
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 10:40:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 10:41:10
C:\ComboFix2.txt ... 2007-11-04 22:35
C:\ComboFix3.txt ... 2007-11-04 22:14
.
--- E O F ---

 

Looks good ...... how are things working now?

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log.

 

Results of Kapersky and HJT

Things seem to be going well. No more pop-ups. Thanks for ALL your help!!

Claudia

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 06, 2007 4:43:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/11/2007
Kaspersky Anti-Virus database records: 452530
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 46204
Number of viruses found: 11
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 03:21:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\idb\sfbluesinger\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\idb\sfbluesinger\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\organize\CACHE\sfbluesing00 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\organize\sfbluesinger Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\organize\sfbluesinger.abi Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL\C_AOL 9.0\organize\sfbluesinger.aby Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2007-11-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\53759EC9.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\E1186A28.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AOL\C_AOL 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007110620071107\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF10BE.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\SDFix\backups\HOSTS Infected: Trojan.Win32.Qhost.my skipped
C:\Program Files\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rsvp322.dll.vir Infected: Trojan-Proxy.Win32.Jaber.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rsvp322.dllrty.vir Infected: Trojan-Proxy.Win32.Jaber.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rsvp322.dllyrt.vir Infected: Trojan-Proxy.Win32.Jaber.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP103\A0018403.exe Infected: Trojan-Dropper.Win32.Agent.ckp skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP103\A0018407.exe Infected: Trojan.Win32.Qhost.ts skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP103\A0019621.exe Infected: Trojan-Dropper.Win32.Agent.ckp skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP103\A0019624.exe Infected: Trojan.Win32.Qhost.ts skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP105\A0024658.dll Infected: Backdoor.Win32.Small.cls skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026717.dll Infected: Trojan-Proxy.Win32.Jaber.a skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026744.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026744.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026744.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026756.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026774.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026790.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP106\A0026806.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP108\A0027012.dll Infected: Trojan-Proxy.Win32.Jaber.a skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP110\change.log Object is locked skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP65\A0011593.exe Infected: Trojan-PSW.Win32.OnLineGames.cev skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP65\A0011594.exe Infected: Trojan-PSW.Win32.OnLineGames.dfu skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP65\A0011595.exe Infected: Trojan-PSW.Win32.OnLineGames.cev skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP65\A0011596.exe Infected: Trojan-PSW.Win32.OnLineGames.dbb skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP68\A0011708.exe Infected: Trojan-PSW.Win32.OnLineGames.diz skipped
C:\System Volume Information\_restore{756A6C49-0631-4F2A-898F-2A465CEAC5AA}\RP68\A0011709.exe Infected: Trojan-PSW.Win32.WOW.wz skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:18 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1188531747\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188531747\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1188936500812
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7962 bytes

 

Looks Great! Well done Claudia!!

Delete the following.

C:\Program Files\SDFix << folder
C:\Program Files\SmitfraudFix.exe

Click Start>Run and type ComboFix /u then hit enter to uninstall ComboFix and remove the files/folders it created and quarantined.

You can also delete dss.exe, LSPFix, WinsockFix_XP. Then empty the recycle bin.

ATF Cleaner is a keeper and can be run at any time to cleanup temporary files.


If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!