avsystemcare and other pop ups problems

[lowfm6510]

This avsystemcare pop up is in my desktop. and i cant stop it. i have the following installed and use them frequently.

ZoneAlarm

AVG anti spyware 7.5

AVG Anti virus free edition

Spybot

Ad-Aware 2007

any help is appreciated. If any logs is needed please instruct me on where to find the files/log.

[lowfm6510]

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 7:14:06 PM 8/13/2007

+ Scan result:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0111251.dll -> Adware.MyWay : Cleaned with backup (quarantined).

C:\Documents and Settings\Low Fai Ming\Local Settings\Temporary Internet Files\Content.IE5\1J3HF9BY\installdrivecleanerstart[1].exe -> Downloader.Small : Cleaned with backup (quarantined).

C:\Documents and Settings\Low Fai Ming\Cookies\low_fai_ming@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Low Fai Ming\Cookies\low_fai_ming@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Low Fai Ming\Cookies\low_fai_ming@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Low Fai Ming\Cookies\low_fai_ming@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

::Report end

[lowfm6510]

--- Report generated: 2007-08-13 18:00 ---

Winsoftware: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

TagASaurus: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

SystemDoctor2006: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

Winsoftware: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

Statcounter: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

Zedo: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

BlueStreak: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

Winsoftware: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

Winsoftware: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

SystemDoctor2006: Tracking cookie (Internet Explorer: Low Fai Ming) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-08-28 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2007-05-23 advcheck.dll (1.5.3.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2007-07-31 Tools.dll (2.1.2.0)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2007-08-08 Includes\Cookies.sbi (*)

2007-07-25 Includes\Dialer.sbi (*)

2007-08-08 Includes\DialerC.sbi (*)

2007-07-11 Includes\Hijackers.sbi (*)

2007-08-08 Includes\HijackersC.sbi (*)

2007-07-25 Includes\Keyloggers.sbi (*)

2007-08-08 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2007-08-01 Includes\Malware.sbi (*)

2007-08-08 Includes\MalwareC.sbi (*)

2007-08-08 Includes\PUPS.sbi (*)

2007-08-08 Includes\PUPSC.sbi (*)

2007-08-08 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-08-08 Includes\SecurityC.sbi (*)

2007-08-01 Includes\Spybots.sbi (*)

2007-08-08 Includes\SpybotsC.sbi (*)

2005-02-17 Includes\Tracks.uti

2007-08-01 Includes\Trojans.sbi (*)

2007-08-08 Includes\TrojansC.sbi (*)

2007-06-06 Plugins\TCPIPAddress.dll

[lowfm6510]

--- Report generated: 2007-08-13 19:24 ---

Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-08-28 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2007-05-23 advcheck.dll (1.5.3.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2007-07-31 Tools.dll (2.1.2.0)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2007-08-08 Includes\Cookies.sbi (*)

2007-07-25 Includes\Dialer.sbi (*)

2007-08-08 Includes\DialerC.sbi (*)

2007-07-11 Includes\Hijackers.sbi (*)

2007-08-08 Includes\HijackersC.sbi (*)

2007-07-25 Includes\Keyloggers.sbi (*)

2007-08-08 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2007-08-01 Includes\Malware.sbi (*)

2007-08-08 Includes\MalwareC.sbi (*)

2007-08-08 Includes\PUPS.sbi (*)

2007-08-08 Includes\PUPSC.sbi (*)

2007-08-08 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-08-08 Includes\SecurityC.sbi (*)

2007-08-01 Includes\Spybots.sbi (*)

2007-08-08 Includes\SpybotsC.sbi (*)

2005-02-17 Includes\Tracks.uti

2007-08-01 Includes\Trojans.sbi (*)

2007-08-08 Includes\TrojansC.sbi (*)

2007-06-06 Plugins\TCPIPAddress.dll

[lowfm6510]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:32:26 PM, on 8/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Low Fai Ming\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/del...ebar.jhtml?p=EF

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell.com/content/default.as...;l=en&s=gen

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\linkprd.exe /res

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {109106E8-DFAA-4F22-9922-FBAF1FC1409C} (Pco3 Window (OCBC) Control) - https://www.iocbc.com/esales/csksls/Panel/Pco3X_OCBC.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9736 bytes

[JeanInMontana]

Hi and welcome to Malwarebytes. Please don't post logs from scanning programs unless asked. Also please do not take action without being instructed. This process only works if the helpers instructions are followed and no outside actions are taken during the cleanup. That being said, please move HJT to a folder C:\ then, run a scan with RogueRemover and post a new HJT log.

[lowfm6510]

im sorry about the posting of other logs and i will stick to your instructions. Regarding the moving of HJT to a folder C:\, i dont get it. Its already installed in my c drive.

[JeanInMontana]

Your log shows it is on the desktop

C:\Documents and Settings\Low Fai Ming\Desktop\HiJackThis.exe You need to move it to any other place on the hard drive. Program files is good.

So after all those scans you are still getting the AVSystem care popups? Try running RogueRemover, you can get a free trial of the Pro version from the link in my signature.

[lowfm6510]

Malwarebytes' RogueRemover

Malwarebytes

[lowfm6510]

oh. so do i still go for the pro version now?

[JeanInMontana]

No there is no difference in scanning....but please no more scans without being instructed. Answer questions please. What symptoms are you still having?

[lowfm6510]

i still have the avsystemcare, driver cleaner pop up and a couple of others. again sorry about all the scans.

[JeanInMontana]

I understand how annoying this is. If all the people I helped were as attentive as you it would be wonderful.

Download and Run ComboFix

* Download this file from below:

Here http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

* Disconnect from the Internet, then disable your anti-virus and any real-time anti-spyware monitors that are running. AVG AdAware and Sbot Search & Destroy.

* Then double click combofix.exe & follow the prompts.

* When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

I'm going to bed soon so don't get impatient on me. My brain will work better in the morning.

[lowfm6510]

ok. thanks for all the help so far. im just glad that theres someone helping me! will do the stuff u said later. cant stay in fron the the pc whole day!

gd night to u!. its 2 in the noon for me here. =)

[lowfm6510]

ComboFix 07-08-14.4 - "Low Fai Ming" 2007-08-14 17:38:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT 8:00]

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\UQWVB3NR\iforex.com

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\UQWVB3NR\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\system32\mjeiar.dat

C:\WINDOWS\system32\mjeiar.exe

C:\WINDOWS\system32\mjeiar_nav.dat

C:\WINDOWS\system32\mjeiar_navps.dat

C:\WINDOWS\system32\nvs2.inf

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 17:37 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-14 12:53 <DIR> d-------- C:\HJT

2007-08-14 12:46 <DIR> d-------- C:\Program Files\RogueRemover FREE

2007-08-12 17:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-12 17:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-08-01 18:09 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-08-01 18:09 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2007-08-01 18:09 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2007-08-01 18:09 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2007-08-01 18:08 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-08-01 18:08 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2007-08-01 18:08 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-08-01 18:08 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-08-01 18:08 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-08-01 18:08 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-08-01 18:08 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-08-01 18:08 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-08-01 18:08 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-08-01 13:28 <DIR> d-------- C:\Program Files\BlackBeanGames

2007-08-01 11:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-01 11:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-07-17 13:23 <DIR> d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\MailFrontier

2007-07-17 00:12 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-07-17 00:09 158,752 --a------ C:\DOCUME~1\LOWFAI~1\APPLIC~1\install_en[1].exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 18:49 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-01 11:34 --------- d-------- C:\Program Files\Lavasoft

2007-08-01 11:34 --------- d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\Lavasoft

2007-07-18 20:03 --------- d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\AdobeUM

2007-07-08 13:06 --------- d-------- C:\Program Files\Sony Ericsson

2007-07-08 13:02 8704 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys

2007-07-03 22:59 --------- d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\AdobeAUM

2007-06-10 10:35 61440 --a------ C:\WINDOWS\system32\nod.dll

2007-05-18 20:44 385024 --a------ C:\WINDOWS\DownUpdater.exe

2007-05-16 23:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 23:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 23:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 23:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 23:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 C:\WINDOWS\stsystra.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]

"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 11:41]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

"Clu

[lowfm6510]

ComboFix 07-08-14.4 - "Low Fai Ming" 2007-08-14 17:38:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT 8:00]

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\UQWVB3NR\iforex.com

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\UQWVB3NR\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\DOCUME~1\LOWFAI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\system32\mjeiar.dat

C:\WINDOWS\system32\mjeiar.exe

C:\WINDOWS\system32\mjeiar_nav.dat

C:\WINDOWS\system32\mjeiar_navps.dat

C:\WINDOWS\system32\nvs2.inf

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 17:37 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-14 12:53 <DIR> d-------- C:\HJT

2007-08-14 12:46 <DIR> d-------- C:\Program Files\RogueRemover FREE

2007-08-12 17:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-12 17:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-08-01 18:09 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-08-01 18:09 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2007-08-01 18:09 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2007-08-01 18:09 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2007-08-01 18:08 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2007-08-01 18:08 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2007-08-01 18:08 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2007-08-01 18:08 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-08-01 18:08 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-08-01 18:08 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-08-01 18:08 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-08-01 18:08 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-08-01 18:08 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-08-01 13:28 <DIR> d-------- C:\Program Files\BlackBeanGames

2007-08-01 11:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-01 11:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-07-17 13:23 <DIR> d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\MailFrontier

2007-07-17 00:12 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-07-17 00:09 158,752 --a------ C:\DOCUME~1\LOWFAI~1\APPLIC~1\install_en[1].exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 18:49 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-01 11:34 --------- d-------- C:\Program Files\Lavasoft

2007-08-01 11:34 --------- d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\Lavasoft

2007-07-18 20:03 --------- d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\AdobeUM

2007-07-08 13:06 --------- d-------- C:\Program Files\Sony Ericsson

2007-07-08 13:02 8704 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys

2007-07-03 22:59 --------- d-------- C:\DOCUME~1\LOWFAI~1\APPLIC~1\AdobeAUM

2007-06-10 10:35 61440 --a------ C:\WINDOWS\system32\nod.dll

2007-05-18 20:44 385024 --a------ C:\WINDOWS\DownUpdater.exe

2007-05-16 23:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 23:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 23:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 23:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 23:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 23:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 C:\WINDOWS\stsystra.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]

"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 11:41]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

"ClubBox"="" []

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2006-03-04 16:55]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys

R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\LOWFAI~1\LOCALS~1\Temp\bDMusicb.sys

S3 LwUsbHid;Logitech WingMan Formula Force USB;C:\WINDOWS\system32\DRIVERS\LwUsbHid.sys

S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

Contents of the 'Scheduled Tasks' folder

2007-08-14 02:07:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-14 17:41:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-14 17:42:19

C:\ComboFix-quarantined-files.txt ... 2007-08-14 17:42

--- E O F ---

________________________________________________________________________________

____

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:47:35 PM, on 8/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ap.dell.com/content/default.as...;l=en&s=gen

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab

O16 - DPF: {109106E8-DFAA-4F22-9922-FBAF1FC1409C} (Pco3 Window (OCBC) Control) - https://www.iocbc.com/esales/csksls/Panel/Pco3X_OCBC.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9466 bytes

[JeanInMontana]

It looks like ComboFix took out some bad stuff. You can run HJT again with all programs closed and put a check next to these items and click fix.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Your Adobe Reader is an unsafe version, you need to update to version 8.

What symptoms if any are you still having?

[lowfm6510]

ok. done everything u said. so far so good. have not encounted any pop up so far. once again thanks for all the help.

[JeanInMontana]

Your welcome.

We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

For an excellent list of reliable free firewalls and antivirus programs see here.

Yesterday was Patch Tuesday for Microsoft, be sure to get the updates. There were several critical updates for security.

Since this issue seems to be resolved, I will close this thread. Should you feel we need to reopen this just send me a PM.

The advice in this thread is for this system only. Applying the fixes to another system regardless of how similar the symptoms are can result in ruination.