Jump to content

Blue desktop, bugs.


Recommended Posts

My computer is going loco.

My desktop is blue with a blue and yellow box which reads "Warning! Your computer is infected with spyware!" and when the computer is in a period of inactivity, beetles began to 'eat' the screen. If that's not enough, theres a rougeware on my computer called Malware Protector 2008. My time also changed from 2-12 to 1-24, but I managed to fix that easily.

I'm in distress, this is my older brothers computer and this somehow happened. I don't want him to buy a new computer because, knowing him, he's to lazy to fix this and also if he does buy a new computer he'll blame crap on me. I know I'm not so computer savvy but I tried my best, but couldn't do anything.

So.

Ran Spybot search and destroy immunization scan, not sure if I had teatime on or off but results-

Unprotected: 0

Protected: 63018

Total: 63018

Malwarebytes log:

Malwarebytes' Anti-Malware 1.17

Database version: 849

10:41:19 PM 6/11/2008

mbam-log-6-11-2008 (22-41-19).txt

Scan type: Quick Scan

Objects scanned: 53663

Time elapsed: 19 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 1

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\blphc5skj0ee89.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carlos\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carlos\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carlos\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Carlos\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Delete on reboot.

Panda active scan log:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-06-12 11:07:07

PROTECTIONS: 1

MALWARE: 45

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

avast! antivirus 4.8.1201 [VPS 080611-1] 4.8.1201 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.casalemedia.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@casalemedia[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.doubleclick.net/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.atdmt.com/]

00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe

00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@247realmedia[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.fastclick.net/]

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.fastclick.net/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.tribalfusion.com/]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.mediaplex.com/]

00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@paycounter[1].txt

00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@entrepreneur[2].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@revenue[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@xiti[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@azjmp[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@toplist[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@statcounter[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[ad.yieldmanager.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.apmebf.com/]

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@apmebf[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[www.burstbeacon.com/]

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@www.burstbeacon[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@server.iad.liveperson[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.advertising.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[statse.webtrendslive.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@overture[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.overture.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@questionmarket[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.adrevolver.com/]

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@adrevolver[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.adrevolver.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@go[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@searchportal.information[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.target.com/]

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Mozilla\Firefox\Profiles\424l2tt3.default\cookies.txt[.atwola.com/]

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@www3.addfreestats[1].txt

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@enhance[1].txt

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Carlos\Cookies\carlos@adserver.easyad[1].txt

02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe

02634745 Application/Playmp3z HackTools No 0 Yes No C:\Documents and Settings\Carlos\Local Settings\Temporary Internet Files\Content.IE5\ZYXAQ1N8\PLAY_MP3[1].exe

02763634 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-45d99cbd-6c5dfc5f.zip[VaannnaaBaa.class]

02763634 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5b605af0-4d2c5eca.zip[VaannnaaBaa.class]

02763635 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5b605af0-4d2c5eca.zip[bnnnnn.class]

02763635 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-45d99cbd-6c5dfc5f.zip[bnnnnn.class]

02763636 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-45d99cbd-6c5dfc5f.zip[bnnnnBaa.class]

02763636 Trj/ClassLoader.AH Virus/Trojan No 0 Yes No C:\Documents and Settings\Carlos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5b605af0-4d2c5eca.zip[bnnnnBaa.class]

03008451 Application/AdvancedXPFixer HackTools Yes 0 Yes No C:\PROGRAM FILES\SHC3SKJ0EE89\SHC3SKJ0EE89SKIN.DLL

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\blphc5skj0ee89.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{921622A0-D118-4E71-92AF-80DA8980141C}\RP394\A0052800.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{921622A0-D118-4E71-92AF-80DA8980141C}\RP394\A0052817.scr

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\FD.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\103.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\106.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\109.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\10C.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\100.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\EC.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\EF.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\F4.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\F7.tmp

03053495 Adware/VapSup Adware No 0 Yes No C:\WINDOWS\system32\FA.tmp

03064986 Adware/MalwareAlarm Adware Yes 2 Yes No C:\WINDOWS\SYSTEM32\LPHC5SKJ0EE89.EXE

03064986 Adware/MalwareAlarm Adware No 1 Yes No C:\Documents and Settings\Carlos\Local Settings\Temporary Internet Files\Content.IE5\ZYXAQ1N8\secure[1]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Hijack this! log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:16:09 AM, on 6/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\bak\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\lphc5skj0ee89.exe

C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Carlos\Local Settings\Temp\.tt17D.tmp

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe

O4 - HKLM\..\Run: [sMshc3skj0ee89] C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--

End of file - 11487 bytes

So. Did I do it right?

After the Mbam quick scan it said C:\Documents and settings\Carlos\Local settings\Temp\.tt4.tmp could not be removed. It also said everything else would be removed on reboot.

I am DETERMINED to get this computer fixed.

Link to post
Share on other sites

Hi Legacy and welcome to Malwarebytes. You have done well so far, still work to do. Did you run a removal scan with Spbot Search and Destroy? If not please do so, the Panda scan looks like you might not have. You also still have Tea Timer running and that can interfere with removal prossesses. Please turn it off.

Open SB S&D

Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.

Click on the Tools section and then Resident.

You will see two items.

1. Resident "SD helper" (Internet Explorer bad download blocker.) active

2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck number 2..

Leave number 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Run HJT in scan only and put a check next to these items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

Next please go to Start > My Computer > Right Click on C if that is your main drive and choose properties. You will see a pie chart and a button *Disk Clean-up* click this. Clean up all the temp files etc.

Reboot the computer.

Now please get this:

1. Download this file :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe. It will be a red icon with a white X on your desktop.

Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.

3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.

Post that log and a HiJack log in your next reply

Note:

Do not mouseclick combofix's window while its running. That may cause it to stall.

Link to post
Share on other sites

erm, okay I disabled Tea-time. Do you still want me to run the immunize thing on SD and post the log? I really don't know what teatimer does but do you recommend I leave it on? You also told me to put a check next to those files, but what do I do afterwards?

Edited by JeanInMontana
Remove quote no need to quote, save the scroll time.
Link to post
Share on other sites

Sorry put the check and click fix. Follow all the instructions i gave you. Disable Tea Timer for now. Immunize and run a removal scan with the Spybot S&D remove what it finds. Immunization is not a scan. It just adds a list of bad sites. I don not want a log from that program, I want you to have the prevention it provides and remove the junk from the tracking cookies etc that show in your Panda scan.

Please follow all instructions.

Link to post
Share on other sites

ComboFix 08-06-11.1 - Carlos 2008-06-12 19:13:13.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.106 [GMT -4:00]

Running from: C:\Documents and Settings\Carlos\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\9.tmp

C:\WINDOWS\system32\C.tmp

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\F.tmp

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\sysrest.sys

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SYSREST.SYS

-------\Service_NPF

-------\Service_sysrest.sys

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))

.

2008-06-12 18:22 . 2008-06-12 18:12 52,736 --a------ C:\WINDOWS\system32\2F.tmp

2008-06-12 17:11 . 2008-06-12 19:20 52,736 --a------ C:\WINDOWS\system32\blphc5skj0ee89.scr

2008-06-12 17:05 . 2008-06-12 16:55 52,736 --a------ C:\WINDOWS\system32\1D4.tmp

2008-06-12 16:55 . 2008-06-12 16:45 52,736 --a------ C:\WINDOWS\system32\1D1.tmp

2008-06-12 16:45 . 2008-06-12 16:35 52,736 --a------ C:\WINDOWS\system32\1CE.tmp

2008-06-12 16:35 . 2008-06-12 16:25 52,736 --a------ C:\WINDOWS\system32\1CB.tmp

2008-06-12 16:25 . 2008-06-12 16:15 52,736 --a------ C:\WINDOWS\system32\1C8.tmp

2008-06-12 16:15 . 2008-06-12 16:05 52,736 --a------ C:\WINDOWS\system32\1C5.tmp

2008-06-12 16:05 . 2008-06-12 15:55 52,736 --a------ C:\WINDOWS\system32\1C2.tmp

2008-06-12 15:55 . 2008-06-12 15:40 52,736 --a------ C:\WINDOWS\system32\1BF.tmp

2008-06-12 15:40 . 2008-06-12 15:30 52,736 --a------ C:\WINDOWS\system32\1BC.tmp

2008-06-12 15:30 . 2008-06-12 15:19 52,736 --a------ C:\WINDOWS\system32\1B9.tmp

2008-06-12 15:19 . 2008-06-12 15:09 52,736 --a------ C:\WINDOWS\system32\1B6.tmp

2008-06-12 15:09 . 2008-06-12 14:59 52,736 --a------ C:\WINDOWS\system32\1B3.tmp

2008-06-12 14:59 . 2008-06-12 14:49 52,736 --a------ C:\WINDOWS\system32\1B0.tmp

2008-06-12 14:24 . 2008-06-12 14:14 52,736 --a------ C:\WINDOWS\system32\1A9.tmp

2008-06-12 14:14 . 2008-06-12 14:04 52,736 --a------ C:\WINDOWS\system32\1A6.tmp

2008-06-12 14:04 . 2008-06-12 13:54 52,736 --a------ C:\WINDOWS\system32\1A3.tmp

2008-06-12 13:54 . 2008-06-12 13:44 52,736 --a------ C:\WINDOWS\system32\1A0.tmp

2008-06-12 13:03 . 2008-06-12 12:53 52,736 --a------ C:\WINDOWS\system32\195.tmp

2008-06-12 08:19 . 2008-06-12 08:09 52,736 --a------ C:\WINDOWS\system32\172.tmp

2008-06-12 08:09 . 2008-06-12 07:59 52,736 --a------ C:\WINDOWS\system32\16F.tmp

2008-06-12 07:59 . 2008-06-12 07:49 52,736 --a------ C:\WINDOWS\system32\16C.tmp

2008-06-12 07:49 . 2008-06-12 07:39 52,736 --a------ C:\WINDOWS\system32\169.tmp

2008-06-12 07:39 . 2008-06-12 07:29 52,736 --a------ C:\WINDOWS\system32\166.tmp

2008-06-12 07:29 . 2008-06-12 07:19 52,736 --a------ C:\WINDOWS\system32\163.tmp

2008-06-12 07:19 . 2008-06-12 07:08 52,736 --a------ C:\WINDOWS\system32\160.tmp

2008-06-12 07:08 . 2008-06-12 06:58 52,736 --a------ C:\WINDOWS\system32\15D.tmp

2008-06-12 06:58 . 2008-06-12 06:48 52,736 --a------ C:\WINDOWS\system32\15A.tmp

2008-06-12 06:48 . 2008-06-12 06:38 52,736 --a------ C:\WINDOWS\system32\157.tmp

2008-06-12 06:38 . 2008-06-12 06:28 52,736 --a------ C:\WINDOWS\system32\154.tmp

2008-06-12 06:28 . 2008-06-12 06:18 52,736 --a------ C:\WINDOWS\system32\151.tmp

2008-06-12 06:18 . 2008-06-12 06:08 52,736 --a------ C:\WINDOWS\system32\14E.tmp

2008-06-12 06:08 . 2008-06-12 05:58 52,736 --a------ C:\WINDOWS\system32\14B.tmp

2008-06-12 05:58 . 2008-06-12 05:48 52,736 --a------ C:\WINDOWS\system32\148.tmp

2008-06-12 05:48 . 2008-06-12 05:38 52,736 --a------ C:\WINDOWS\system32\145.tmp

2008-06-12 05:38 . 2008-06-12 05:28 52,736 --a------ C:\WINDOWS\system32\142.tmp

2008-06-12 05:28 . 2008-06-12 05:18 52,736 --a------ C:\WINDOWS\system32\13F.tmp

2008-06-12 05:18 . 2008-06-12 05:08 52,736 --a------ C:\WINDOWS\system32\13C.tmp

2008-06-12 05:08 . 2008-06-12 04:58 52,736 --a------ C:\WINDOWS\system32\139.tmp

2008-06-12 04:58 . 2008-06-12 04:48 52,736 --a------ C:\WINDOWS\system32\136.tmp

2008-06-12 04:48 . 2008-06-12 04:38 52,736 --a------ C:\WINDOWS\system32\133.tmp

2008-06-12 04:38 . 2008-06-12 04:28 52,736 --a------ C:\WINDOWS\system32\130.tmp

2008-06-12 04:28 . 2008-06-12 04:18 52,736 --a------ C:\WINDOWS\system32\12D.tmp

2008-06-12 04:18 . 2008-06-12 04:08 52,736 --a------ C:\WINDOWS\system32\12A.tmp

2008-06-12 04:08 . 2008-06-12 03:57 52,736 --a------ C:\WINDOWS\system32\127.tmp

2008-06-12 03:57 . 2008-06-12 03:47 52,736 --a------ C:\WINDOWS\system32\124.tmp

2008-06-12 03:47 . 2008-06-12 03:37 52,736 --a------ C:\WINDOWS\system32\121.tmp

2008-06-12 03:37 . 2008-06-12 03:27 52,736 --a------ C:\WINDOWS\system32\11E.tmp

2008-06-12 03:27 . 2008-06-12 03:17 52,736 --a------ C:\WINDOWS\system32\11B.tmp

2008-06-12 03:17 . 2008-06-12 03:07 52,736 --a------ C:\WINDOWS\system32\118.tmp

2008-06-12 03:07 . 2008-06-12 02:57 52,736 --a------ C:\WINDOWS\system32\115.tmp

2008-06-12 02:57 . 2008-06-12 02:47 52,736 --a------ C:\WINDOWS\system32\112.tmp

2008-06-12 02:47 . 2008-06-12 02:36 52,736 --a------ C:\WINDOWS\system32\10F.tmp

2008-06-12 02:36 . 2008-06-12 02:26 52,736 --a------ C:\WINDOWS\system32\10C.tmp

2008-06-12 02:26 . 2008-06-12 02:16 52,736 --a------ C:\WINDOWS\system32\109.tmp

2008-06-12 02:16 . 2008-06-12 02:06 52,736 --a------ C:\WINDOWS\system32\106.tmp

2008-06-12 02:06 . 2008-06-12 01:56 52,736 --a------ C:\WINDOWS\system32\103.tmp

2008-06-12 01:56 . 2008-06-12 01:46 52,736 --a------ C:\WINDOWS\system32\100.tmp

2008-06-12 01:46 . 2008-06-12 01:36 52,736 --a------ C:\WINDOWS\system32\FD.tmp

2008-06-12 01:36 . 2008-06-12 01:26 52,736 --a------ C:\WINDOWS\system32\FA.tmp

2008-06-12 01:26 . 2008-06-12 01:16 52,736 --a------ C:\WINDOWS\system32\F7.tmp

2008-06-12 01:16 . 2008-06-12 01:06 52,736 --a------ C:\WINDOWS\system32\F4.tmp

2008-06-12 00:55 . 2008-06-12 00:45 52,736 --a------ C:\WINDOWS\system32\EF.tmp

2008-06-12 00:45 . 2008-06-12 00:35 52,736 --a------ C:\WINDOWS\system32\EC.tmp

2008-06-11 22:46 . 2008-06-11 22:49 <DIR> d-------- C:\Program Files\Panda Security

2008-06-11 21:48 . 2008-06-11 21:48 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89

2008-06-11 21:47 . 2008-06-11 21:48 <DIR> d-------- C:\Program Files\shc3skj0ee89

2008-06-11 20:11 . 2008-06-11 20:11 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-11 20:06 . 2008-06-11 20:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-11 20:06 . 2008-06-11 20:06 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Malwarebytes

2008-06-11 20:06 . 2008-06-11 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-11 20:06 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-11 20:06 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-10 16:33 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 16:33 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 16:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-06-10 16:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-06-10 16:07 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-06-10 16:07 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-06-10 16:07 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-06-10 16:07 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-06-10 16:07 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-06-10 16:07 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-06-09 21:29 . 2008-06-12 19:20 90,838 --a------ C:\WINDOWS\system32\phc5skj0ee89.bmp

2008-06-09 21:28 . 2008-06-09 21:28 92,160 --a------ C:\WINDOWS\system32\lphc5skj0ee89.exe

2008-06-09 16:25 . 2008-06-09 16:25 <DIR> d-------- C:\Program Files\Lavasoft

2008-06-09 16:25 . 2008-06-09 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-09 16:23 . 2008-06-09 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-06 15:46 . 2008-06-06 16:55 0 --ahs---- C:\Documents and Settings\Carlos\Application Data\004849935f13e2079a2977247caf87ffb588545d7c2768b88f.dat

2008-06-06 12:02 . 2008-06-06 12:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-06 12:02 . 2008-06-06 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-19 20:05 . 2008-05-19 20:05 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Apple Computer

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-11 01:41 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-06-10 02:59 --------- d-----w C:\Program Files\GIMP-2.0

2008-06-10 02:51 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-06-10 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio

2008-06-10 02:31 --------- d-----w C:\Program Files\Yahoo!

2008-06-10 02:30 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Yahoo!

2008-06-10 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-06-10 01:56 --------- d-----w C:\Program Files\InterActual

2008-06-10 01:42 --------- d-----w C:\Program Files\VstPlugins

2008-06-10 01:41 --------- d-----w C:\Program Files\Image-Line

2008-06-09 01:04 --------- d-----w C:\Program Files\Covey Inc

2008-06-07 18:18 --------- d-----w C:\Program Files\Microsoft Games

2008-06-05 11:28 --------- d-----w C:\Documents and Settings\Carlos\Application Data\LimeWire

2008-05-27 18:34 --------- d-----w C:\Program Files\Google

2008-05-24 13:33 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Microsoft Games

2008-05-24 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Games

2008-05-24 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-14 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 22:29 --------- d-----w C:\Documents and Settings\Carlos\Application Data\Anvil Studio

2008-05-04 19:23 --------- d-----w C:\Program Files\Lexmark X1100 Series

2008-05-04 16:57 --------- d-----w C:\Documents and Settings\Carlos\Application Data\gtk-2.0

2008-05-01 19:57 --------- d-----w C:\Program Files\QuickTime

2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-20 21:52 --------- d-----w C:\Program Files\Enterbrain

2008-04-15 21:36 --------- d-----w C:\Program Files\LimeWire

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 63,712 2007-03-09 15:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 40,048 2007-05-11 07:06:32 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe

----a-w 79,224 2008-05-15 23:19:31 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

----a-r 2,321,600 2007-03-01 14:37:52 C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe

----a-w 228,088 2007-04-23 16:43:50 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe

----a-w 299,008 2005-10-27 10:00:22 C:\Program Files\Creative\Shared Files\bak\CamTray.exe

----a-w 32,768 2003-10-31 23:42:40 C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe

----a-w 132,496 2007-09-25 06:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 57,344 2003-08-19 10:43:46 C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe

----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 160,592 2007-10-04 03:32:52 C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe

----a-r 32,768 2007-02-26 17:02:00 C:\WINDOWS\bak\V0330Mon.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5066406-348e-475e-9268-1d302b00c504}]

2007-12-08 20:04 1502232 --a------ C:\Program Files\Sal's_Realm's\tbSal1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A5066406-348E-475E-9268-1D302B00C504}"= "C:\Program Files\Sal's_Realm's\tbSal1.dll" [2007-12-08 20:04 1502232]

[HKEY_CLASSES_ROOT\clsid\{a5066406-348e-475e-9268-1d302b00c504}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A5066406-348E-475E-9268-1D302B00C504}"= C:\Program Files\Sal's_Realm's\tbSal1.dll [2007-12-08 20:04 1502232]

[HKEY_CLASSES_ROOT\clsid\{a5066406-348e-475e-9268-1d302b00c504}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-02 20:24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

"C:\WINDOWS\system32\V0330Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-04 08:00 11776]

"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [2007-06-29 06:24 286720]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"lphc5skj0ee89"="C:\WINDOWS\system32\lphc5skj0ee89.exe" [2008-06-09 21:28 92160]

"SMshc3skj0ee89"="C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe" [2008-06-11 04:59 1167360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 08:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Carlos\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

OneNote Table Of Contents.onetoc2 [2008-01-17 17:22:07 3656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispBackgroundPage"= 1 (0x1)

"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo"= CSvidcap.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 23:38]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 02:23]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]

S3 s3chipid;s3chipid;C:\DOCUME~1\Carlos\LOCALS~1\Temp\s3chipid.sys []

S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 13:09]

S3 V0330VID;WebCam Vista/Live! Cam Chat;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2007-02-28 01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{934a696e-1b5a-11dc-867c-001921519a07}]

\Shell\AutoRun\command - F:\LaunchU3.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-06-10 22:13:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-12 19:20:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-06-12 19:32:26 - machine was rebooted [Carlos]

ComboFix-quarantined-files.txt 2008-06-12 23:31:54

Pre-Run: 87,156,572,160 bytes free

Post-Run: 88,633,249,792 bytes free

260 --- E O F --- 2008-06-11 07:05:26

Hijack this!:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:35:16 PM, on 6/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\QuickTime\bak\qttask.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\lphc5skj0ee89.exe

C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe

O4 - HKLM\..\Run: [sMshc3skj0ee89] C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--

End of file - 10123 bytes

That seemed to delete the malware Protecter 08 from my taskbar, but not entirely. Also, Jeaninmontana, there were lots of other cookies, but I just wanted to tell you that one, because I think it might be the source of my blue screen, bugs, etc.

Link to post
Share on other sites

Did you at one time run SmitfraudFix? This system is seriously compromised. You have had a key logger for nearly a month from the ComboFix log and have been infected with a rootkit that can only be guaranteed removal by reformatting the machine. You should contact any banks and credit card companies that have information on the machine. Change all passwords and keep it off line as much as possible. If it's networked the entire network is at risk. You have P2P software installed (LimeWire) and this is a huge risk for what has happened to the machine. Possibly why your here. I recommend you uninstall it.

Please place the following files in a folder and zip it. Then upload here http://uploads.malwarebytes.org/

C:\WINDOWS\system32\lsdelete.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\system32\phc5skj0ee89.bmp

C:\WINDOWS\system32\lphc5skj0ee89.exe

C:\WINDOWS\system32\V0330Cvw.dll

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

All the above beginning with 016 will be found on your main drive, usually C in the Windows folder and then in a folder called Downloaded Program files.

Run HJT in scan only mode and place a check next to the following items and then click fix.

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

Reboot, update MBAM and scan again. Post that log and a new HJT log. Decide if you wish to continue trying to clean the system or do a reformat. Let me know what you decide, and how things are looking now.

Link to post
Share on other sites

I'll uninstall Limewire then. I was going to reformat the whole computer at first but couldn't find all the setup cds. I only have 2, I need 1 more. I'm not sure if I RAN Smitfraudfix but I did download it, incase. Do you also recommend I erase Internet explorer? Because Firefox is much better.

Now, back to moving those files.

Edit: The 016 files don't want to move. Do you want me to 'cut' them, then store it into the folder?

Link to post
Share on other sites

Also please upload these files:

2008-06-12 18:22 . 2008-06-12 18:12 52,736 --a------ C:\WINDOWS\system32\2F.tmp

2008-06-12 17:11 . 2008-06-12 19:20 52,736 --a------ C:\WINDOWS\system32\blphc5skj0ee89.scr

2008-06-12 17:05 . 2008-06-12 16:55 52,736 --a------ C:\WINDOWS\system32\1D4.tmp

2008-06-12 16:55 . 2008-06-12 16:45 52,736 --a------ C:\WINDOWS\system32\1D1.tmp

2008-06-12 16:45 . 2008-06-12 16:35 52,736 --a------ C:\WINDOWS\system32\1CE.tmp

2008-06-12 16:35 . 2008-06-12 16:25 52,736 --a------ C:\WINDOWS\system32\1CB.tmp

2008-06-12 16:25 . 2008-06-12 16:15 52,736 --a------ C:\WINDOWS\system32\1C8.tmp

2008-06-12 16:15 . 2008-06-12 16:05 52,736 --a------ C:\WINDOWS\system32\1C5.tmp

2008-06-12 16:05 . 2008-06-12 15:55 52,736 --a------ C:\WINDOWS\system32\1C2.tmp

2008-06-12 15:55 . 2008-06-12 15:40 52,736 --a------ C:\WINDOWS\system32\1BF.tmp

2008-06-12 15:40 . 2008-06-12 15:30 52,736 --a------ C:\WINDOWS\system32\1BC.tmp

2008-06-12 15:30 . 2008-06-12 15:19 52,736 --a------ C:\WINDOWS\system32\1B9.tmp

2008-06-12 15:19 . 2008-06-12 15:09 52,736 --a------ C:\WINDOWS\system32\1B6.tmp

2008-06-12 15:09 . 2008-06-12 14:59 52,736 --a------ C:\WINDOWS\system32\1B3.tmp

2008-06-12 14:59 . 2008-06-12 14:49 52,736 --a------ C:\WINDOWS\system32\1B0.tmp

2008-06-12 14:24 . 2008-06-12 14:14 52,736 --a------ C:\WINDOWS\system32\1A9.tmp

2008-06-12 14:14 . 2008-06-12 14:04 52,736 --a------ C:\WINDOWS\system32\1A6.tmp

2008-06-12 14:04 . 2008-06-12 13:54 52,736 --a------ C:\WINDOWS\system32\1A3.tmp

2008-06-12 13:54 . 2008-06-12 13:44 52,736 --a------ C:\WINDOWS\system32\1A0.tmp

2008-06-12 13:03 . 2008-06-12 12:53 52,736 --a------ C:\WINDOWS\system32\195.tmp

2008-06-12 08:19 . 2008-06-12 08:09 52,736 --a------ C:\WINDOWS\system32\172.tmp

2008-06-12 08:09 . 2008-06-12 07:59 52,736 --a------ C:\WINDOWS\system32\16F.tmp

2008-06-12 07:59 . 2008-06-12 07:49 52,736 --a------ C:\WINDOWS\system32\16C.tmp

2008-06-12 07:49 . 2008-06-12 07:39 52,736 --a------ C:\WINDOWS\system32\169.tmp

2008-06-12 07:39 . 2008-06-12 07:29 52,736 --a------ C:\WINDOWS\system32\166.tmp

2008-06-12 07:29 . 2008-06-12 07:19 52,736 --a------ C:\WINDOWS\system32\163.tmp

2008-06-12 07:19 . 2008-06-12 07:08 52,736 --a------ C:\WINDOWS\system32\160.tmp

2008-06-12 07:08 . 2008-06-12 06:58 52,736 --a------ C:\WINDOWS\system32\15D.tmp

2008-06-12 06:58 . 2008-06-12 06:48 52,736 --a------ C:\WINDOWS\system32\15A.tmp

2008-06-12 06:48 . 2008-06-12 06:38 52,736 --a------ C:\WINDOWS\system32\157.tmp

2008-06-12 06:38 . 2008-06-12 06:28 52,736 --a------ C:\WINDOWS\system32\154.tmp

2008-06-12 06:28 . 2008-06-12 06:18 52,736 --a------ C:\WINDOWS\system32\151.tmp

2008-06-12 06:18 . 2008-06-12 06:08 52,736 --a------ C:\WINDOWS\system32\14E.tmp

2008-06-12 06:08 . 2008-06-12 05:58 52,736 --a------ C:\WINDOWS\system32\14B.tmp

2008-06-12 05:58 . 2008-06-12 05:48 52,736 --a------ C:\WINDOWS\system32\148.tmp

2008-06-12 05:48 . 2008-06-12 05:38 52,736 --a------ C:\WINDOWS\system32\145.tmp

2008-06-12 05:38 . 2008-06-12 05:28 52,736 --a------ C:\WINDOWS\system32\142.tmp

2008-06-12 05:28 . 2008-06-12 05:18 52,736 --a------ C:\WINDOWS\system32\13F.tmp

2008-06-12 05:18 . 2008-06-12 05:08 52,736 --a------ C:\WINDOWS\system32\13C.tmp

2008-06-12 05:08 . 2008-06-12 04:58 52,736 --a------ C:\WINDOWS\system32\139.tmp

2008-06-12 04:58 . 2008-06-12 04:48 52,736 --a------ C:\WINDOWS\system32\136.tmp

2008-06-12 04:48 . 2008-06-12 04:38 52,736 --a------ C:\WINDOWS\system32\133.tmp

2008-06-12 04:38 . 2008-06-12 04:28 52,736 --a------ C:\WINDOWS\system32\130.tmp

2008-06-12 04:28 . 2008-06-12 04:18 52,736 --a------ C:\WINDOWS\system32\12D.tmp

2008-06-12 04:18 . 2008-06-12 04:08 52,736 --a------ C:\WINDOWS\system32\12A.tmp

2008-06-12 04:08 . 2008-06-12 03:57 52,736 --a------ C:\WINDOWS\system32\127.tmp

2008-06-12 03:57 . 2008-06-12 03:47 52,736 --a------ C:\WINDOWS\system32\124.tmp

2008-06-12 03:47 . 2008-06-12 03:37 52,736 --a------ C:\WINDOWS\system32\121.tmp

2008-06-12 03:37 . 2008-06-12 03:27 52,736 --a------ C:\WINDOWS\system32\11E.tmp

2008-06-12 03:27 . 2008-06-12 03:17 52,736 --a------ C:\WINDOWS\system32\11B.tmp

2008-06-12 03:17 . 2008-06-12 03:07 52,736 --a------ C:\WINDOWS\system32\118.tmp

2008-06-12 03:07 . 2008-06-12 02:57 52,736 --a------ C:\WINDOWS\system32\115.tmp

2008-06-12 02:57 . 2008-06-12 02:47 52,736 --a------ C:\WINDOWS\system32\112.tmp

2008-06-12 02:47 . 2008-06-12 02:36 52,736 --a------ C:\WINDOWS\system32\10F.tmp

2008-06-12 02:36 . 2008-06-12 02:26 52,736 --a------ C:\WINDOWS\system32\10C.tmp

2008-06-12 02:26 . 2008-06-12 02:16 52,736 --a------ C:\WINDOWS\system32\109.tmp

2008-06-12 02:16 . 2008-06-12 02:06 52,736 --a------ C:\WINDOWS\system32\106.tmp

2008-06-12 02:06 . 2008-06-12 01:56 52,736 --a------ C:\WINDOWS\system32\103.tmp

2008-06-12 01:56 . 2008-06-12 01:46 52,736 --a------ C:\WINDOWS\system32\100.tmp

2008-06-12 01:46 . 2008-06-12 01:36 52,736 --a------ C:\WINDOWS\system32\FD.tmp

2008-06-12 01:36 . 2008-06-12 01:26 52,736 --a------ C:\WINDOWS\system32\FA.tmp

2008-06-12 01:26 . 2008-06-12 01:16 52,736 --a------ C:\WINDOWS\system32\F7.tmp

2008-06-12 01:16 . 2008-06-12 01:06 52,736 --a------ C:\WINDOWS\system32\F4.tmp

2008-06-12 00:55 . 2008-06-12 00:45 52,736 --a------ C:\WINDOWS\system32\EF.tmp

2008-06-12 00:45 . 2008-06-12 00:35 52,736 --a------ C:\WINDOWS\system32\EC.tmp

Ignore the date portion just navigate to the C:\Windows\System32 folder and find the rest of the file name.

Link to post
Share on other sites

I'll uninstall Limewire then. I was going to reformat the whole computer at first but couldn't find all the setup cds. I only have 2, I need 1 more. I'm not sure if I RAN Smitfraudfix but I did download it, incase.

Two CD's should be all it takes to reformat. The MBAM team would really appreciate if you can submit the files requested, it will help the program and others a great deal. Do you wish to continue with the fixes?

Link to post
Share on other sites

Wow, that's lots of files.

Also, it won't let me move the files in the Downloaded Program Files folder, they just stay there and don't move at all.

Also, my brother said the CDs won't be able to fix, because we once had changed our motherboard.

Also, after I uploaded the folders what do you want me to do with them?

EDIT: I tried uploading the ZIP file twice but it keeps saying an error has occured.

EDIT2: I see, the filesize is 3.34 MB. Do you want me to upload it into 2 seperate folders?

Link to post
Share on other sites

Well after nosirrah has had a look reformat probably isn't necessary. I'm going to attach a zip file that will get all your files we want in the download program files. just unzip it and double click. It will make a folder on your desktop called malware. Zip that and upload.

capture.zip

capture.zip

Link to post
Share on other sites

Ok, but I might have to upload 3 files, because the first folder you told me to ZIP is to large.

Ok, I uploaded the files, attempting a reboot.

Also, do you want me to delete the original folders and ZIP files now that I uploaded them?

Also, do you want me to quickscan? Or full?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.17

Database version: 853

2:32:00 PM 6/13/2008

mbam-log-6-13-2008 (14-31-56).txt

Scan type: Quick Scan

Objects scanned: 36870

Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 5

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 13

Files Infected: 63

Memory Processes Infected:

C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe (Rogue.MalwareProtector2008) -> No action taken.

Memory Modules Infected:

C:\Program Files\shc3skj0ee89\MFC71.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\MFC71ENU.DLL (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\msvcp71.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\msvcr71.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\shc3skj0ee89Skin.dll (Rogue.MalwareProtector2008) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SMshc3skj0ee89 (Rogue.MalwareProtector2008) -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

C:\Program Files\shc3skj0ee89 (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89 (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\BrowserObjects (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Packages (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKCU (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKLM (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\StartMenuAllUsers (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\StartMenuCurrentUser (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKCU\RunOnce (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\shc3skj0ee89\Quarantine\Autorun\HKLM\RunOnce (Rogue.MalwareProtector2008) -> No action taken.

Files Infected:

C:\WINDOWS\system32\10A.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\10C.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\10E.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\10F.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\111.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\112.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\114.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\115.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\117.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\118.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\11A.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\11F.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\1AA.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\1AD.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\1FD.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\201.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\270.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\68.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\6E.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\75.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\7A.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\7D.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\84.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\8B.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\A4.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\A9.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\B1.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\B5.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\BB.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\blphc5skj0ee89.scr (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\C2.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\C9.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\CD.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\D0.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\D3.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\D8.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\DE.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\E3.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\E6.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\E9.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\ED.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\F2.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\F9.tmp (Trojan.FakeAlert) -> No action taken.

C:\WINDOWS\system32\FF.tmp (Trojan.FakeAlert) -> No action taken.

C:\Program Files\shc3skj0ee89\database.dat (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\license.txt (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\MFC71.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\MFC71ENU.DLL (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\msvcp71.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\msvcr71.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\shc3skj0ee89.exe.local (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\shc3skj0ee89Skin.dll (Rogue.MalwareProtector2008) -> No action taken.

C:\Program Files\shc3skj0ee89\Uninstall.exe (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> No action taken.

C:\Documents and Settings\Carlos\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.

C:\Documents and Settings\Carlos\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:42:32 PM, on 6/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\QuickTime\bak\qttask.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--

End of file - 9986 bytes

There we go. Malware Protector 08 seems to have ran away :lol:. I can change my desktop and screen saver now but I'm reluctant because, on my backgroudn options the pch5skj0ee89 file is still present. But the thing is, with that file, I no longer have the Yellow and blue background saying I have spyware, it's just all blue.

Also, do I delete the folders I uploaded to malware bytes.org?

Edit:NVM.

Link to post
Share on other sites

You have to check the box to "Take Action" with MBAM. Your still infected from the log it found a ton of stuff. Update the program, current data base is 854, scan again post that log and a new HJT log. Looks like you didn't remove the lines in HJT I asked you to do also.

Yes you can delete the files you uploaded.

Link to post
Share on other sites

I didn't delete them?

I could've sworn I did.

Morning thing, then, eh?

Will do now.

Well, all I can do now is say thank you! I really appreciate how you took your time to fix my computer, considering your in Montana and I'm in Florida and I don't even KNOW you!

I hope my machine will be clean soon and I'll be scanning regularly. I'll fix those files and take action in my mbam scan (which I recommend for everyone to use.)

Also, I just want to know, do I still have that keylogger?

Link to post
Share on other sites

Oh, my mistake :lol:

Well, here ya go. It looks like the files weren't deleted but I swear I pressed the Fix checked button! What's happening?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:02:49 PM, on 6/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\QuickTime\bak\qttask.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--

End of file - 8772 bytes

Malwarebytes' Anti-Malware 1.17

Database version: 854

4:06:03 PM 6/13/2008

mbam-log-6-13-2008 (16-06-03).txt

Scan type: Quick Scan

Objects scanned: 36907

Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 65

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\124.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\130.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\133.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\13C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\13F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\151.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\157.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\15A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\15D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\172.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\195.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1A9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1B9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1BC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1BF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1C2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1C5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1C8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1CB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1CE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1D1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\1D4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\2F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc11\blphc5skj0ee89.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\100.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\103.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\104.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\106.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\107.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\109.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\11B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\11E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\121.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\123.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\126.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\127.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\12A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\12D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\136.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\139.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\142.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\145.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\148.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\14B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\14E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\154.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\160.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\163.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\166.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\169.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\16C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\16F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\EC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\EF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\F4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\F7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\FA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-746137067-484763869-682003330-1004\Dc12\FD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Also, do you know how to make Mozilla Firefox my default browser?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.17

Database version: 854

5:40:10 PM 6/13/2008

mbam-log-6-13-2008 (17-40-10).txt

Scan type: Quick Scan

Objects scanned: 36833

Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:43:17 PM, on 6/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\QuickTime\bak\qttask.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--

End of file - 8944 bytes

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

This file doesn't seem to want to delete.

Edit: I don't still have that keylogger, do I?

Edit2: I went to go eat some food because I'm mighty hungry (I'm so full now :lol:) and before I went off to the kitchen, I decided to run a full scan with Mbam. I found 9 infected files and had them deleted ;D.

Edit3: Gonna go walking, need excercise.

Edit4: Back.

Edit5: Gonna go take a shower. BBS.

Link to post
Share on other sites

Erm, bump?

Am I allowed to do that?

Anyways, to late I guess, eh? Got back from the shower and deleted 4 files from quick scan on adaware. Doing full scan and already found 9 files.

Also, what exactly is a 'tracking cookie'? What can they do?

Do I still have the key logger? Is my system good now?

Link to post
Share on other sites

I don't know if you still have the key logger because I have not seen any logs that indicate it is gone. Please do not do scans with programs not asked. Adware found by AdAware are cookies i'm sure and not even in the class we are dealing with. I want to see the log from the full MBAM scan please. Be patient, I need food too, I need a break from this all day, I will get back to you.

Link to post
Share on other sites

'ere ya go.

Malwarebytes' Anti-Malware 1.17

Database version: 854

11:37:15 PM 6/13/2008

mbam-log-6-13-2008 (23-37-15).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)

Objects scanned: 84039

Time elapsed: 28 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:50:23 PM, on 6/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\QuickTime\bak\qttask.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Sal's Realm's Toolbar - {a5066406-348e-475e-9268-1d302b00c504} - C:\Program Files\Sal's_Realm's\tbSal1.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0330Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0330Cvw.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc5skj0ee89] C:\WINDOWS\system32\lphc5skj0ee89.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OneNote Table Of Contents.onetoc2

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--

End of file - 8932 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.