Adobe Flash Player ActiveX Adobe Reader 7.0 AIM Toolbar America Online (Choose which version to remove) AOL Coach Version 1.0(Build:20040229.1 en) AOL Instant Messenger ArcSoft ShowBiz 2 CC_ccStart ccCommon ErrorSmart FrontierNet DSL Attendant HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) hp deskjet 5600 HP Deskjet Preloaded Printer Drivers HP Instant Support hp officejet 4100 series hp officejet 4100 series HP Organize HP Photo & Imaging 3.1 HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp officejet 4100 series HP Photo and Imaging 2.0 - Photosmart Cameras HP Software Update HPIZ311 Intel(R) Extreme Graphics Driver InterVideo WinDVD Player Java 2 Runtime Environment, SE v1.4.2 KBD LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Disc 2 Microsoft Office Professional Edition 2003 Microsoft Office Standard Edition 2003 Microsoft Plus! Digital Media Edition Microsoft Works 7.0 MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Multimedia Card Reader MUSICMATCH® Jukebox Norton AntiVirus 2004 Norton AntiVirus 2004 (Symantec Corporation) Norton AntiVirus Parent MSI Norton WMI Update NVIDIA GART Driver PC-Doctor for Windows PENTAX USB DISK Device Photosmart 140,240,7200,7600,7700,7900 Series Polar Bowler from Hewlett-Packard Desktops (remove only) Polaroid PDC 640 Camera Driver 1.0.0.1.2E PS2 Quicken 2004 QuickTime RealPlayer RecordNow! Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB911280) Sonic Update Manager Symantec pcAnywhere SymNet toolkit Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Updates from HP Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar (Remove Only) Windows Defender Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live OneCare safety scanner Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB885250 Windows XP Service Pack 2

0

Your java is out of date and can be exploited. Download the latest version of java from this link Java Click on the JDK 6 Update 5 download button. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed Then from your desktop double-click on jdk-6u5-windows-i586-p.exe to install the newest version. Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/ O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear... Go to start> control panel> add/remove programs and uninstall "Quicktime" it is corrupt. Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\Documents and Settings\Owner\Application Data\Anti-Virus-Pro.com C:\Program Files\ISTsvc\istsvc.exe Folder:: C:\VundoFix Backups C:\Program Files\ISTsvc Registry:: [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CQAv] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Egqru] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Download CCleaner from the following link: http://filehippo.com/download_ccleaner/ After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items. Run an online scan with Kaspersky from the following link: Kaspersky Online Scanner Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Base Click OK and, under select a target to scan, select My Computer When the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply. Post a new Combofix log.

0

ComboFix 08-03-07.3 - Owner 2008-03-13 14:33:58.4 - NTFSx86 Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\WINDOWS\LastGood 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-13 10:54 . 2008-03-13 10:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\CCleaner 2008-03-13 10:22 . 2008-03-13 10:22 <DIR> d-------- C:\Program Files\Sun 2008-03-13 10:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 10:18 . 2008-03-13 10:18 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-11 11:49 . 2008-03-13 11:16 41,012 --a------ C:\VETlog.dmp 2008-03-07 14:13 . 2008-03-07 14:40 <DIR> d-------- C:\ComboFix[1] 2008-03-03 12:18 . 2008-03-03 12:49 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-03-02 14:55 . 2008-03-02 14:55 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-02 14:09 . 2008-03-02 14:09 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-02-29 14:14 . 2008-03-07 04:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart 2008-02-29 14:12 . 2008-03-11 10:42 <DIR> d-------- C:\Program Files\ErrorSmart 2008-02-15 14:54 . 2008-02-15 15:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 17:31 --------- d-----w C:\Program Files\QuickTime 2008-03-13 17:22 --------- d-----w C:\Program Files\Java 2008-03-11 17:42 --------- d-----w C:\Program Files\Windows Defender 2008-03-11 17:42 --------- d-----w C:\Program Files\SymNetDrv 2008-03-11 17:42 --------- d-----w C:\Program Files\Multimedia Card Reader 2008-03-11 17:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-11 17:42 --------- d-----w C:\Program Files\AIM 2008-03-07 21:01 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe 2008-03-03 20:54 --------- d-----w C:\Program Files\Viewpoint 2008-03-03 19:49 81,920 ----a-w C:\WINDOWS\system32\ps2.exe 2008-03-03 19:18 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2008-03-02 21:09 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2008-03-02 21:07 498,688 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp 2008-02-08 22:32 --------- d-----w C:\Program Files\Norton AntiVirus 2008-02-04 18:53 93,248 ----a-w C:\WINDOWS\system32\qivatypw.dll 2008-02-02 19:03 96,832 ----a-w C:\WINDOWS\system32\rulyvyys.dll 2008-02-01 19:02 92,224 ----a-w C:\WINDOWS\system32\ambpbdbg.dll 2008-01-29 10:25 69,696 ----a-w C:\WINDOWS\system32\etyorkmm.dll 2008-01-19 19:47 --------- d-----w C:\Program Files\AutoUpdate 2008-01-17 19:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Anti-Virus-Pro.com 2008-01-14 21:54 --------- d-----w C:\Program Files\Symantec 2008-01-13 20:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Viewpoint 2007-07-28 09:06 135 ----a-w C:\Program Files\page.html 2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js 2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js 2004-10-01 22:54 227,190,984 -c--a-w C:\Program Files\OfficeSTD.exe . [code] ----a-w 77,824 2008-03-01 20:20:20 C:\Program Files\QuickTime\qttask .exe ----a-w 77,824 2008-03-03 19:49:31 C:\Program Files\QuickTime\qttask .exe [/code] ((((((((((((((((((((((((((((( snapshot@2008-03-11_10.52.11.53 ))))))))))))))))))))))))))))))))))))))))) . - 2003-10-11 03:09:08 24,670 -c--a-w C:\WINDOWS\system32\java.exe + 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2003-10-11 03:09:08 28,768 -c--a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2007-11-30 21:59:46 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-11 17:50:29 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-30 21:59:46 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-11 17:50:29 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2008-03-07 14:01 67112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-03-07 14:01 483328] "TangoManager"="C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.exe" [2008-03-07 14:02 2170880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk backup=C:\WINDOWS\pss\hp officejet 4100 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] --a------ 2008-03-03 12:19 53248 C:\hp\bin\AUTOTKIT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] --a------ 2008-03-03 12:19 24576 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a------ 2008-03-03 12:19 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-03-03 12:19 71280 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart] --a------ 2008-03-03 12:23 18244856 C:\Program Files\ErrorSmart\ErrorSmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-03-03 12:49 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2008-03-03 12:49 61440 C:\HP\KBD\KBD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] --a--c--- 2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2008-03-03 12:49 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --a------ 2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2008-03-03 12:49 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-03 12:49 77824 C:\Program Files\QuickTime\qttask .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2008-03-03 12:49 212992 C:\WINDOWS\SMINST\RECGUARD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a------ 2008-03-03 12:49 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-03 12:49 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-03 12:49 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2008-03-03 12:49 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] R3 ENDETECT;ENDETECT;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [2003-08-05 13:56] R3 L2XPSR;L2XPSR;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [2003-08-05 13:54] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 12:01] R3 NTSTPL4;NTSTPL4;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2003-08-05 13:56] R3 TAPBIND;TAPBIND;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [2003-08-05 13:56] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 02:15] S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 02:15] S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [2003-08-05 13:56] S3 NTSTPL2;NTSTPL2;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2003-08-05 13:56] S3 NTSTPL3;NTSTPL3;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2003-08-05 13:56] . Contents of the 'Scheduled Tasks' folder "2008-03-11 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart .ex - C:\Program Files\ErrorSmart "2004-08-02 17:58:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083520646.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-10 19:46:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083786321.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-13 17:17:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-03-11 16:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job" - c:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2008-03-08 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - c:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-03-11 17:43:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-13 14:38:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-13 14:39:32 ComboFix-quarantined-files.txt 2008-03-13 21:39:16 ComboFix2.txt 2008-03-13 17:41:40 ComboFix3.txt 2008-03-11 17:52:43 . 2008-03-07 19:14:15 --- E O F --- --------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, March 13, 2008 2:32:44 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/03/2008 Kaspersky Anti-Virus database records: 627867 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ K:\ L:\ M:\ N:\ Scan Statistics: Total number of scanned objects: 87362 Number of viruses found: 21 Number of infected objects: 144 Number of suspicious objects: 0 Duration of the scan process: 02:38:17 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01182008-111254.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-13_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Aim\gpdetnbw\RIOCREW\cert8.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Aim\gpdetnbw\RIOCREW\key3.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-16c26e6c-1f55cf47.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-16c26e6c-1f55cf47.zip/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-16c26e6c-1f55cf47.zip ZIP: infected - 2 skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008031320080314\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\228F3BC6.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\228F3BC6.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\228F3BC6.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton AntiVirus\Quarantine\228F3BC6.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\228F3BC6.zip CryptFF: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\34AE5999 Infected: Trojan.Win32.Small.cy skipped C:\Program Files\Norton AntiVirus\Quarantine\35D85BF5 Infected: Trojan.Win32.Small.cy skipped C:\Program Files\page.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\Program Files\Windows Media Player\profsy.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\chwlyhqz.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wk skipped C:\QooBox\Quarantine\C\hp\bin\AUTOTKIT.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\hp\KBD\KBD.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\AIM\aim.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Sonic\Update Manager\sgtray.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccApp.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\ErrorSmart\ErrorSmart.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TANGOM~1.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\HP\Digital Imaging\bin\backupnotify.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Multimedia Card Reader\shwicon2k.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\SymNetDrv\SNDMon.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\Program Files\Windows Defender\MSASCui.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\VundoFix Backups\cdcxufrk.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\VundoFix Backups\khfefdc.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\VundoFix Backups\ujrisxoc.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\SMINST\RECGUARD.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\aguwhanh.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ahssrtol.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\avamlnib.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bmfqhdec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bunprjjk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cekxfngn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cvvhtagu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\diqneyjn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dmcynxkm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dnanqkcd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\eicndqjg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ewvketbq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\eykmrgpe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fbdstgpr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fccyxwv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fnxnhvvo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fsrkriyn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\geede.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ggjjnsfs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\glbxxuhf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hgclnhnf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hkcmd.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hkuevujf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hlhgvlhd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hnjxltfv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hphmon05.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hpomdlgl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\idcksdjg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\idrnkdxg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ifsrjebw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\igfxtray.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\inqfggwq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jhxviwdq.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kdowrkkv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\khfefdc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kmcjkodr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ksjcqoqu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ktwdkivu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ldpixxca.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mmwkjfac.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cge skipped C:\QooBox\Quarantine\C\WINDOWS\system32\npkevkuk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ntefdovl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nwqlmesx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\odumfirp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ogkfmvkf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ohkwlbuf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\okphmmmg.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\opnnnnk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped C:\QooBox\Quarantine\C\WINDOWS\system32\orexreet.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pnteascw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ps2.exe.vir Infected: Virus.Win32.Trats.d skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pvhqhqbt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qisjebff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qvocrwnk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rbbrsmgd.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\roryragi.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rtodtowv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rxrdpivw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sxrqgkvn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped C:\QooBox\Quarantine\C\WINDOWS\system32\thpnsqua.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ttalefvj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\uhjjcboc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vbyfwtsu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vjedecyc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vmjlhshf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vobimjtk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vocskaip.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vtadkihk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xilwihon.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ycgxfaqx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-03-07_133121.04.zip/dmloadd.sys Infected: Rootkit.Win32.Agent.to skipped C:\QooBox\Quarantine\catchme2008-03-07_133121.04.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped C:\QooBox\Quarantine\catchme2008-03-07_133121.04.zip/geede.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dqi skipped C:\QooBox\Quarantine\catchme2008-03-07_133121.04.zip ZIP: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP7\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp Infected: Virus.Win32.Trats.d skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\ambpbdbg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\etyorkmm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\qivatypw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\WINDOWS\system32\rulyvyys.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TangoManager.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

0

Looking better. Go to start> control panel> add/remove programs and uninstall Quicktime, it is corrupt and aol will reinstall in on the next reboot. Navigate to and delete the contents of this folder but not the folder itself C:\Program Files\Norton AntiVirus\Quarantine Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp C:\WINDOWS\system32\qivatypw.dll C:\WINDOWS\system32\rulyvyys.dll C:\WINDOWS\system32\ambpbdbg.dll C:\WINDOWS\system32\etyorkmm.dll C:\Program Files\page.html C:\Program Files\Windows Media Player\profsy.html C:\Program Files\ISTsvc\istsvc.exe Folder:: C:\QooBox C:\Program Files\ISTsvc Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Post a new Combofix log and a new Kaspersky log please.

0

ComboFix 08-03-07.3 - Owner 2008-03-14 11:21:19.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\page.html C:\Program Files\Windows Media Player\profsy.html C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe.tmp C:\WINDOWS\system32\ambpbdbg.dll C:\WINDOWS\system32\etyorkmm.dll C:\WINDOWS\system32\qivatypw.dll C:\WINDOWS\system32\rulyvyys.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\QooBox C:\QooBox\BackEnv\appdata.folder.dat C:\QooBox\BackEnv\cache.folder.dat C:\QooBox\BackEnv\desktop.folder.dat C:\QooBox\BackEnv\favorites.folder.dat C:\QooBox\BackEnv\localappdata.folder.dat C:\QooBox\BackEnv\localsettings.folder.dat C:\QooBox\BackEnv\mypictures.folder.dat C:\QooBox\BackEnv\personal.folder.dat C:\QooBox\BackEnv\profiles.folder.dat C:\QooBox\BackEnv\programs.folder.dat C:\QooBox\BackEnv\SetPath.bat C:\QooBox\BackEnv\startmenu.folder.dat C:\QooBox\BackEnv\startup.folder.dat C:\QooBox\BackEnv\SysPath.dat C:\QooBox\BackEnv\templates.folder.dat C:\QooBox\CFScript_used_2008-03-14@11.21.txt C:\QooBox\ComboFix2.txt C:\QooBox\snapshot@2008-03-14_11.07.54.59.dat C:\QooBox\snapshot@2008-03-14_11.07.54.59_B.dat . ((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))) . 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-13 10:54 . 2008-03-13 10:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\CCleaner 2008-03-13 10:22 . 2008-03-13 10:22 <DIR> d-------- C:\Program Files\Sun 2008-03-13 10:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 10:18 . 2008-03-13 10:18 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-11 11:49 . 2008-03-13 11:16 41,012 --a------ C:\VETlog.dmp 2008-03-07 14:13 . 2008-03-07 14:40 <DIR> d-------- C:\ComboFix[1] 2008-03-03 12:18 . 2008-03-03 12:49 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-03-02 14:55 . 2008-03-02 14:55 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-02 14:09 . 2008-03-02 14:09 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-02-29 14:14 . 2008-03-07 04:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart 2008-02-29 14:12 . 2008-03-11 10:42 <DIR> d-------- C:\Program Files\ErrorSmart 2008-02-15 14:54 . 2008-02-15 15:00 <DIR> d-------- C:\Program Files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 17:31 --------- d-----w C:\Program Files\QuickTime 2008-03-13 17:22 --------- d-----w C:\Program Files\Java 2008-03-11 17:42 --------- d-----w C:\Program Files\Windows Defender 2008-03-11 17:42 --------- d-----w C:\Program Files\SymNetDrv 2008-03-11 17:42 --------- d-----w C:\Program Files\Multimedia Card Reader 2008-03-11 17:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-11 17:42 --------- d-----w C:\Program Files\AIM 2008-03-07 21:01 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe 2008-03-03 20:54 --------- d-----w C:\Program Files\Viewpoint 2008-03-03 19:49 81,920 ----a-w C:\WINDOWS\system32\ps2.exe 2008-03-03 19:18 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2008-03-02 21:09 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2008-02-08 22:32 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-19 19:47 --------- d-----w C:\Program Files\AutoUpdate 2008-01-17 19:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Anti-Virus-Pro.com 2008-01-14 21:54 --------- d-----w C:\Program Files\Symantec 2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js 2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js 2004-10-01 22:54 227,190,984 -c--a-w C:\Program Files\OfficeSTD.exe . [code] ----a-w 77,824 2008-03-01 20:20:20 C:\Program Files\QuickTime\qttask .exe ----a-w 77,824 2008-03-03 19:49:31 C:\Program Files\QuickTime\qttask .exe [/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2008-03-07 14:01 67112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-03-07 14:01 483328] "TangoManager"="C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.exe" [2008-03-07 14:02 2170880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk backup=C:\WINDOWS\pss\hp officejet 4100 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] --a------ 2008-03-03 12:19 53248 C:\hp\bin\AUTOTKIT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] --a------ 2008-03-03 12:19 24576 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a------ 2008-03-03 12:19 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-03-03 12:19 71280 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart] --a------ 2008-03-03 12:23 18244856 C:\Program Files\ErrorSmart\ErrorSmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-03-03 12:49 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2008-03-03 12:49 61440 C:\HP\KBD\KBD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] --a--c--- 2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2008-03-03 12:49 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --a------ 2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2008-03-03 12:49 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-03 12:49 77824 C:\Program Files\QuickTime\qttask .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2008-03-03 12:49 212992 C:\WINDOWS\SMINST\RECGUARD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a------ 2008-03-03 12:49 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-03 12:49 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-03 12:49 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2008-03-03 12:49 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] R3 ENDETECT;ENDETECT;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [2003-08-05 13:56] R3 L2XPSR;L2XPSR;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [2003-08-05 13:54] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 12:01] R3 NTSTPL4;NTSTPL4;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2003-08-05 13:56] R3 TAPBIND;TAPBIND;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [2003-08-05 13:56] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 02:15] S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 02:15] S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [2003-08-05 13:56] S3 NTSTPL2;NTSTPL2;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2003-08-05 13:56] S3 NTSTPL3;NTSTPL3;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2003-08-05 13:56] . Contents of the 'Scheduled Tasks' folder "2008-03-11 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart .ex - C:\Program Files\ErrorSmart "2004-08-02 17:58:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083520646.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-10 19:46:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083786321.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-14 18:16:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-03-11 16:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job" - c:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2008-03-08 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - c:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-03-11 17:43:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-14 11:24:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-14 11:25:41 . 2008-03-14 12:52:48 --- E O F ---

0

Here's the Kaspersky scan. Thank you again. --------------------- KASPERSKY ONLINE SCANNER REPORT Friday, March 14, 2008 2:14:56 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 14/03/2008 Kaspersky Anti-Virus database records: 630008 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ K:\ L:\ M:\ N:\ Scan Statistics: Total number of scanned objects: 87469 Number of viruses found: 4 Number of infected objects: 7 Number of suspicious objects: 0 Duration of the scan process: 02:35:55 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01182008-111254.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Aim\gpdetnbw\RIOCREW\cert8.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Aim\gpdetnbw\RIOCREW\key3.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-16c26e6c-1f55cf47.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-16c26e6c-1f55cf47.zip/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-16c26e6c-1f55cf47.zip ZIP: infected - 2 skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP10\A0001782.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP10\A0001783.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP10\A0001784.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP10\A0001785.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP11\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{2DBB9BAE-F916-457E-A589-77E6070C1543}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TangoManager.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP11\change.log Object is locked skipped Scan process completed.

0

Set up the computer to view hidden files: To show hidden files do the following: Click Start > My Computer On the Tools menu, click Folder Options. Click the View tab. Uncheck Hide file extensions for known file types. Uncheck Hide protected operating system files. Under the Hidden files folder, locate and check Show hidden files and folders. If you see a warning message, click Yes. Click Apply > OK. Navigate to and delete this file if found: C:\Documents and Settings\Owner\Application Data\Anti-Virus-Pro.com Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Download CCleaner from the following link: http://filehippo.com/download_ccleaner/ After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items. Please run the BitDefender online scan this link: Bitdefender Online Scanner You will need to allow an active x install for the scan to run. Leave the scanning options at default and press "click here to scan" When finished scanning, click on "click here to export the scan report" Save it to your desktop, at "file name" type in "bdscan" then click save. Post a log in your reply.

0

Here it is..... BitDefender Online Scanner Scan report generated at: Sat, Mar 15, 2008 - 14:06:46 Scan path: A:\;C:\;D:\;E:\;K:\;L:\;M:\;N:\; Statistics Time 02:56:47 Files 518365 Folders 6477 Boot Sectors 3 Archives 37443 Packed Files 33653 Results Identified Viruses 5 Infected Files 35 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 35 Engines Info Virus Definitions 997991 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 16 Archive plugins 41 Unpack plugins 7 E-mail plugins 6 System plugins 5 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Owner\Favorites\Fun & Games\Betting.lnk Detected with: Application.Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Fun & Games\Betting.lnk Disinfection failed C:\Documents and Settings\Owner\Favorites\Fun & Games\Betting.lnk Deleted C:\Documents and Settings\Owner\Favorites\Fun & Games\Casino Palace.lnk Detected with: Application.Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Fun & Games\Casino Palace.lnk Disinfection failed C:\Documents and Settings\Owner\Favorites\Fun & Games\Casino Palace.lnk Deleted C:\Documents and Settings\Owner\Favorites\Fun & Games\Casino.lnk Detected with: Application.Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Fun & Games\Casino.lnk Disinfection failed C:\Documents and Settings\Owner\Favorites\Fun & Games\Casino.lnk Deleted C:\Documents and Settings\Owner\Favorites\Fun & Games\Games.lnk Detected with: Application.Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Fun & Games\Games.lnk Disinfection failed C:\Documents and Settings\Owner\Favorites\Fun & Games\Games.lnk Deleted C:\Documents and Settings\Owner\Favorites\Fun & Games\Horoscope.lnk Detected with: Application.Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Fun & Games\Horoscope.lnk Disinfection failed C:\Documents and Settings\Owner\Favorites\Fun & Games\Horoscope.lnk Deleted C:\Documents and Settings\Owner\Favorites\Going Places\Air Tickets.lnk Detected with: Application.Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Going Places\Air Tickets.lnk Disinfection failed C:\Documents and Settings\Owner\Favorites\Going Places\Air Tickets.lnk Deleted C:\Documents and Settings\Owner\Favorites\Going Places\Car Rentals.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Going Places\Car Rentals.lnk Deleted C:\Documents and Settings\Owner\Favorites\Going Places\Hotel Deals.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Going Places\Hotel Deals.lnk Deleted C:\Documents and Settings\Owner\Favorites\Going Places\Luggage.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Going Places\Luggage.lnk Deleted C:\Documents and Settings\Owner\Favorites\Going Places\Travel.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Going Places\Travel.lnk Deleted C:\Documents and Settings\Owner\Favorites\Living\Find a Degree.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Living\Find a Degree.lnk Deleted C:\Documents and Settings\Owner\Favorites\Living\Find a job.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Living\Find a job.lnk Deleted C:\Documents and Settings\Owner\Favorites\Living\Home.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Living\Home.lnk Deleted C:\Documents and Settings\Owner\Favorites\Living\Insurance.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Living\Insurance.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Auctions.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Auctions.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Books.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Books.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Computers.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Computers.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Discount.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Discount.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Flowers.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Flowers.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Golf.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Golf.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Jewelry.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Jewelry.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Movies.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Movies.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Music.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Music.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Online Store.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Online Store.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Perfume.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Perfume.lnk Deleted C:\Documents and Settings\Owner\Favorites\Shop\Sleepwear.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Shop\Sleepwear.lnk Deleted C:\Documents and Settings\Owner\Favorites\Technology\Adware Remover.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Technology\Adware Remover.lnk Deleted C:\Documents and Settings\Owner\Favorites\Technology\Anti-Virus.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Technology\Anti-Virus.lnk Deleted C:\Documents and Settings\Owner\Favorites\Technology\PC Cleaner.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Technology\PC Cleaner.lnk Deleted C:\Documents and Settings\Owner\Favorites\Technology\Tech & gadgets.lnk Detected with: Adware.Istbar.LNK C:\Documents and Settings\Owner\Favorites\Technology\Tech & gadgets.lnk Deleted C:\hp\bin\Terminator.exe Detected with: Application.Prockill.B C:\hp\bin\Terminator.exe Disinfection failed C:\hp\bin\Terminator.exe Deleted C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Detected with: Adware.AWS.A C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Deleted C:\Program Files\AIM\Sysfiles\WxBug.exe Update failed C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008 Detected with: Adware.AWS.A C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008 Deleted C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r) Update failed C:\Program Files\func.js Infected with: Trojan.Clicker.Small.YD C:\Program Files\func.js Disinfection failed C:\Program Files\func.js Deleted C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0002291.exe Detected with: Application.Prockill.B C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0002291.exe Disinfection failed C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0002291.exe Deleted

0

Please post a new Combofix log.

0

ComboFix 08-03-07.3 - Owner 2008-03-18 16:04:30.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.234 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))) . 2008-03-15 11:03 . 2008-03-15 14:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-13 10:54 . 2008-03-13 10:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\CCleaner 2008-03-13 10:22 . 2008-03-13 10:22 <DIR> d-------- C:\Program Files\Sun 2008-03-13 10:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 10:18 . 2008-03-13 10:18 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-11 11:49 . 2008-03-14 12:15 37,808 --a------ C:\VETlog.dmp 2008-03-07 14:13 . 2008-03-07 14:40 <DIR> d-------- C:\ComboFix[1] 2008-03-03 12:18 . 2008-03-03 12:49 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-03-02 14:55 . 2008-03-02 14:55 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-02 14:09 . 2008-03-02 14:09 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-02-29 14:14 . 2008-03-07 04:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart 2008-02-29 14:12 . 2008-03-11 10:42 <DIR> d-------- C:\Program Files\ErrorSmart . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 17:31 --------- d-----w C:\Program Files\QuickTime 2008-03-13 17:22 --------- d-----w C:\Program Files\Java 2008-03-11 17:42 --------- d-----w C:\Program Files\Windows Defender 2008-03-11 17:42 --------- d-----w C:\Program Files\SymNetDrv 2008-03-11 17:42 --------- d-----w C:\Program Files\Multimedia Card Reader 2008-03-11 17:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-11 17:42 --------- d-----w C:\Program Files\AIM 2008-03-07 21:01 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe 2008-03-03 20:54 --------- d-----w C:\Program Files\Viewpoint 2008-03-03 19:49 81,920 ----a-w C:\WINDOWS\system32\ps2.exe 2008-03-03 19:18 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2008-03-02 21:09 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2008-02-15 22:00 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-08 22:32 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-19 19:47 --------- d-----w C:\Program Files\AutoUpdate 2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js 2004-10-01 22:54 227,190,984 -c--a-w C:\Program Files\OfficeSTD.exe . [code] ----a-w 77,824 2008-03-01 20:20:20 C:\Program Files\QuickTime\qttask .exe ----a-w 77,824 2008-03-03 19:49:31 C:\Program Files\QuickTime\qttask .exe [/code] ((((((((((((((((((((((((((((( snapshot@2008-03-14_11.25.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-15 18:03:17 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-03-15 18:03:18 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-03-15 18:03:19 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-03-15 18:03:24 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 22:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 22:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-03-15 18:03:26 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-03-15 18:03:19 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 22:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 22:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2008-03-07 14:01 67112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-03-07 14:01 483328] "TangoManager"="C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.exe" [2008-03-07 14:02 2170880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk backup=C:\WINDOWS\pss\hp officejet 4100 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] --a------ 2008-03-03 12:19 53248 C:\hp\bin\AUTOTKIT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] --a------ 2008-03-03 12:19 24576 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a------ 2008-03-03 12:19 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-03-03 12:19 71280 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart] --a------ 2008-03-03 12:23 18244856 C:\Program Files\ErrorSmart\ErrorSmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-03-03 12:49 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2008-03-03 12:49 61440 C:\HP\KBD\KBD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] --a--c--- 2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2008-03-03 12:49 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --a------ 2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2008-03-03 12:49 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-03 12:49 77824 C:\Program Files\QuickTime\qttask .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2008-03-03 12:49 212992 C:\WINDOWS\SMINST\RECGUARD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a------ 2008-03-03 12:49 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-03 12:49 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-03 12:49 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2008-03-03 12:49 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] R3 ENDETECT;ENDETECT;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [2003-08-05 13:56] R3 L2XPSR;L2XPSR;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [2003-08-05 13:54] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 12:01] R3 NTSTPL4;NTSTPL4;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2003-08-05 13:56] R3 TAPBIND;TAPBIND;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [2003-08-05 13:56] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 02:15] S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 02:15] S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [2003-08-05 13:56] S3 NTSTPL2;NTSTPL2;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2003-08-05 13:56] S3 NTSTPL3;NTSTPL3;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2003-08-05 13:56] . Contents of the 'Scheduled Tasks' folder "2008-03-11 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart .ex - C:\Program Files\ErrorSmart "2004-08-02 17:58:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083520646.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-10 19:46:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083786321.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-18 23:04:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-03-11 16:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job" - c:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2008-03-08 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - c:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-03-11 17:43:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-18 16:07:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-18 16:09:08 ComboFix2.txt 2008-03-14 18:25:42 . 2008-03-14 12:52:48 --- E O F ---

0

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\Program Files\Del.js Folder:: C:\Program Files\QuickTime Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Post a new Combofix log.

0

I really appreciate all you're doing. You're the BEST!!!!! ComboFix 08-03-21.1 - Owner 2008-03-21 13:21:37.8 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\Program Files\Del.js . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Program Files\Del.js C:\Program Files\QuickTime C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe . ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-21 13:19 . 2008-03-21 13:19 3,631 --a------ C:\119.tmp 2008-03-20 12:26 . 2008-03-20 12:30 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-03-20 12:26 . 2008-03-20 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-20 11:33 . 2008-03-20 11:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-15 11:03 . 2008-03-15 14:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-13 10:54 . 2008-03-13 10:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\CCleaner 2008-03-13 10:22 . 2008-03-13 10:22 <DIR> d-------- C:\Program Files\Sun 2008-03-13 10:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 10:18 . 2008-03-13 10:18 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-11 11:49 . 2008-03-21 12:22 35,620 --a------ C:\VETlog.dmp 2008-03-07 14:13 . 2008-03-07 14:40 <DIR> d-------- C:\ComboFix[1] 2008-03-03 12:18 . 2008-03-03 12:49 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-03-02 14:55 . 2008-03-02 14:55 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-02 14:09 . 2008-03-02 14:09 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-02-29 14:14 . 2008-03-07 04:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart 2008-02-29 14:12 . 2008-03-11 10:42 <DIR> d-------- C:\Program Files\ErrorSmart . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-20 18:33 --------- d-----w C:\Program Files\Windows Defender 2008-03-13 17:22 --------- d-----w C:\Program Files\Java 2008-03-11 17:42 --------- d-----w C:\Program Files\SymNetDrv 2008-03-11 17:42 --------- d-----w C:\Program Files\Multimedia Card Reader 2008-03-11 17:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-11 17:42 --------- d-----w C:\Program Files\AIM 2008-03-07 21:01 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe 2008-03-03 20:54 --------- d-----w C:\Program Files\Viewpoint 2008-03-03 19:49 81,920 ----a-w C:\WINDOWS\system32\ps2.exe 2008-03-03 19:18 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2008-03-02 21:09 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2008-02-15 22:00 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-08 22:32 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2004-10-01 22:54 227,190,984 -c--a-w C:\Program Files\OfficeSTD.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-14_11.25.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-15 18:03:17 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-03-15 18:03:18 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-03-15 18:03:19 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-03-15 18:03:24 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 22:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 22:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-03-15 18:03:26 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-03-15 18:03:19 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 22:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 22:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll - 2000-08-31 16:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe + 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe - 2000-08-31 16:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe + 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe - 2000-08-31 16:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe + 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe - 2000-08-31 16:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe + 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe - 2000-08-31 16:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe + 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe - 2000-08-31 16:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe - 2000-08-31 16:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe + 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2008-03-07 14:01 67112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-03-07 14:01 483328] "TangoManager"="C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.exe" [2008-03-07 14:02 2170880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk backup=C:\WINDOWS\pss\hp officejet 4100 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] --a------ 2008-03-03 12:19 53248 C:\hp\bin\AUTOTKIT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] --a------ 2008-03-03 12:19 24576 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a------ 2008-03-03 12:19 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-03-03 12:19 71280 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart] --a------ 2008-03-03 12:23 18244856 C:\Program Files\ErrorSmart\ErrorSmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-03-03 12:49 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] --a--c--- 2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2008-03-03 12:49 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --a------ 2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2008-03-03 12:49 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2008-03-03 12:49 212992 C:\WINDOWS\SMINST\RECGUARD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a------ 2008-03-03 12:49 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-03 12:49 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-03 12:49 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2008-03-03 12:49 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AIM\\aim.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] R3 ENDETECT;ENDETECT;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [2003-08-05 13:56] R3 L2XPSR;L2XPSR;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [2003-08-05 13:54] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 12:01] R3 NTSTPL4;NTSTPL4;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2003-08-05 13:56] R3 TAPBIND;TAPBIND;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [2003-08-05 13:56] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 02:15] S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 02:15] S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [2003-08-05 13:56] S3 NTSTPL2;NTSTPL2;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2003-08-05 13:56] S3 NTSTPL3;NTSTPL3;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2003-08-05 13:56] . Contents of the 'Scheduled Tasks' folder "2008-03-11 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart .ex - C:\Program Files\ErrorSmart "2004-08-02 17:58:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083520646.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-10 19:46:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083786321.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-11 16:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job" - c:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2008-03-08 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - c:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-03-20 17:48:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-21 13:25:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-21 13:26:21 ComboFix-quarantined-files.txt 2008-03-21 20:25:57 ComboFix2.txt 2008-03-18 23:09:09 ComboFix3.txt 2008-03-14 18:25:42 . 2008-03-20 18:31:29 --- E O F ---

0

Looks better. Please download SmitFraudFix from this link: SmitfraudFix Then extract the contents to your desktop. !!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!! Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd" Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Download SDFix to your desktop from the following link: SDFix.exe. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt. Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\119.tmp C:\WINDOWS\system32\fdsv.exe C:\WINDOWS\system32\fdsv.exe C:\WINDOWS\system32\grep.exe C:\WINDOWS\system32\grep.exe C:\WINDOWS\system32\sed.exe C:\WINDOWS\system32\sed.exe C:\WINDOWS\system32\swsc.exe C:\WINDOWS\system32\swsc.exe C:\WINDOWS\system32\swxcacls.exe C:\WINDOWS\system32\swxcacls.exe C:\WINDOWS\system32\VFind.exe C:\WINDOWS\system32\VFind.exe C:\WINDOWS\system32\zip.exe C:\WINDOWS\system32\zip.exe Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run". Post a new Combofix log.

0

I pasted the smithfraudFix report but when I ran SDFix I lost it. I didn't want to run it again for fear I would mess something up. Let me know. [b]SDFix: Version 1.161 [/b] Run by Owner on Tue 03/25/2008 at 12:09 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\SYSTEM32\KFELKN.BMP - Deleted C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted C:\PROGRA~1\WINDOW~2\LAVU - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 12:19:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903" "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player" "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled:pcAnywhere Main Program" "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service" "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Mon 19 Apr 2004 196 A.SHR --- "C:\BOOT.BAK" Wed 10 Sep 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Wed 10 Sep 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Wed 10 Sep 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Wed 28 Apr 2004 238,792 A..H. --- "C:\Program Files\America Online 9.0\waol.exe" Thu 28 Feb 2008 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Sun 27 Jun 2004 34,816 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0005.tmp" Sun 27 Jun 2004 35,840 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1404.tmp" Sun 27 Jun 2004 34,816 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2595.tmp" Wed 10 Sep 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll" Fri 8 Apr 2005 494,080 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Gorman-105\~WRL1487.tmp" Fri 8 Apr 2005 493,056 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Gorman-105\~WRL2497.tmp" Mon 16 Feb 2004 313,344 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Tesoriero-31 (Complete)\~WRL1418.tmp" Mon 16 Feb 2004 313,344 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Tesoriero-31 (Complete)\~WRL1904.tmp" Sun 27 Jun 2004 323,584 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 1\Rhodes-70\~WRL1108.tmp" Sun 27 Jun 2004 330,752 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 1\Rhodes-70\~WRL1749.tmp" Sun 27 Jun 2004 323,072 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 1\Rhodes-70\~WRL3941.tmp" [b]Finished![/b]

0

ComboFix 08-03-21.1 - Owner 2008-03-25 12:37:33.9 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.219 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\119.tmp C:\WINDOWS\system32\fdsv.exe C:\WINDOWS\system32\grep.exe C:\WINDOWS\system32\sed.exe C:\WINDOWS\system32\swsc.exe C:\WINDOWS\system32\swxcacls.exe C:\WINDOWS\system32\VFind.exe C:\WINDOWS\system32\zip.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\119.tmp C:\WINDOWS\system32\fdsv.exe C:\WINDOWS\system32\grep.exe C:\WINDOWS\system32\sed.exe C:\WINDOWS\system32\swsc.exe C:\WINDOWS\system32\swxcacls.exe C:\WINDOWS\system32\VFind.exe C:\WINDOWS\system32\zip.exe . ((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))) . 2008-03-25 12:36 . 2008-03-25 12:36 3,631 --a------ C:\12.tmp 2008-03-25 12:04 . 2008-03-25 12:05 <DIR> d-------- C:\WINDOWS\ERUNT 2008-03-25 11:51 . 2008-03-25 12:24 <DIR> d-------- C:\SDFix 2008-03-25 11:46 . 2008-03-25 11:46 1,682 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-21 13:20 . 2008-03-21 13:20 3,631 --a------ C:\11A.tmp 2008-03-20 12:26 . 2008-03-20 12:30 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-03-20 12:26 . 2008-03-20 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-20 11:33 . 2008-03-20 11:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-15 11:03 . 2008-03-15 14:06 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-13 10:57 . 2008-03-13 10:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-13 10:54 . 2008-03-13 10:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\CCleaner 2008-03-13 10:22 . 2008-03-13 10:22 <DIR> d-------- C:\Program Files\Sun 2008-03-13 10:22 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 10:18 . 2008-03-13 10:18 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-11 11:49 . 2008-03-21 12:22 35,620 --a------ C:\VETlog.dmp 2008-03-07 14:13 . 2008-03-07 14:40 <DIR> d-------- C:\ComboFix[1] 2008-03-03 12:18 . 2008-03-03 12:49 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe 2008-03-02 14:55 . 2008-03-02 14:55 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-02 14:09 . 2008-03-02 14:09 158,208 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe 2008-02-29 14:14 . 2008-03-07 04:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart 2008-02-29 14:12 . 2008-03-11 10:42 <DIR> d-------- C:\Program Files\ErrorSmart . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-20 18:33 --------- d-----w C:\Program Files\Windows Defender 2008-03-13 17:22 --------- d-----w C:\Program Files\Java 2008-03-11 17:42 --------- d-----w C:\Program Files\SymNetDrv 2008-03-11 17:42 --------- d-----w C:\Program Files\Multimedia Card Reader 2008-03-11 17:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-11 17:42 --------- d-----w C:\Program Files\AIM 2008-03-07 21:01 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe 2008-03-03 20:54 --------- d-----w C:\Program Files\Viewpoint 2008-03-03 19:49 81,920 ----a-w C:\WINDOWS\system32\ps2.exe 2008-03-03 19:18 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe 2008-03-02 21:09 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2008-02-15 22:00 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-08 22:32 --------- d-----w C:\Program Files\Norton AntiVirus 2008-01-09 22:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2004-10-01 22:54 227,190,984 -c--a-w C:\Program Files\OfficeSTD.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-14_11.25.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-15 18:03:17 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll + 2008-03-15 18:03:18 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll + 2008-03-15 18:03:19 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll + 2008-03-15 18:03:24 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll + 2008-01-09 22:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll + 2008-01-09 22:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll + 2008-03-15 18:03:26 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll + 2008-03-15 18:03:19 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll + 2008-01-09 22:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll + 2008-01-09 22:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll + 2008-03-25 13:28:52 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.exe + 2008-03-25 19:05:28 6,832,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2008-03-25 19:05:28 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-03-25 13:28:52 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.exe + 2008-03-25 19:05:10 6,832,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2008-03-25 19:05:10 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat - 2002-08-29 12:00:00 50,620 -c--a-w C:\WINDOWS\system32\command.com + 2001-08-18 20:00:00 50,620 -c--a-w C:\WINDOWS\system32\command.com . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="C:\Program Files\AIM\aim.exe" [2008-03-07 14:01 67112] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-03-07 14:01 483328] "TangoManager"="C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.exe" [2008-03-07 14:02 2170880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 12:49 185784] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp officejet 4100 series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk backup=C:\WINDOWS\pss\hp officejet 4100 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=C:\WINDOWS\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit] --a------ 2008-03-03 12:19 53248 C:\hp\bin\AUTOTKIT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] --a------ 2008-03-03 12:19 24576 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a------ 2008-03-03 12:19 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-03-03 12:19 71280 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart] --a------ 2008-03-03 12:23 18244856 C:\Program Files\ErrorSmart\ErrorSmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-03-03 12:49 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG] --a--c--- 2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2008-03-03 12:49 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --a------ 2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2008-03-03 12:49 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2008-03-03 12:49 212992 C:\WINDOWS\SMINST\RECGUARD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a------ 2008-03-03 12:49 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2008-03-03 12:49 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-03 12:49 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2008-03-03 12:49 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"= "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AIM\\aim.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] R3 ENDETECT;ENDETECT;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [2003-08-05 13:56] R3 L2XPSR;L2XPSR;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [2003-08-05 13:54] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\lne100v5.sys [2001-04-01 12:01] R3 NTSTPL4;NTSTPL4;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL4.SYS [2003-08-05 13:56] R3 TAPBIND;TAPBIND;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [2003-08-05 13:56] S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 02:15] S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 02:15] S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59] S3 NTSTPL1;NTSTPL1;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [2003-08-05 13:56] S3 NTSTPL2;NTSTPL2;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL2.SYS [2003-08-05 13:56] S3 NTSTPL3;NTSTPL3;C:\PROGRA~1\FRONTI~1\FRONTI~1\app\NTSTPL3.SYS [2003-08-05 13:56] . Contents of the 'Scheduled Tasks' folder "2008-03-11 10:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart .ex - C:\Program Files\ErrorSmart "2004-08-02 17:58:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083520646.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-10 19:46:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1083786321.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe:-I "2008-03-11 16:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job" - c:\PROGRA~1\NORTON~1\NAVW32.EXEh/task: "2008-03-08 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job" - c:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-03-20 17:48:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 12:40:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-25 12:41:46 ComboFix-quarantined-files.txt 2008-03-25 19:41:15 ComboFix2.txt 2008-03-21 20:26:22 ComboFix3.txt 2008-03-18 23:09:09 ComboFix4.txt 2008-03-14 18:25:42 . 2008-03-20 18:31:29 --- E O F ---

0

[b]SDFix: Version 1.161 [/b] Run by Owner on Tue 03/25/2008 at 12:09 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default Desktop Wallpaper Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\SYSTEM32\KFELKN.BMP - Deleted C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted C:\PROGRA~1\WINDOW~2\LAVU - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-25 12:19:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903" "C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player" "C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled:pcAnywhere Main Program" "C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service" "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Mon 19 Apr 2004 196 A.SHR --- "C:\BOOT.BAK" Wed 10 Sep 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Wed 10 Sep 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Wed 10 Sep 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Wed 28 Apr 2004 238,792 A..H. --- "C:\Program Files\America Online 9.0\waol.exe" Thu 28 Feb 2008 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Sun 27 Jun 2004 34,816 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0005.tmp" Sun 27 Jun 2004 35,840 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1404.tmp" Sun 27 Jun 2004 34,816 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2595.tmp" Wed 10 Sep 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll" Fri 8 Apr 2005 494,080 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Gorman-105\~WRL1487.tmp" Fri 8 Apr 2005 493,056 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Gorman-105\~WRL2497.tmp" Mon 16 Feb 2004 313,344 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Tesoriero-31 (Complete)\~WRL1418.tmp" Mon 16 Feb 2004 313,344 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 2\Tesoriero-31 (Complete)\~WRL1904.tmp" Sun 27 Jun 2004 323,584 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 1\Rhodes-70\~WRL1108.tmp" Sun 27 Jun 2004 330,752 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 1\Rhodes-70\~WRL1749.tmp" Sun 27 Jun 2004 323,072 A..H. --- "C:\Documents and Settings\Owner\My Documents\SALES\SALES Phase 1\Rhodes-70\~WRL3941.tmp" [b]Finished![/b]

0

Hotel deals are hard to come by, people say discount hotels and cheap hotels but they only list large chains who charge high rates. Search small and large chains to find a better deal, simply type in your city and search for a great deal! www.findhotels.cc Thank You For Viewing our page!! :)

0