The trojan that keeps on giving

Hewlett-packard / Pavilion zv6100 (ec373ua#...
March 2, 2010 at 17:38:36
Specs: Microsoft Windows XP Home Edition, 1.994 GHz / 1278 MB
Comment: (edit)Help...week ago (virus scan was off) got trojan virus, when scan of Kaspersky was updated and run found and deleted few viruses..but computer is still acting strange, super slow and programs wont open. Compared to you guys, Im a novice , do I just dump everything a start fresh or is there any kinda hope?



See More: The trojan that keeps on giving

Report •


#1
March 2, 2010 at 17:45:17
See if you can get this to run, it will help determine the type of virus you have.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
March 2, 2010 at 18:55:41
Thanks!!! really appreciate your taking the time to help!!


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2005 12:04:28 AM
System Uptime: 3/2/2010 7:23:34 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3200+ | U23 | 1994/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 52.492 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11b/g WLAN
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C&REV_02\4&13826118&0&10A4
Manufacturer: Broadcom
Name: Broadcom 802.11b/g WLAN
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_1355103C&REV_02\4&13826118&0&10A4
Service: BCM43XX

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: KmxAgent
Device ID: ROOT\LEGACY_KMXAGENT\0000
Manufacturer:
Name: KmxAgent
PNP Device ID: ROOT\LEGACY_KMXAGENT\0000
Service: KmxAgent

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: KmxCF
Device ID: ROOT\LEGACY_KMXCF\0000
Manufacturer:
Name: KmxCF
PNP Device ID: ROOT\LEGACY_KMXCF\0000
Service: KmxCF

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: KmxFile
Device ID: ROOT\LEGACY_KMXFILE\0000
Manufacturer:
Name: KmxFile
PNP Device ID: ROOT\LEGACY_KMXFILE\0000
Service: KmxFile

==== System Restore Points ===================

RP1449: 3/1/2010 11:34:04 PM - System Checkpoint

==== Installed Programs ======================


Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Pictures Tools (version 10.1.0.0)
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.70
Data Fax SoftModem with SmartCP
Driver Detective
Driver_Detective Toolbar
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Help and Support
HP Pavillion zv6000 User Guides
HP Product Detection
HP Update
HP Wireless Assistant 1.01 A3
HpSdpAppCoreApp
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Internet Security 2009
LimeWire 5.1.4
LS_HSI
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0 - SE
MyIdentityDefender Toolbar (CyberDefender Corporation)
OmniPage SE
OpenOffice.org 3.1
PaperPort
Quick Launch Buttons 5.20 H1
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
REALTEK Gigabit and Fast Ethernet NIC Driver
Revo Uninstaller 1.85
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skype™ 4.1
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
TIPCI
ubCore
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Upromise TurboSaver (remove only)
UserGuides
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/2/2010 7:11:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
3/2/2010 6:36:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
3/2/2010 6:36:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
3/2/2010 10:31:25 AM, error: Service Control Manager [7031] - The Kaspersky Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2/26/2010 9:31:36 AM, error: Service Control Manager [7000] - The HP Pci Information service failed to start due to the following error: The system cannot find the path specified.
2/26/2010 6:44:07 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Donna.
2/26/2010 6:42:23 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
2/25/2010 9:25:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Donna at 21:03:29.76 on Tue 03/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.624 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Download Files\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://optonline.net/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\donna\local settings\application data\cyberdefender\cdmyidd.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Driver Detective Toolbar: {8786b320-6cf4-47da-aef0-47011b3f84fb} - c:\program files\driver_detective\tbDri0.dll
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\donna\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\donna\local settings\application data\cyberdefender\cdmyidd.dll
TB: Driver Detective Toolbar: {8786b320-6cf4-47da-aef0-47011b3f84fb} - c:\program files\driver_detective\tbDri0.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
{10134636-e7af-4ac5-a1dc-c7c44bb97d81}
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-2-20 213520]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 208616]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-6-19 45824]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-17 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-6-19 56960]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
S2 gupdate1ca880f8cafa04c;Google Update Service (gupdate1ca880f8cafa04c);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 133104]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\donna\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\donna\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-12-31 30560]

=============== Created Last 30 ================

2010-02-26 23:43:58 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-23 00:29:33 0 d-----w- c:\docume~1\donna\applic~1\Gizmoz
2010-02-23 00:28:59 25600 ----a-w- c:\windows\system32\borlndmm.dll
2010-02-23 00:28:48 72192 ----a-w- c:\windows\system32\taskkill.exe
2010-02-23 00:28:48 0 d-----w- c:\program files\Gizmoz Talking Headz
2010-02-21 04:11:30 0 d-----w- c:\windows\system32\Adobe
2010-02-21 02:52:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap
2010-02-20 15:52:13 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-20 15:52:13 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-20 15:49:42 729120 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-20 15:49:42 3856416 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-20 15:49:42 3572 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-20 15:49:42 31208 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-20 15:49:42 0 d-----w- c:\program files\Kaspersky Lab
2010-02-20 15:49:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-02-20 15:34:49 0 d-----w- c:\program files\VS Revo Group
2010-02-20 15:10:13 0 d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2010-02-20 04:58:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-02-19 23:21:26 0 d-----w- c:\program files\Panda Security
2010-02-15 05:22:16 0 d-----w- c:\docume~1\donna\applic~1\Quirky Games
2010-02-15 05:20:54 4096 ----a-w- c:\windows\d3dx.dat
2010-02-10 01:37:13 0 d-----w- c:\docume~1\donna\applic~1\iWin
2010-02-10 01:19:45 0 d-----w- c:\program files\Oberon Media
2010-02-10 01:19:44 0 d-----w- c:\program files\Optimum Games
2010-02-10 01:19:44 0 d-----w- c:\program files\common files\Oberon Media
2010-02-07 06:38:09 0 d-----w- c:\docume~1\alluse~1\applic~1\GameHouse
2010-02-07 05:28:16 0 d-----w- c:\docume~1\donna\applic~1\TheFixerUpper
2010-02-07 05:24:25 26 ----a-w- c:\windows\popcinfo.dat
2010-02-07 03:56:15 0 d-----w- c:\program files\RealArcade

==================== Find3M ====================

2010-02-20 16:19:19 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-20 14:54:33 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-20 14:54:33 105284 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-04 18:22:22 455424 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-11 03:49:25 7619800 -c--a-w- c:\program files\asc-setup.exe
2008-07-02 15:15:49 62910 -c--a-w- c:\program files\Uninstall.exe
2008-07-02 15:15:49 0 -c--a-w- c:\program files\uninstall.dat
2008-02-09 15:47:27 361536 -c----w- c:\program files\issdm_en_32.exe
2007-12-12 00:45:14 1688688 -c----w- c:\program files\sp33698.exe
2006-03-18 00:52:43 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-08-23 13:04:13 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 21:04:39.89 ===============


Report •

#3
March 3, 2010 at 03:32:08
Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

Please unintall LimeWire at least until we get your computer clean.

Please download Combofix from internet explorer instead another browser.

Remember..your Kaspersky antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

Related Solutions

#4
March 3, 2010 at 04:53:33
OK...did it all and here is the log:

ComboFix 10-03-02.08 - Donna 03/03/2010 7:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.133 [GMT -5:00]
Running from: c:\documents and settings\Donna\Desktop\combo-fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\CyberDefender
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-2738528725-3377773627-2742169642-1003
c:\windows\BackUp
c:\windows\BackUp\S\60215000.DAT
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\patch.exe
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32.dll
c:\windows\system32\Vb40032.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 12:07 . 2010-03-03 12:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 12:04 . 2010-03-03 12:04 152576 ----a-w- c:\documents and settings\Donna\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-03 12:04 . 2010-03-03 12:04 79488 ----a-w- c:\documents and settings\Donna\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-26 23:43 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-23 00:29 . 2010-02-23 00:42 -------- d-----w- c:\documents and settings\Donna\Application Data\Gizmoz
2010-02-23 00:28 . 2007-11-23 04:16 25600 ----a-w- c:\windows\system32\borlndmm.dll
2010-02-23 00:28 . 2010-02-23 01:03 -------- d-----w- c:\program files\Gizmoz Talking Headz
2010-02-23 00:28 . 2007-11-23 04:16 72192 ----a-w- c:\windows\system32\taskkill.exe
2010-02-23 00:28 . 2010-02-23 00:28 419328 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\04B3EC9B2B5945A1B7AFC5FAFC297401\THSkypePlugin.dll
2010-02-23 00:28 . 2010-02-23 00:28 1010688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\04B3EC9B2B5945A1B7AFC5FAFC297401\UninstallTalkingHeadz.exe
2010-02-23 00:28 . 2010-02-23 00:28 9871152 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\04B3EC9B2B5945A1B7AFC5FAFC297401\TalkingHeadzSetup.exe
2010-02-23 00:22 . 2010-02-23 00:22 1064960 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\C248BA0AB16341EE98466B74579F6923\Gif_Wallpaper.dll
2010-02-21 04:11 . 2010-02-21 04:15 -------- d-----w- c:\windows\system32\Adobe
2010-02-21 02:52 . 2010-02-21 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-02-20 16:18 . 2010-02-20 16:18 44808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2010-02-20 16:18 . 2010-02-20 16:18 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2010-02-20 16:18 . 2010-02-20 16:18 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2010-02-20 16:18 . 2010-02-20 16:18 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2010-02-20 15:52 . 2010-02-20 16:19 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-20 15:52 . 2010-02-20 16:19 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-20 15:49 . 2010-03-03 12:25 761888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-20 15:49 . 2010-03-03 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-20 15:49 . 2010-03-03 04:51 3856416 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-20 15:49 . 2010-02-20 15:49 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-20 15:34 . 2010-02-20 15:34 -------- d-----w- c:\program files\VS Revo Group
2010-02-20 15:10 . 2010-02-20 15:27 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-02-20 15:10 . 2010-02-20 15:10 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2010-02-20 15:10 . 2010-02-20 15:10 357640 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2010-02-20 15:10 . 2010-02-20 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-02-20 15:10 . 2010-02-20 15:10 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2010-02-20 04:58 . 2010-02-20 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-02-19 23:26 . 2010-02-19 23:26 61120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 23:21 . 2010-02-21 22:05 -------- d-----w- c:\program files\Panda Security
2010-02-19 23:08 . 2010-02-19 23:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-19 23:08 . 2010-02-19 23:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-15 05:22 . 2010-02-15 05:22 -------- d-----w- c:\documents and settings\Donna\Application Data\Quirky Games
2010-02-15 05:20 . 2010-02-15 05:20 4096 ----a-w- c:\windows\d3dx.dat
2010-02-10 01:37 . 2010-02-10 01:37 -------- d-----w- c:\documents and settings\Donna\Application Data\iWin
2010-02-10 01:19 . 2010-02-10 01:35 -------- d-----w- c:\program files\Oberon Media
2010-02-10 01:19 . 2010-02-10 04:16 -------- d-----w- c:\program files\Optimum Games
2010-02-10 01:19 . 2010-02-10 01:19 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-02-07 06:38 . 2010-02-07 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2010-02-07 05:28 . 2010-02-07 05:28 -------- d-----w- c:\documents and settings\Donna\Application Data\TheFixerUpper
2010-02-07 05:24 . 2010-02-15 05:58 26 ----a-w- c:\windows\popcinfo.dat
2010-02-07 03:56 . 2010-02-19 03:31 -------- d-----w- c:\program files\RealArcade
2010-02-04 02:30 . 2010-02-04 02:30 931840 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 12:25 . 2010-02-20 15:49 3684 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-03 12:06 . 2005-05-12 03:39 -------- d-----w- c:\program files\Java
2010-03-03 04:51 . 2010-02-20 15:49 31208 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-03 04:50 . 2006-11-03 04:29 -------- d-----w- c:\program files\Trend Micro
2010-03-03 00:14 . 2010-01-09 16:34 -------- d-----w- c:\documents and settings\Donna\Application Data\Skype
2010-03-02 21:01 . 2009-12-31 22:52 -------- d-----w- c:\documents and settings\Donna\Application Data\skypePM
2010-02-26 23:08 . 2009-10-02 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-02-26 22:45 . 2009-11-27 14:59 1 ----a-w- c:\documents and settings\Donna\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-26 02:23 . 2006-05-27 15:12 61120 -c--a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 05:09 . 2010-01-03 16:42 135440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-20 16:19 . 2008-01-29 23:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-02-20 14:54 . 2008-04-18 10:54 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-02-20 14:54 . 2008-04-18 10:54 105284 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-02-17 04:23 . 2009-10-13 11:26 -------- d-----w- c:\documents and settings\Donna\Application Data\HpUpdate
2010-02-15 04:20 . 2007-06-22 05:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-13 14:38 . 2005-12-17 01:38 -------- d-----w- c:\program files\Viewpoint
2010-02-13 14:38 . 2009-06-20 01:01 -------- d-----w- c:\program files\Driver_Detective
2010-01-24 01:16 . 2010-01-24 01:16 -------- d-----w- c:\documents and settings\Donna\Application Data\UltraVNC
2010-01-20 11:40 . 2005-12-17 01:39 -------- d-----w- c:\program files\Common Files\Real
2010-01-20 11:40 . 2005-12-17 01:39 -------- d-----w- c:\program files\Real
2010-01-11 23:12 . 2008-01-07 14:32 -------- d-----w- c:\documents and settings\Donna\Application Data\Move Networks
2010-01-11 23:11 . 2010-01-11 23:11 144160 ----a-w- c:\documents and settings\Donna\Application Data\Move Networks\uninstall.exe
2010-01-11 23:11 . 2009-12-10 21:23 4183416 ----a-w- c:\documents and settings\Donna\Application Data\Move Networks\plugins\npqmp071503000010.dll
2010-01-11 23:11 . 2010-01-11 23:11 1440376 ----a-w- c:\documents and settings\Donna\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2010-01-09 16:34 . 2010-01-09 16:34 -------- d-----w- c:\program files\Common Files\Skype
2010-01-09 16:34 . 2009-12-28 22:45 -------- d-----r- c:\program files\Skype
2010-01-09 16:34 . 2009-12-27 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-04 19:40 . 2009-08-21 23:59 -------- d-----w- c:\program files\Alawar
2010-01-01 02:37 . 2010-01-01 02:37 925696 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\MoodEditor.exe
2010-01-01 02:37 . 2010-01-01 02:37 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\zlib.dll
2010-01-01 02:37 . 2010-01-01 02:37 533504 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\CrashRpt.dll
2010-01-01 02:37 . 2010-01-01 02:37 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\dbghelp.dll
2009-12-31 22:52 . 2009-12-31 22:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 22:51 . 2009-12-31 22:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 08:00 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\Donna\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-08 19:27 . 2004-08-04 08:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 08:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-11 03:49 . 2009-05-11 03:49 7619800 -c--a-w- c:\program files\asc-setup.exe
2008-07-02 15:15 . 2008-07-02 15:15 62910 -c--a-w- c:\program files\Uninstall.exe
2008-07-02 15:15 . 2008-07-02 15:15 0 -c--a-w- c:\program files\uninstall.dat
2008-02-09 15:47 . 2008-02-09 15:47 361536 -c----w- c:\program files\issdm_en_32.exe
2007-12-12 00:45 . 2007-12-12 00:45 1688688 -c----w- c:\program files\sp33698.exe
2006-03-18 00:52 . 2006-03-18 00:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8786b320-6cf4-47da-aef0-47011b3f84fb}"= "c:\program files\Driver_Detective\tbDri0.dll" [2010-02-14 2349080]

[HKEY_CLASSES_ROOT\clsid\{8786b320-6cf4-47da-aef0-47011b3f84fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8786b320-6cf4-47da-aef0-47011b3f84fb}]
2010-02-14 23:34 2349080 -c--a-w- c:\program files\Driver_Detective\tbDri0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8786b320-6cf4-47da-aef0-47011b3f84fb}"= "c:\program files\Driver_Detective\tbDri0.dll" [2010-02-14 2349080]

[HKEY_CLASSES_ROOT\clsid\{8786b320-6cf4-47da-aef0-47011b3f84fb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8786B320-6CF4-47DA-AEF0-47011B3F84FB}"= "c:\program files\Driver_Detective\tbDri0.dll" [2010-02-14 2349080]

[HKEY_CLASSES_ROOT\clsid\{8786b320-6cf4-47da-aef0-47011b3f84fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2010-02-20 208616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-03 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\73022643235441407206027693589467
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfasem
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-02-08 16:02 2343632 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1134783461\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Online Services\\US_InstallAOL\\Dial-up\\InstallAol.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134783461\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134783461\\EE\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134783461\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Donna\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
"5910:TCP"= 5910:TCP:vnc5910
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [6/19/2009 8:03 PM 45824]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/17/2007 1:42 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/22/2005 9:39 AM 200192]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/31/2009 5:48 PM 30560]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [6/19/2009 8:03 PM 56960]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 6:08 PM 63504]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 6:08 PM 45584]
S2 gupdate1ca880f8cafa04c;Google Update Service (gupdate1ca880f8cafa04c);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 5:46 PM 133104]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 6:08 PM 134648]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Donna\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Donna\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-10 19:11]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 22:45]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 22:45]

2010-02-23 c:\windows\Tasks\Microsoft_Hardware_Launch_IcePick_exe.job
- c:\program files\Microsoft LifeCam\IcePick.exe [2009-07-24 20:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://optonline.net/
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
MSConfigStartUp-cafw - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
AddRemove-{AA63780B-DDB7-417b-8A13-E5AFBE08E807} - c:\program files\CyberDefender\cdinstx.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,d3,40,05,e0,db,4b,4f,bc,91,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c7,d3,40,05,e0,db,4b,4f,bc,91,f1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1644)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-03 07:38:24
ComboFix-quarantined-files.txt 2010-03-03 12:38

Pre-Run: 55,893,090,304 bytes free
Post-Run: 56,569,716,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 922BFA6AFDC1805E268F89085A751BC3


Report •

#5
March 3, 2010 at 22:12:19
Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#6
March 4, 2010 at 09:13:44
OK did as you told me, does this mean Im not infected anymore?? Below the results:
can report generated at: Thu, Mar 04, 2010 - 09:29:37


Scan path: C:\;D:\;


Statistics

Time
02:52:17

Files
609653

Folders
13015

Boot Sectors
0

Archives
61158

Packed Files
16376

Results

Identified Viruses
12

Infected Files
16

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
22




Engines Info

Virus Definitions
5368161

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Jan 06 2010)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\08582f29b8ba9748.klq=>(Quarantine-6)
Infected with: Trojan.Generic.IS.574696

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\08582f29b8ba9748.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\1b78534cf3f02c89.klq=>(Quarantine-6)=>(Quarantine-4)
Detected with: Application.Generic.106682

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\1b78534cf3f02c89.klq=>(Quarantine-6)=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\1b78534cf3f02c89.klq=>(Quarantine-6)=>(Quarantine-4)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\1b78534cf3f02c89.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\202df4adfb0c6446.klq=>(Quarantine-6)
Infected with: Gen:Trojan.Heur.Bz@@rCT4Z0l

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\202df4adfb0c6446.klq=>(Quarantine-6)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\202df4adfb0c6446.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\4cf23edcff8519bc.klq=>(Quarantine-6)
Infected with: Trojan.Downloader.Wimad.H

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\4cf23edcff8519bc.klq=>(Quarantine-6)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\4cf23edcff8519bc.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\5c60015b8c785ce8.klq=>(Quarantine-6)
Detected with: Gen:Adware.Heur.py4@fbMcsjci

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\5c60015b8c785ce8.klq=>(Quarantine-6)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\5c60015b8c785ce8.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\6301e4a53a415f48.klq=>(Quarantine-6)
Infected with: Trojan.Generic.IS.574696

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\6301e4a53a415f48.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\7f503544255ce148.klq=>(Quarantine-6)
Infected with: Trojan.Downloader.WMA.Wimad.Z

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\7f503544255ce148.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\9d94e020cb12b673.klq=>(Quarantine-6)=>(Quarantine-4)
Detected with: Adware.SpySheriff.BS

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\9d94e020cb12b673.klq=>(Quarantine-6)=>(Quarantine-4)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\9d94e020cb12b673.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\9f49926437f56d07.klq=>(Quarantine-6)=>(Quarantine-4)
Infected with: Trojan.Generic.172128

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\9f49926437f56d07.klq=>(Quarantine-6)=>(Quarantine-4)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\9f49926437f56d07.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\a52a9cbef95f96da.klq=>(Quarantine-6)=>(Quarantine-4)
Detected with: Adware.Generic.59468

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\a52a9cbef95f96da.klq=>(Quarantine-6)=>(Quarantine-4)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\a52a9cbef95f96da.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\c53920804b0c6c3c.klq=>(Quarantine-6)
Infected with: Gen:Trojan.Heur.Bz@@rCT4Z0l

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\c53920804b0c6c3c.klq=>(Quarantine-6)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\c53920804b0c6c3c.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\e287ca96512b4bde.klq=>(Quarantine-6)
Infected with: Trojan.Downloader.Wimad.H

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\e287ca96512b4bde.klq=>(Quarantine-6)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\e287ca96512b4bde.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\f2f6f53a8e4a270d.klq=>(Quarantine-6)=>(Quarantine-4)
Detected with: Application.Generic.106682

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\f2f6f53a8e4a270d.klq=>(Quarantine-6)=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\f2f6f53a8e4a270d.klq=>(Quarantine-6)=>(Quarantine-4)
Deleted

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB\f2f6f53a8e4a270d.klq=>(Quarantine-6)
Deleted

C:\Documents and Settings\Donna\.housecall6.6\Quarantine\SpyShredder1.dll.bac_a04516=>(Quarantine-4)
Infected with: Generic.Zlob.2DDDA041

C:\Documents and Settings\Donna\.housecall6.6\Quarantine\SpyShredder1.dll.bac_a04516=>(Quarantine-4)
Disinfection failed

C:\Documents and Settings\Donna\.housecall6.6\Quarantine\SpyShredder1.dll.bac_a04516=>(Quarantine-4)
Deleted

C:\Documents and Settings\Donna\.housecall6.6\Quarantine\SpyShredder1.dll.bac_a04516
Deleted

C:\Documents and Settings\Family\Shared\Saliva - Open Eyes.wma
Infected with: Trojan.Generic.IS.609594

C:\Documents and Settings\Family\Shared\Saliva - Open Eyes.wma
Deleted

C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\install.rdf
Infected with: Trojan.Spy.Agent.NUI

C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru\install.rdf
Deleted












Report •

#7
March 4, 2010 at 14:18:56
A little clean-up to do.

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •


Ask Question