Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer full of Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer full of Malware

Unread postby carlrobison1 » July 3rd, 2007, 1:55 pm

I'm helping someone remove all the junk from their computer. They're getting lots of pop-ups even when they're not using IE. Here's a HJT log. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:51:34 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe
C:\WINDOWS\system32\s?stem\cmd.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f315.mail.yahoo.com/ym/login? ... 3v1kepv10k
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16654685-A34F-FD9F-1C1B-8E8DB155D2BF} - C:\WINDOWS\system32\kayb.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE39576CAC59B6
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SFF.tmp"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Hsas] "C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Lebpzln] C:\WINDOWS\system32\s?stem\cmd.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: Epson printer Registration.lnk = F:\E_reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://70.147.103.42/wg_webeye.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm
Advertisement
Register to Remove

Unread postby dan12 » July 3rd, 2007, 2:58 pm

Hi, and welcome to malwareremoval forums

I'm dan12, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby dan12 » July 3rd, 2007, 3:07 pm

Hi, I'm not seeing any signs of a firewall or an antivirus running on this machine. I'd like to get the Infection dealt with then address that.

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

_________

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a logfile located at C:\ComboFix.txt.
4. Post the contents of that log in your next reply with a new hijackthis log.


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please include new HJT log plus combofix report
in your next post
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby carlrobison1 » July 3rd, 2007, 6:09 pm

The logs follow...just to let you know, once combofix rebooted computer, it came to a black screen giving me the option of Safe mode, safe mode with networking...etc. the only way i could get past that screen was to select "last known working configuration." all the other options simply rebooted the computer.

HJT uninstall list

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Shockwave Player
Apple Software Update
Backyard Basketball
Big Fish Games Client
DigiLab 1.6.6
Digital Photo Recovery 2.0.3
Disney's Toontown Online
DownloadManager
EPSON Print CD
EPSON Printer Software
Express Burn
Family Feud (remove only)
Film Factory
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
ICC Color Profiles
Indeo® Software
Intel(R) Active Monitor
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 3
L&H TTS3000 Russian
LEGO Creator
Lemmings Revolution (remove only)
Lernout & Hauspie TruVoice American English TTS Engine
MediaRECOVER PRO
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Morpheus Toolbar
MSN Music Assistant
Multiple Image Resizer .NET
Multiple Image Resizer .NET
My Sam's Club Digital Photo Center
NCH Tone Generator Uninstall
Neat Image v5 Demo
Norton Spyware Scan provided by Yahoo!
NTI Backup NOW! 3
NTI DriveBackup! 3
NTI DVD-Maker 6 Gold
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
Outerinfo
p2pnetworks
PartyPokerNet
Photodex Presenter
PixRecovery
PowerDVD
ProShow Gold
PSM
QuickTime
RealArcade
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Snood for Windows version 3.52-W
SonicStage 2.1.00
SoundMAX
The Weather Channel Desktop
Ulead DVD MovieFactory 2 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
WavePad Uninstall
Weather Services
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar for Internet Explorer
Zoo Tycoon: Complete Collection

Combofix text

"Kevin Keelan" - 2007-07-03 17:41:46 - ComboFix 07-07-04.1 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\DOCUME~1\KEVINK~1\APPLIC~1.\sks~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\pppatc~1\alg.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\downloadmanager\agent.dll
C:\Program Files\downloadmanager\api.exe
C:\Program Files\downloadmanager\insdl.dll
C:\Program Files\downloadmanager\mptray.exe
C:\Program Files\downloadmanager\mpupdate.exe
C:\Program Files\downloadmanager\p2pinst.exe
C:\Program Files\downloadmanager\p2pl.exe
C:\Program Files\inetget2
C:\Program Files\mediapipe
C:\Program Files\mediapipe\ErrorLog.txt
C:\Program Files\mediapipe\ItBill.exe
C:\Program Files\mediapipe\ItBill_terms.txt
C:\Program Files\mediapipe\register.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\AlConfig.xml
C:\Program Files\p2pnetworks\alp2plib.log
C:\Program Files\p2pnetworks\alp2plib.log.bak
C:\Program Files\p2pnetworks\install.log
C:\Program Files\p2pnetworks\mpp2pl.exe
C:\Program Files\p2pnetworks\p2pnetworks.exe
C:\Program Files\p2pnetworks\sp2p.cache
C:\Program Files\p2pnetworks\uninst.exe
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\WINDOWS\b.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\system32\kayb.dll
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\sstem~1\cmd.exe
C:\WINDOWS\system32\wnstssv32.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


2007-07-03 17:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 17:39 1,118,676 --a------ C:\ComboFix.exe
2007-06-23 13:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-06-23 13:22 <DIR> d-------- C:\Program Files\Lemmings Revolution
2007-06-23 13:11 <DIR> d-------- C:\Downloads
2007-06-23 08:36 <DIR> d-------- C:\My Games
2007-06-23 08:35 <DIR> d-------- C:\My Download Files
2007-06-23 08:31 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-06-22 23:25 <DIR> d-------- C:\Program Files\Family Feud
2007-06-22 23:25 <DIR> d-------- C:\Program Files\bfgclient
2007-06-22 23:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-06-22 12:46 <DIR> d-------- C:\WINDOWS\lhsp
2007-06-22 12:21 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-06-22 12:21 <DIR> d-------- C:\DOCUME~1\KEVINK~1\APPLIC~1\NCH Swift Sound
2007-06-07 20:57 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 21:50:30 -------- d-----w C:\Program Files\DownloadManager
2007-07-03 21:39:41 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-06-23 12:30:48 -------- d-----w C:\Program Files\Real
2007-06-23 12:30:47 -------- d-----w C:\Program Files\Common Files\Real
2007-06-22 16:08:29 -------- d-----w C:\Program Files\DigiLab
2007-06-19 03:37:42 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-04 03:06:16 -------- d-----w C:\Program Files\PartyGaming.Net
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 20:41:55 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 12:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 20:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}]
2006-12-16 12:31 237568 --a------ C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}]
2006-12-16 12:31 57344 --a------ C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-10-23 13:37]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-10-14 18:44]
"IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 16:08]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.exe" [2003-03-06 16:27]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [2006-08-14 13:09]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-16 17:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-26 21:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-06-30 15:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 15:33]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]
"Hsas"="C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe" []
"Lebpzln"="C:\WINDOWS\system32\s?stem\cmd.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-06-24 15:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]
NULL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"


Contents of the 'Scheduled Tasks' folder
2007-06-30 20:55:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 17:58:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo 2200 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SFF.tmp"??t??w???w????????Z??w????*??w????~?I?????????????>??w??S???5?????????????z?#???F???????????????????????????????F????????????w????????????????\????????b?w??????????????#?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-03 17:59:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 17:59

--- E O F ---
Here's combofix quarantined files in case you need it

Code: Select all
2004-02-10 13:59      12800    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\insdl.dll.vir
2004-02-10 13:59      12800    --a------    C:\Qoobox\Quarantine\C\Program Files\MediaPipe\register.dll.vir
2005-05-12 18:43      915    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\AlConfig.xml.vir
2005-11-21 20:58      361856    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\p2pnetworks.exe.vir
2005-11-21 20:59      211955    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\p2pinst.exe.vir
2006-03-09 19:31      27349    --a------    C:\Qoobox\Quarantine\C\Program Files\MediaPipe\ItBill_terms.txt.vir
2006-03-10 20:24      114688    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\mpp2pl.exe.vir
2006-03-10 20:24      95652    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\p2pl.exe.vir
2006-03-10 20:25      126976    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\Agent.dll.vir
2006-03-10 20:39      281856    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\api.exe.vir
2006-03-10 20:39      423296    --a------    C:\Qoobox\Quarantine\C\Program Files\MediaPipe\ItBill.exe.vir
2006-03-10 20:40      116096    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\MPTray.exe.vir
2006-03-10 20:40      128384    --a------    C:\Qoobox\Quarantine\C\Program Files\DownloadManager\MPUpdate.exe.vir
2006-03-12 02:07      1099    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\install.log.vir
2006-03-12 02:07      2048    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\sp2p.cache.vir
2006-03-12 02:07      44965    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\uninst.exe.vir
2006-03-12 02:07      509    --a------    C:\Qoobox\Quarantine\C\Program Files\MediaPipe\ErrorLog.txt.vir
2006-09-25 18:31      0    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b.exe.vir
2007-01-12 16:00      18031    --a------    C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-06-12 04:12      99855    --a------    C:\Qoobox\Quarantine\C\WINDOWS\b122.exe.vir
2007-06-20 10:49      60928    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\kayb.dll.vir
2007-06-20 10:50      229888    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\SSTEM~1\cmd.exe.vir
2007-06-29 11:32      146944    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir
2007-07-01 17:41      40183    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir
2007-07-01 17:41      72704    --a------    C:\Qoobox\Quarantine\C\Program Files\Common Files\PPPATC~1\alg.exe.vir
2007-07-01 18:00      13312    --a------    C:\Qoobox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir
2007-07-01 18:00      49152    --a------    C:\Qoobox\Quarantine\C\Program Files\WinPop\winpop.exe.vir
2007-07-02 20:25      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wnstssv32.exe.vir
2007-07-02 20:26      40960    --a------    C:\Qoobox\Quarantine\C\WINDOWS\retadpu11.exe.vir
2007-07-02 21:01      2392    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\alp2plib.log.bak.vir
2007-07-03 10:12      343    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-07-03 17:52      2392    --a------    C:\Qoobox\Quarantine\C\Program Files\p2pnetworks\alp2plib.log.vir


Folder PATH listing for volume Windows XP
Volume serial number is 688E-5B7A
C:\QOOBOX
\---Quarantine
    +---C
    |   +---Program Files
    |   |   +---Common Files
    |   |   |   |   Yazzle1552OinAdmin.exe.vir
    |   |   |   |   Yazzle1552OinUninstaller.exe.vir
    |   |   |   |   
    |   |   |   \---PPPATC~1
    |   |   |           alg.exe.vir
    |   |   |           
    |   |   +---DownloadManager
    |   |   |       Agent.dll.vir
    |   |   |       api.exe.vir
    |   |   |       insdl.dll.vir
    |   |   |       MPTray.exe.vir
    |   |   |       MPUpdate.exe.vir
    |   |   |       p2pinst.exe.vir
    |   |   |       p2pl.exe.vir
    |   |   |       
    |   |   +---MediaPipe
    |   |   |       ErrorLog.txt.vir
    |   |   |       ItBill.exe.vir
    |   |   |       ItBill_terms.txt.vir
    |   |   |       register.dll.vir
    |   |   |       
    |   |   +---Outerinfo
    |   |   |       Terms.rtf.vir
    |   |   |       
    |   |   +---p2pnetworks
    |   |   |       AlConfig.xml.vir
    |   |   |       alp2plib.log.bak.vir
    |   |   |       alp2plib.log.vir
    |   |   |       install.log.vir
    |   |   |       mpp2pl.exe.vir
    |   |   |       p2pnetworks.exe.vir
    |   |   |       sp2p.cache.vir
    |   |   |       uninst.exe.vir
    |   |   |       
    |   |   \---WinPop
    |   |           UnInstall.exe.vir
    |   |           winpop.exe.vir
    |   |           
    |   \---WINDOWS
    |       |   b.exe.vir
    |       |   b122.exe.vir
    |       |   retadpu11.exe.vir
    |       |   wr.txt.vir
    |       |   
    |       \---system32
    |           |   kayb.dll.vir
    |           |   wnstssv32.exe.vir
    |           |   
    |           \---SSTEM~1
    |                   cmd.exe.vir
    |                   
    \---Registry_backups

And a new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:09:19 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f315.mail.yahoo.com/ym/login? ... 3v1kepv10k
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SFF.tmp"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Hsas] "C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Lebpzln] C:\WINDOWS\system32\s?stem\cmd.exe
O4 - Startup: Epson printer Registration.lnk = F:\E_reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://70.147.103.42/wg_webeye.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm

Unread postby dan12 » July 4th, 2007, 2:29 pm

Hi,carlrobison1,

Copy and paste the following in the quote box, into the command window and press enter. start > All programs > Accessories > command prompt. Then post me the output

dir C:\WINDOWS\system32\s?stem /a h > files.txt
notepad files.txt

__________________

Delete programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and clic.k Remove for the following (if present). It could be that they have a space or something between it , but it has to look like it:

  • Outerinfo
    p2pnetworks
    PartyPokerNet
    Morpheus Toolbar

**Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
______________________

Download ATF Cleaner by Atribune and save it to your Desktop.
Do not use yet!

Ewido is now known as ( AVG Anti-Spyware.)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Dont use yet!
__________________________

We need to reveal system folders
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options
  • After the new window appears select the View tab.
  • Place a checkmark in the checkbox labeled Display the contents of system folders
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Press the Apply and then the ok button and shut down my computer
  • Now your computer is configured to show all hidden files.
  • For you and the tools to be able to see appropriate files we need to Show Hidden Files

_________________________

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O4 - HKCU\..\Run: [Hsas] "C:\PROGRA~1\COMMON~1\PPPATC~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Lebpzln] C:\WINDOWS\system32\s?stem\cmd.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\PROGRA~1\COMMON~1\PPPATC~1 << This folder. "PPPATC~1" first six characters will be the same but may have more than eight.
C:\Program Files\PartyGaming.Net << This folder

_______________________

Run ATF cleaner
  • Double click ATF-Cleaner.exe to run the program.
  • Check the following boxes:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Recycle Bin
    • Java Cache
  • The rest are optional - if you want to remove the lot, check Select All.
  • Now click Empty Selected.
  • When you get the Done Cleaning message, click OK.
  • If you use Firefox browser.
    • Click Firefox at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.
  • If you use Opera browser.
    • Click Opera at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.


Run AVG Anti-Spyware

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Image
  • When done, click the Save Scan Report button. (4) <==== Note! This is the latest download version (7.5.143). click don't save the scan report when infact it will save it,I know it's confusing.

    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

___________________________

please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please include new HJT log, AVG Anti-Spyware log and kaspersky log
in your next post
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby dan12 » July 6th, 2007, 5:28 pm

How we doing?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby dan12 » July 8th, 2007, 3:18 am

Are you still needing help?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby carlrobison1 » July 8th, 2007, 1:59 pm

HI, Yes......sorry. I was trying to do this remotely but it's not working, so I'm bringing the computer to my place tomorrow and keeping it for a week. I'll post the needed logs tomorrow. Thanks for the help!
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm

Unread postby dan12 » July 8th, 2007, 2:33 pm

Thanks for letting me know.
:D
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby carlrobison1 » July 10th, 2007, 3:48 pm

From the command prompt:

Volume in drive C is Windows XP
Volume Serial Number is 688E-5B7A

Directory of C:\WINDOWS\system32


Directory of C:\Documents and Settings\Kevin Keelan

I uninstalled PARTYPOTKERNET and MORPHEUS, but Outerinfo and p2pnetworks didn't show up on the list of programs to add or remove.


Although I followed the directions for AVG, when it was done scanning, the "save report button" was faded and wasn't an option, so I couldn't do that. I thought I might have made a mistake, so I tried it again and the same thing happened. Sorry.

Here's the kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 10, 2007 3:40:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/07/2007
Kaspersky Anti-Virus database records: 360559


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 213433
Number of viruses found 15
Number of infected objects 29 / 0
Number of suspicious objects 0
Duration of the scan process 02:06:23

Infected Object Name Virus Name Last Action
C:\123.tmp Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\124.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\124.tmp NSIS: infected - 1 skipped

C:\Documents and Settings\Kevin Keelan\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\History\History.IE5\MSHist012007071020070711\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Temp\~DF3DA3.tmp Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Temp\~DFD7E9.tmp Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kevin Keelan\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Kevin Keelan\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Kevin Keelan\Shared\(New Release) hate i realy dont like you 43.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped

C:\Documents and Settings\Kevin Keelan\Shared\--- hate i realy dont like you 08.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped

C:\Documents and Settings\Kevin Keelan\Shared\shared by moby its a big big house 43.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped

C:\Documents and Settings\Kevin Keelan\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\QooBox\Quarantine\C\WINDOWS\retadpu11.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102240.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102241.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102242.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102243.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102244.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102245.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102246.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102247.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102248.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102249.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102250.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102251.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102252.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102252.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102253.exe/data0018/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102253.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102253.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102253.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102253.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{DDCEF2D0-2D9F-4548-B15E-5B3243B612D7}\RP677\A0102254.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

D:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

D:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

D:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped

Scan process completed.




Here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:41:26 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f315.mail.yahoo.com/ym/login? ... 3v1kepv10k
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E2DC7B5F75402139C0 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll (file missing)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SFF.tmp"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - Startup: Epson printer Registration.lnk = F:\E_reg\EPSONREG.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://70.147.103.42/wg_webeye.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Thanks for your help. I now have this computer at my house so I'll be able to respond right away.
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm

Unread postby dan12 » July 10th, 2007, 3:55 pm

Hi,carlrobison1,

Did you have the results for the following:

Copy and paste the following in the quote box, into the command window and press enter. start > All programs > Accessories > command prompt. Then post me the output

dir C:\WINDOWS\system32\s?stem /a h > files.txt
notepad files.txt


____________________________

I believe they are having a few problems with the new version of avg antimalware, so download the older version from Here
Remove the current version you have via add and remove programs in control panel.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby carlrobison1 » July 10th, 2007, 4:07 pm

Here's what the command prompt says:


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Kevin Keelan>dir C:\WINDOWS\system32\s?stem /a h > fil
es.txt
File Not Found
File Not Found

C:\Documents and Settings\Kevin Keelan>notepad files.txt

C:\Documents and Settings\Kevin Keelan>


I'll download the old version of AVG and get that to you soon.
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm

Unread postby carlrobison1 » July 10th, 2007, 7:22 pm

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:20:42 PM 7/10/2007

+ Scan result:



C:\Program Files\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Disney\Disney Online\Toontown\Toontown.exe -> Logger.KeyLogger.jm.1 : Cleaned with backup (quarantined).


::Report end
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm

Unread postby carlrobison1 » July 11th, 2007, 9:21 am

Just to let you know, when I got up this morning, the computer had restarted itself and gave me a message that said something like: Upgrades have been added to your computer. It needed to be restarted. Now I have what looks like a program opened in the taskbar at the bottom. It has an "R" icon on it. If I click on it, nothing happens. If I go to Windows Task Manager under applications, nothing is running. I don't know if this helps or not.[/img]
carlrobison1
Member+
 
Posts: 44
Joined: June 12th, 2007, 6:01 pm

Unread postby dan12 » July 15th, 2007, 6:52 am

Hi carlrobison1, firstly my apology for delay in posting had a notification problem it seems, should be back soon.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware