Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

[pleasehelpmenow]

My computer is being redirected when I click on one of my searches on google to advertising companies and when I try to delete the viruses I have on my AVG it won't allow me to open my virus vault. I have windows xp. It won't allow me to open spywall, spybot or other antispyware. AVG said I have trojan horse downloader. zlob.AOKR, tracking cookie. Yadro, tracking cookie. 207, tracking cookie.Revsc.

I downloaded HJT many times and the first time is started scanning and stopped in the middle and when I tried to open it doesn't allow me to open.

I started a scan with an antivirus called paretologic on all of my computer and it took over 2 hrs so I stopped it in the middle as I need to use my computer as I use it for business. It picked up a whole bunch of other viruses and trojans in during that time. Only the scan is free and I am unable to retrieve the history of the scan so I can't post the viruses.

On top of all this my computer has been really slow for months and also takes about 10-15 min to fully reboot. Lately, it freezes almost everyday at least once. I am relatively new at this and am not familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient.

I am in desperate need of help as I use my computer for my business.
Thanks

 

[cybertech]

Download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

 

[pleasehelpmenow]

I tried to do numerous scans like the malwarebyte antivirus numerous times and it won't scan. I even uninstalled it from my computer and followed your instructions and it didn't work. Now everytime I open up spybot, spywall, malwarebyte, and others it says I don't have permision to open it up..Please help...

Thanks

 

[pleasehelpmenow]

I think I may have posted the wrong deckard scan to you before from the wrong date, my appoligies. Here is the right scan from September 2, 2009.

Deckard's System Scanner v20070819.64
Run by Tatty on 2009-09-02 23:25:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 84% (more than 75%).
System Drive C: has 1.06 GiB (less than 15%) free.

-- HijackThis (run as Tatty.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:04 PM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Tatty\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tatty.exe
C:\Program Files\NetZeroInstallers\nzoffers.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.cavtel.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Button Manager v1.874.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162791714343
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83C539B2-BFBA-4FA8-85F6-1B670E88A52C}: NameServer = 64.83.0.10,209.137.160.7
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11196 bytes
-- Files created between 2009-08-02 and 2009-09-02 -----------------------------
2009-09-02 22:13:39 0 d--hs---- C:\Documents and Settings\Administrator\PrivacIE
2009-09-02 21:49:13 0 d--hs---- C:\Documents and Settings\Administrator\IETldCache
2009-09-02 20:22:59 0 d-------- C:\Program Files\Roxio
2009-09-02 18:06:54 186880 --a------ C:\WINDOWS\system32\drivers\trlkprot.sys <Not Verified; Trlokom Inc.; Trlokom Application Scan Driver>
2009-09-02 18:06:39 0 d-------- C:\WINDOWS\trlrm
2009-09-02 18:05:32 0 d-------- C:\Program Files\SpyWall
2009-09-02 11:12:26 0 d-------- C:\Program Files\iPod
2009-09-02 11:11:32 0 d-------- C:\Program Files\iTunes
2009-09-02 11:11:32 0 d-------- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-02 11:06:54 0 d-------- C:\Program Files\QuickTime
2009-09-02 10:54:35 0 d-------- C:\Program Files\Bonjour
2009-09-01 19:49:54 36 -r-h----- C:\WINDOWS\sued.dat
2009-08-19 08:32:13 0 d--hs---- C:\Documents and Settings\NetworkService\IETldCache
2009-08-16 17:01:24 0 d-------- C:\WINDOWS\system32\XPSViewer
2009-08-16 17:01:06 0 d-------- C:\Program Files\MSBuild
2009-08-16 17:00:31 0 d-------- C:\Program Files\Reference Assemblies
2009-08-14 15:42:14 0 d-------- C:\Program Files\Common Files\Adobe AIR
2009-08-14 15:35:26 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-14 14:59:23 0 d-------- C:\Documents and Settings\Mommy\Application Data\Research In Motion
2009-08-14 14:59:05 0 d-------- C:\Documents and Settings\Mommy\Application Data\ArcSoft
2009-08-14 14:58:43 0 d-------- C:\Documents and Settings\Mommy\Application Data\GTek
2009-08-14 14:58:14 0 d-------- C:\Documents and Settings\Mommy\Application Data\Real
2009-08-14 14:57:16 0 d--hs---- C:\Documents and Settings\Mommy\IETldCache
2009-08-14 14:20:54 0 d-------- C:\Documents and Settings\Mommy\Application Data\Jasc Software Inc
2009-08-14 14:20:54 0 d-------- C:\Documents and Settings\Mommy\Application Data\Intel
2009-08-14 14:20:54 0 d-------- C:\Documents and Settings\Mommy\Application Data\Identities
2009-08-14 14:20:53 0 d--h----- C:\Documents and Settings\Mommy\Templates
2009-08-14 14:20:53 0 dr------- C:\Documents and Settings\Mommy\Start Menu
2009-08-14 14:20:53 0 dr-h----- C:\Documents and Settings\Mommy\SendTo
2009-08-14 14:20:53 0 dr-h----- C:\Documents and Settings\Mommy\Recent
2009-08-14 14:20:53 0 d--h----- C:\Documents and Settings\Mommy\PrintHood
2009-08-14 14:20:53 0 d--h----- C:\Documents and Settings\Mommy\NetHood
2009-08-14 14:20:53 0 dr------- C:\Documents and Settings\Mommy\My Documents
2009-08-14 14:20:53 0 d--h----- C:\Documents and Settings\Mommy\Local Settings
2009-08-14 14:20:53 0 dr------- C:\Documents and Settings\Mommy\Favorites
2009-08-14 14:20:53 0 d-------- C:\Documents and Settings\Mommy\Desktop
2009-08-14 14:20:53 0 d--hs---- C:\Documents and Settings\Mommy\Cookies
2009-08-14 14:20:53 0 dr-h----- C:\Documents and Settings\Mommy\Application Data
2009-08-14 14:20:53 0 d-------- C:\Documents and Settings\Mommy\Application Data\Symantec
2009-08-14 14:20:53 0 d-------- C:\Documents and Settings\Mommy\Application Data\Sun
2009-08-14 14:20:53 0 d---s---- C:\Documents and Settings\Mommy\Application Data\Microsoft
2009-08-14 14:20:52 1048576 --ah----- C:\Documents and Settings\Mommy\NTUSER.DAT
2009-08-14 13:08:37 0 d-------- C:\Program Files\Common Files\Borland Shared
2009-08-14 13:08:27 0 d-------- C:\Program Files\WordPerfect Office 12
2009-08-12 21:11:37 8024064 --a------ C:\Documents and Settings\Tatty\ntuser.dat

-- Find3M Report ---------------------------------------------------------------
2009-09-02 22:00:03 0 d-------- C:\Documents and Settings\Tatty\Application Data\Research In Motion
2009-09-02 21:57:10 0 d-------- C:\Program Files\Common Files\Apple
2009-09-02 21:34:41 256 --a------ C:\WINDOWS\system32\pool.bin
2009-09-02 20:24:56 0 d-------- C:\Program Files\Common Files\Roxio Shared
2009-09-02 20:18:55 0 d-------- C:\Program Files\Common Files\Research In Motion
2009-09-02 19:45:22 0 d-------- C:\Program Files\Research In Motion
2009-09-02 16:29:14 0 d-------- C:\Program Files\Common Files
2009-08-16 00:46:46 0 d--h----- C:\Documents and Settings\Tatty\Application Data\Move Networks
2009-08-14 15:51:31 0 d-------- C:\Program Files\Common Files\Adobe
2009-08-14 14:56:49 0 d-------- C:\Program Files\Web Publish
2009-08-14 12:58:32 0 d-------- C:\Documents and Settings\Tatty\Application Data\Adobe
2009-08-12 21:14:05 0 d-------- C:\Program Files\Common Files\Corel
2009-08-12 21:08:42 0 d-------- C:\Program Files\MSN Messenger
2009-08-12 21:07:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2009-08-12 21:02:16 0 d-------- C:\Program Files\Lavasoft

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2009-09-02 23:26:41 ------------


I downloaded malwarebytes antivirus and it started the prescan but stopped. I actually had downloaded it before and the same thing happened and uninstalled it many times and redownloaded it and the samething happened. When I try to reopen it, it says that I do not have permission to open it. The same thing happens with spybot, spywall and other antiviruses I downloaded...Please help...

Thanks

 

[cybertech]

Don't confuse anti-virus programs with anti-malware programs. They are two different things.


You have two anti-virus programs running, which will cause trouble. Uninstall one of them from add/remove programs. The two programs are AVG and Avast.

 

[pleasehelpmenow]

I tried to remove AVG earlier this week because I installed Norton Antivirus 2009 and it said I had to uninstall AVG first but everytime I tried to uninstall an error message came up at the end saying it was unable to fully uninstall. I uninstalled Norton and Avast and am still having the same trouble.

How will this get rid of my trojans and malware that I posted on my first post? Please help... My computer is so slow...

Thanks

 

[pleasehelpmenow]

bump

 

[cybertech]

You don't need to bump your thread. I work full time and thus I am not on line 7x24.

Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.

 

[pleasehelpmenow]

Sorry for the bump... I thought I read earlier that if I get no response for 24hrs I should then bump...I am not sure if your read my whole post from the begining as I stated in my first post that I am unable to open HijackThis. Everytime I try to open, it says I do not have permision to open. I even tried to remove and reinstall it and the same thing happens.

Thanks very much for your help.

 

[cybertech]

I read so many posts ... *sigh* sorry for asking you to do something you have already stated you can not.


Did you uninstall one of the AV programs? If not please do that.



Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


Double click on ComboFix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

 

[pleasehelpmenow]

Part 1
Finally some sort of scan worked..Thank you so much...

Here is part 1 of the log as I need to post a second post because there are too many characters from combofix:
ComboFix 09-09-10.01 - Tatty 09/10/2009 20:10.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.137 [GMT -4:00]
Running from: c:\documents and settings\Tatty\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\Installer\30c45f3.msp
c:\windows\Installer\30c45f4.msp
c:\windows\Installer\30c4607.msp
c:\windows\Installer\4c833.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\bszip.dll
c:\windows\system32\Cache
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.
2009-09-08 14:30 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 14:30 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 14:30 . 2009-09-08 14:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 22:13 . 2009-09-07 22:13 127921 ----a-w- c:\documents and settings\Tatty\Application Data\Move Networks\uninstall.exe
2009-09-07 22:13 . 2009-09-07 22:13 1686744 ----a-w- c:\documents and settings\Tatty\Application Data\Move Networks\MoveMediaPlayerWin_071504000001.exe
2009-09-07 22:00 . 2009-09-07 22:00 -------- d-----w- c:\documents and settings\Tatty\Local Settings\Application Data\Symantec
2009-09-07 20:37 . 2009-09-09 00:08 -------- d-----w- c:\program files\Norton AntiVirus
2009-09-07 20:37 . 2009-09-09 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-07 20:10 . 2009-09-08 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-07 19:00 . 2009-09-07 19:01 -------- d-----w- C:\fixnow
2009-09-07 18:57 . 2009-09-07 18:57 3752 ----a-w- c:\documents and settings\Administrator\GetPaths.vbs
2009-09-07 18:55 . 2009-09-07 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-07 18:27 . 2009-09-07 18:28 -------- d-----w- C:\hiway2
2009-09-07 18:17 . 2009-09-07 18:18 -------- d-----w- C:\log of scan2
2009-09-07 18:13 . 2009-09-07 19:30 -------- d---a-w- C:\log of scan
2009-09-07 18:08 . 2009-09-07 18:08 -------- d-----w- c:\documents and settings\Gedalya\Application Data\Malwarebytes
2009-09-07 17:59 . 2009-09-07 17:59 3942048 ----a-w- C:\hello setup.exe
2009-09-07 17:54 . 2009-09-07 17:54 -------- d-sh--w- c:\documents and settings\Gedalya\PrivacIE
2009-09-07 17:50 . 2009-09-07 17:50 -------- d-----w- c:\documents and settings\Gedalya\Local Settings\Application Data\HP
2009-09-07 17:46 . 2009-09-07 17:46 -------- d-----w- c:\documents and settings\Gedalya\Application Data\ArcSoft
2009-09-07 17:45 . 2009-09-07 17:45 -------- d--h--w- c:\documents and settings\Gedalya\Application Data\GTek
2009-09-07 17:45 . 2009-09-07 17:45 -------- d-----w- c:\documents and settings\Gedalya\Local Settings\Application Data\Apple Computer
2009-09-07 17:45 . 2009-09-07 17:45 434128 ----a-w- c:\documents and settings\Gedalya\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 17:43 . 2009-09-07 17:43 -------- d-sh--w- c:\documents and settings\Gedalya\IETldCache
2009-09-07 17:40 . 2009-09-07 17:40 -------- d-----w- c:\documents and settings\Mommy\Local Settings\Application Data\HP
2009-09-07 17:35 . 2009-09-07 17:35 -------- d-----w- c:\documents and settings\Mommy\Local Settings\Application Data\Apple Computer
2009-09-07 17:35 . 2009-09-07 17:35 434128 ----a-w- c:\documents and settings\Mommy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 16:47 . 2009-09-07 16:47 -------- d-----w- c:\documents and settings\Tatty\Application Data\Malwarebytes
2009-09-07 16:46 . 2009-09-07 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-07 15:30 . 2009-09-07 15:33 812344 ----a-w- C:\hello2.exe
2009-09-03 20:07 . 2009-09-03 20:07 434128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 19:29 . 2009-09-11 01:06 61472 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-03 19:29 . 2009-09-11 00:57 6809632 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-03 16:29 . 2009-09-03 16:29 -------- d-----w- c:\program files\ParetoLogic
2009-09-03 16:29 . 2009-09-03 16:29 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-09-03 16:29 . 2009-09-03 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-09-03 16:29 . 2009-09-03 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-03 16:22 . 2009-09-03 16:22 -------- d-----w- c:\documents and settings\Tatty\Local Settings\Application Data\Downloaded Installations
2009-09-03 03:34 . 2009-09-07 18:57 -------- d-----w- C:\SmitfraudFix
2009-09-03 02:13 . 2009-09-03 02:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-03 01:49 . 2009-09-03 01:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-03 00:22 . 2009-09-03 01:51 -------- d-----w- c:\program files\Roxio
2009-09-02 22:06 . 2009-09-02 22:06 186880 ----a-w- c:\windows\system32\drivers\trlkprot.sys
2009-09-02 22:06 . 2009-09-03 01:57 -------- d-----w- c:\windows\trlrm
2009-09-02 22:05 . 2009-09-07 18:10 -------- d-----w- c:\program files\SpyWall
2009-09-02 15:12 . 2009-09-03 01:57 -------- d-----w- c:\program files\iPod
2009-09-02 15:11 . 2009-09-03 01:57 -------- d-----w- c:\program files\iTunes
2009-09-02 15:11 . 2009-09-02 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-02 15:06 . 2009-09-03 01:56 -------- d-----w- c:\program files\QuickTime
2009-09-02 14:54 . 2009-09-03 01:55 -------- d-----w- c:\program files\Bonjour
2009-09-01 23:49 . 2009-09-07 18:10 36 ---h--r- c:\windows\sued.dat
2009-08-19 12:32 . 2009-08-19 12:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-16 21:01 . 2009-08-16 21:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-16 21:01 . 2009-08-16 21:01 -------- d-----w- c:\program files\MSBuild
2009-08-16 21:00 . 2009-08-16 21:00 -------- d-----w- c:\program files\Reference Assemblies
2009-08-16 20:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 20:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-16 20:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-16 20:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 20:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 20:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-16 20:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-14 19:42 . 2009-08-14 19:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-14 19:35 . 2009-08-16 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-14 18:59 . 2009-08-14 18:59 -------- d-----w- c:\documents and settings\Mommy\Application Data\Research In Motion
2009-08-14 17:09 . 2009-08-14 17:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-14 17:08 . 2009-08-14 17:08 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-08-14 17:08 . 2009-08-14 17:08 -------- d-----w- c:\program files\WordPerfect Office 12
2009-08-13 08:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 00:57 . 2009-09-03 19:29 6764 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-11 00:57 . 2009-09-03 19:29 93320 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-09 16:07 . 2007-05-08 02:26 -------- d--h--w- c:\documents and settings\Tatty\Application Data\Move Networks
2009-09-09 00:35 . 2005-09-21 00:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-08 23:15 . 2007-02-16 18:41 -------- d-----w- c:\program files\Lavasoft
2009-09-08 23:03 . 2008-12-23 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-08 02:48 . 2005-09-21 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-08 00:58 . 2008-12-23 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-07 22:13 . 2009-06-17 07:52 4183416 ----a-w- c:\documents and settings\Tatty\Application Data\Move Networks\plugins\npqmp071504000001.dll
2009-09-07 18:08 . 2007-04-15 14:25 -------- d-----w- c:\program files\Webshots
2009-09-07 18:04 . 2009-02-16 20:55 -------- d-----w- c:\program files\Trend Micro
2009-09-07 17:46 . 2009-09-07 17:42 130 ----a-w- c:\documents and settings\Gedalya\Local Settings\Application Data\fusioncache.dat
2009-09-07 17:42 . 2007-02-13 02:20 -------- d-----w- c:\program files\Web Publish
2009-09-03 05:38 . 2007-02-16 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-03 02:25 . 2007-02-16 16:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 02:00 . 2008-05-12 01:03 -------- d-----w- c:\documents and settings\Tatty\Application Data\Research In Motion
2009-09-03 01:57 . 2008-11-10 02:43 -------- d-----w- c:\program files\Common Files\Apple
2009-09-03 01:34 . 2008-05-12 01:03 256 ----a-w- c:\windows\system32\pool.bin
2009-09-03 00:39 . 2006-11-06 00:38 434128 ----a-w- c:\documents and settings\Tatty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 00:24 . 2008-05-12 00:15 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-09-03 00:23 . 2008-05-12 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-09-03 00:18 . 2008-05-12 00:06 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-09-02 23:45 . 2008-05-12 00:05 -------- d-----w- c:\program files\Research In Motion
2009-09-02 20:21 . 2008-07-30 01:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-25 14:56 . 2008-12-23 13:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 14:56 . 2008-12-23 13:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 14:56 . 2008-12-23 13:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 21:31 . 2009-06-24 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-14 19:51 . 2006-11-10 01:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 18:59 . 2009-08-14 18:21 128 ----a-w- c:\documents and settings\Mommy\Local Settings\Application Data\fusioncache.dat
2009-08-14 18:59 . 2009-08-14 18:59 -------- d-----w- c:\documents and settings\Mommy\Application Data\ArcSoft
2009-08-14 18:58 . 2009-08-14 18:58 -------- d--h--w- c:\documents and settings\Mommy\Application Data\GTek
2009-08-14 10:58 . 2009-09-02 18:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-13 01:14 . 2005-09-21 00:19 -------- d-----w- c:\program files\Common Files\Corel
2009-08-13 01:08 . 2007-06-04 04:47 -------- d-----w- c:\program files\MSN Messenger
2009-08-13 01:07 . 2005-09-21 00:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2004-08-19 20:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-19 20:50 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-19 20:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-17 07:52 . 2009-06-17 07:52 97144 ----a-w- c:\documents and settings\Tatty\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 14:36 . 2004-08-19 20:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\fontsub.dll
2007-05-06 03:48 . 2007-05-06 03:48 251 ----a-w- c:\program files\wt3d.ini
2005-05-26 18:35 . 2008-06-17 22:30 1422 ----a-w- c:\program files\ReadMe.txt
2009-01-19 03:18 . 2007-05-14 17:59 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-19 03:18 . 2007-05-14 17:59 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-19 03:18 . 2007-05-14 17:59 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-19 03:18 . 2007-05-14 17:59 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-19 03:18 . 2007-05-14 17:59 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-06-05 17:53 . 2007-03-09 03:46 56 --sh--r- c:\windows\system32\0C995E3589.sys
2007-10-07 09:47 . 2007-01-18 23:57 88 --sh--r- c:\windows\system32\89355E990C.sys
2007-10-07 09:47 . 2007-01-18 22:24 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

 

[pleasehelpmenow]

Part 2

Here is the second part of the log:
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-19 185632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
c:\documents and settings\Tatty\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-12-23 42168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 14:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tatty^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Tatty\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\WINDOWS\\ehome\\ehshell.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\trlrm\\RMHSvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/23/2008 9:06 AM 335240]
R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [9/2/2009 6:06 PM 186880]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/23/2008 9:06 AM 297752]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/10/2007 7:31 PM 10368]
S3 Tosrfpcc;Bluetooth PC Card Controller from Toshiba;c:\windows\system32\drivers\TosRFPCC.sys [8/2/2002 3:53 PM 160672]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-09-08 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]
2009-09-10 c:\windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
- c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe [2009-02-18 18:43]
2009-09-10 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]
2009-09-08 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{0920BB03-1B36-4083-90CF-1F86975DFD76}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://support.cavtel.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\documents and settings\Tatty\Application Data\Mozilla\Firefox\Profiles\0tfg3645.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 21:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,24,d5,b7,69,95,
e2,08,e6,df,f2,48,97,f8,cf,4f,29,96,12,96,22,10,ab,e7,0b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,cf,17,5c,00,03,
93,99,0d,09,50,db,02,41,cd,0d,86,e5,f7,ec,21,2b,ef,7c,78,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,64,25,ea,35,e9,
07,ce,11,2a,28,bb,c6,7d,3b,61,bc,b2,82,3b,02,f1,da,d3,8a,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c9,fe,74,e8,4f,
27,ac,47,43,db,af,bc,a2,8a,40,36,69,f5,59,21,77,d4,aa,91,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,0f,93,c6,62,21,
d3,f4,90,c1,e3,54,e4,60,74,e6,bd,0f,69,8d,37,97,84,16,6f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,c6,8f,bf,05,72,
ca,28,b9,3e,75,a5,82,01,c4,af,82,d2,2c,a7,21,24,f6,5d,cd,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,ca,61,29,a4,9c,
04,01,89,65,d3,aa,d5,04,59,89,cc,88,28,41,46,46,f6,a3,17,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b6,32,0c,97,20,
da,3d,74,02,04,0b,02,a1,dc,5a,8b,c8,8d,c2,1f,18,6f,14,b6,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f8,52,40,77,6d,
c8,73,35,d3,68,5e,df,d6,3d,66,ee,6f,0c,e0,65,7c,80,1f,00,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,de,4f,c5,ef,f7,
c6,bc,a7,d7,93,8e,c3,43,b5,0a,9f,30,26,4b,c0,05,18,5d,19,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,91,56,ba,da,a7,
74,09,30,e8,7b,d8,fc,93,4c,53,83,2c,1f,84,9f,bf,56,d2,c3,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,05,eb,37,97,00,
1c,28,15,b1,c3,d0,e2,53,5d,90,ad,e3,5a,72,21,27,ba,c3,1d,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\INetHTTPFilter.dll
- - - - - - - > 'explorer.exe'(2584)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\trlrm\RMHSvc.exe
c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe
c:\windows\system32\mqsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-11 21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 01:18
Pre-Run: 7,972,155,392 bytes free
Post-Run: 8,061,067,264 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
432 --- E O F --- 2009-09-11 01:06

You may notice Norton AV in there. I have already removed it from my computer as you told me not to have more than one at a time. Also, it did take care of the redirecting I was getting when I clicked on a google search but I am still having problems opening Spybot, malwarebytes and others. Same message I do not have permision to access the file or something.

Whether the computer is still freezing and sometimes very sluggish is still too soon for me to know as I just finished with combofix..

I hope my log will help and again thank you very much for your help.

 

[cybertech]

Please run ESET Online Scanner

Note: You can use IE or FireFox for this scan. You need to disable your current installed Anti-Virus. If you need help with that look here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go ESET Online Scanner and click on the ESET Online Scanner button
• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

[pleasehelpmenow]

Thank you for your help. Here is the ESET log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=678c2c74f3e5bb4bbbddea6800be31cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-13 03:54:23
# local_time=2009-09-12 11:54:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 97 16018559375000
# compatibility_mode=3587 22 14 0 4538690312500
# scanned=111233
# found=19
# cleaned=0
# scan_time=4851
C:\SmitfraudFix.exe multiple threats 00000000000000000000000000000000 I
C:\Deckard\System Scanner\20090216155120\backup\DOCUME~1\Tatty\LOCALS~1\Temp\BIT41.tmp multiple threats 00000000000000000000000000000000 I
C:\Deckard\System Scanner\20090216155120\backup\DOCUME~1\Tatty\LOCALS~1\Temp\BIT70.tmp Win32/Adware.Agent.NAV application 00000000000000000000000000000000 I
C:\Deckard\System Scanner\20090216155120\backup\DOCUME~1\Tatty\LOCALS~1\Temp\UPRP_0001_D22M0806\installer.exe Win32/Adware.WinFixer application 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I
C:\Documents and Settings\Tatty\Desktop\SmitfraudFix.exe multiple threats 00000000000000000000000000000000 I
C:\Documents and Settings\Tatty\Desktop\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I
C:\Documents and Settings\Tatty\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I
C:\Documents and Settings\Tatty\My Documents\SmitfraudFix.zip multiple threats 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\plugins\npsaix.dll Win32/Adware.180Solutions application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Win32/Agent.PYI trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application 00000000000000000000000000000000 I
C:\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I
C:\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I
C:\SmitfraudFix\SmitfraudFix.zip multiple threats 00000000000000000000000000000000 I
C:\SmitfraudFix\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I
C:\SmitfraudFix\SmitfraudFix\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I
C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application 00000000000000000000000000000000 I

I hope this helps and once again thank you very much for your help.

 

[cybertech]

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Restart in Safe Mode.

• To boot up in Safe mode, continuously tap the F8 key while starting your computer.
• You should see a black screen displaying the Windows Advanced Menu Options.
• Using your keyboard's arrow keys, select Safe mode, then hit Enter.

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".


Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\Administrator (Repeat for all user names)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.


Empty your recycle bin.

Reboot and post another hijackthis log. Also let me know if you are having any problems.