Solved: XP Antivirus and others removal help

[eyox1]

I am trying to fix my friends computer, they had XP Antivirus 08 (amung other things) installed. Between Avast and Spybot I think I've gotten the majority. Could yo uplease look at this Hijack log and let me know what else to remove? They have some other programs that I'm just not sure about. If you need anything else to figure it out pls let me know!! Thanks so much!

 

[cybertech]

You didn't post the HJT log.

 

[eyox1]

Well don't I feel silly....
Thanks for telling me!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:40 PM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\kboxschn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Owner\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [zfwm] C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221666596734
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.collegehillshonda.com/artman/uploads/06semasi.jpg

--
End of file - 6613 bytes

 

[cybertech]

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Remember to re-enable the protection again afterwards before connecting to the Internet.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
• Instead of Windows loading as normal, the Advanced Options Menu should appear
• Select the first option, to run Windows in Safe Mode, then press Enter
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to the clipboard ready for posting back on the forum).
• Paste the contents of the Report.txt back here with a new HijackThis log

 

[eyox1]

SDFix: Version 1.228
Run by Owner on Mon 09/22/2008 at 11:58 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MsSecurity1.209.4

Path :
C:\WINDOWS\444.470 service

MsSecurity1.209.4 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\s - Deleted
C:\Documents and Settings\Owner\Application Data\SpeedRunner\config.cfg - Deleted
C:\Program Files\BChanger\data.dat - Deleted
C:\Program Files\BChanger\Uninstall.exe - Deleted
C:\Program Files\VnrBlock\xtarga.gz - Deleted
C:\WINDOWS\system32\000080.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\mainms.vpi - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\system32\PfModNT.sys - Deleted



Folder C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc - Removed
Folder C:\Documents and Settings\Owner\Application Data\SpeedRunner - Removed
Folder C:\Program Files\BChanger - Removed
Folder C:\Program Files\VnrBlock - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\system32\1039a - Removed
Folder C:\WINDOWS\system32\459849 - Removed
Folder C:\WINDOWS\system32\mgi - Removed
Folder C:\WINDOWS\system32\stk - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 12:24:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*isabled:WinMX Application"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 27 Dec 2002 1,084,536 A..HR --- "C:\WINDOWS\Downloaded Program Files\WebDriverFullInstall.exe"
Sat 2 Oct 2004 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti45.tmp"
Fri 7 May 2004 156,784 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc10.0a\aoltray.exe"
Fri 7 May 2004 54,384 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc11.0b\aolphx.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc11.0b\aoltray.exe"
Fri 7 May 2004 31,344 A..H. --- "C:\RECYCLER\S-1-5-21-1547161642-1788223648-725345543-1003\Dc11.0b\RBM.exe"
Wed 7 May 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Wed 7 May 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"

Finished!

**********************************************************************
********************************************************************
*********************************************************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:47 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zfwm] C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221666596734
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.collegehillshonda.com/artman/uploads/06semasi.jpg

--
End of file - 6274 bytes

 

[cybertech]

Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

 

[eyox1]

Well I don't know what the above post is, unless you updated your post, the email, with your post, I got was to run MBAM, so that is what I had done, if you want me to run Combofix plz let me know. Here is my logs for Hi Jack & MBAM.
*******************************
*******************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:45 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [zfwm] C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221666596734
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://www.collegehillshonda.com/artman/uploads/06semasi.jpg

--
End of file - 5910 bytes

 

[eyox1]

Malwarebytes' Anti-Malware 1.28
Database version: 1194
Windows 5.1.2600 Service Pack 3

9/22/2008 5:38:11 PM
mbam-log-2008-09-22 (17-38-10).txt

Scan type: Quick Scan
Objects scanned: 51630
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 49
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 29
Files Infected: 124

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\asapcom.asapclass (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapclass.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapenvelope (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmessage (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asaprecipients (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03c4c5f4-1893-444c-b8d8-002f0034da92} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11e2bc0c-5d4f-4e0c-b438-501ffe05a382} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37587889-fc28-4507-b6d3-8557305f7511} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a5e947e-c407-4dcc-a0b5-5658e457153b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4fd5c4d3-6c15-4ea0-9eb9-eee8fc74a91b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{620d55b0-f2fb-464e-a278-b4308db1db2b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a41359e-0407-470f-b3f7-7c6a0f7c449a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c4a630a-de98-4e3e-8093-e8f5e159bb72} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ed1e9b1-cb57-4fa0-84e8-fae653fe8e6b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6931b16-90fa-4d69-a49f-3abfa2c04060} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5aa36a1-8bd1-47e0-90f8-47e7239c6ea1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa2cbafb-f7b1-4f41-9b7a-73329a6c1cb7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpsecuritycenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ltho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 10.2.215.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\components (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\rhc5g7j0ec4n\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\ASAPCom.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\OINAnalytics.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\1_Trash.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\2_Balloon.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\3_Shot Gun.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\arrow.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Cml.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\CntntCntr.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\copyright.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\CoreSrv.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostOE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\HostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\link.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Redemption.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBClientSinkPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBOLExt.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBSrvPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBTrayAppPS.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUIRes.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUISkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSAAX.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSADF.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSAHook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SpamBlockerUtilityUninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Toolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Wallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\WeSkin.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\components\npclntax.xpt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\firefox\extensions\plugins\npclntax_SBUSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\cursors.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\editblbuttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hb_ie_menu.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_games_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_video.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat (Adware.Hotbar) -> Quarantined and deleted successfully.

 

[eyox1]

C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sbu_icon.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sdfmodifier.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\weathericon.res (Adware.Hotbar) -> Quarantined and deleted successfully.

 

[cybertech]

Yes, please run ComboFix.

 

[eyox1]

Ok ran the combofix, now computer is all messed up!!
Windows loads to a blank desktop, wallpaper is there but nothing else. No Desktop no start menu. I can get into the task manager, so I can get to a run prompt. I don't know how to recover from the XP Recovery Console, it is a boot up option for me, so I can load it, but I don't know what to do once Im in there. Safe Mode loads to black screen.
ComboFix seemed to run ok, I did get a Logfile, but I cant be sure it went thru all the right steps because I didn't watch it run. After the log file popped up some of my icons started turning to that pic you get when it can't find the destination. And I couldn't run any programs, so I restarted the computer, and nothing has been the same since.
Windows system restore loads to a blank page. I tried microsoft's fix for that and it didn't work. Im assuming it deleted stuff it shouldnt have. But I don't know where the log file is saved at to read thru it. If I could find it I might be able to get it copied to the shared drive and copy it to my working computer and post it for you.
So...what do I do now....

 

[eyox1]

And somebody suggested I run explorer.exe, it doesn't work.

 

[cybertech]

What do you mean you deleted stuff you shouldn't have?

The log will be at C:\ComboFix.txt

We can use Recovery Console to try and restore the files if nothing has changed since your last posts.

 

[eyox1]

I said I think ComboFix must have deleted something it shouldn't have. I didn;t do anything other than what was instructed.

No nothing has changed. How do I go about restoring from the recovery console?

I managed to get the log copied to the shared folder so here it is:

ComboFix 08-09-20.05 - Owner 2008-09-23 9:25:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.68 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Owner\Application Data\WNSXS~1
C:\Documents and Settings\Owner\Application Data\WNSXS~1\W?nSxS\
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\gemy.bin
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ydysyqufe._dl
C:\Program Files\Altnet
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
C:\Program Files\comet systems
C:\Program Files\comet systems\DM\activeJobs.xml
C:\Program Files\comet systems\DM\completedJobs.xml
C:\Program Files\comet systems\DM\jobIndex.xml
C:\Program Files\comet systems\DM\productInfo.xml
C:\Program Files\comet systems\DM\request.xml
C:\Program Files\comet systems\Platform\Bin\comet.exe
C:\Program Files\comet systems\Platform\Bin\csband.dll
C:\Program Files\comet systems\Platform\Bin\csctx.dll
C:\Program Files\comet systems\Platform\Bin\cseng.dll
C:\Program Files\comet systems\Platform\Bin\cshz.dll
C:\Program Files\comet systems\Platform\Bin\csutil.dll
C:\Program Files\comet systems\Platform\Bin\fileutil.dll
C:\Program Files\comet systems\Platform\Bin\packageinstaller.exe
C:\Program Files\comet systems\Platform\Bin\skinui.dll
C:\Program Files\comet systems\Platform\Bin\unins.exe
C:\Program Files\comet systems\Platform\Data\csres.dat
C:\Program Files\comet systems\Platform\Services\activity.xml
C:\Program Files\comet systems\Platform\Services\AddRemove\aricon_1a.ico
C:\Program Files\comet systems\Platform\Services\AddRemove\aricon_1b.ico
C:\Program Files\comet systems\Platform\Services\AddRemove\arskin_1a.gif
C:\Program Files\comet systems\Platform\Services\AddRemove\arskin_1b.gif
C:\Program Files\comet systems\Platform\Services\AddRemove\arskin_mask.gif
C:\Program Files\comet systems\Platform\Services\cnfmgr.js
C:\Program Files\comet systems\Platform\Services\context.js
C:\Program Files\comet systems\Platform\Services\helpbutton.bmp
C:\Program Files\comet systems\Platform\Services\LogQueue\p0000003E_o01391E80_logging_1113185885750_1.xml
C:\Program Files\comet systems\Platform\Services\LogQueue\p00000064_o013FDD10_logging_1113595115968_1.xml
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left_small.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_left_small_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right_small.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\1line_right_small_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left_small.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_left_small_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right_small.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\2line_right_small_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left_small.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_left_small_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right_small.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Base\3line_right_small_mask.gif
C:\Program Files\comet systems\Platform\Services\Messaging\Listeners\travel_0001.js
C:\Program Files\comet systems\Platform\Services\tbmgr.js
C:\Program Files\comet systems\Platform\Services\unins.ico
C:\Program Files\comet systems\Platform\Uninstall\cleaner.xml
C:\Program Files\comet systems\Platform\Uninstall\un_screensaver.xml
C:\Program Files\comet systems\Platform\Uninstall\un_sswpmgr.xml
C:\Program Files\comet systems\Products\Search\autosrch.js
C:\Program Files\comet systems\Products\Search\related.js
C:\Program Files\comet systems\Products\Search\related.xml
C:\Program Files\comet systems\Products\SSWP\launcher_searchbtn.gif
C:\Program Files\comet systems\Products\SSWP\launcher_searchbtn_over.gif
C:\Program Files\comet systems\Products\SSWP\onlinecheck.js
C:\Program Files\comet systems\Products\SSWP\scr_offline.js
C:\Program Files\comet systems\Products\SSWP\sswp.ico
C:\Program Files\comet systems\Products\SSWP\sswp_launch.js
C:\Program Files\comet systems\Products\SSWP\sswp_mask.gif
C:\Program Files\comet systems\Products\SSWP\sswp_offline.gif
C:\Program Files\comet systems\Products\SSWP\sswp_offline.html
C:\Program Files\comet systems\Products\SSWP\sswp_shortcut.exe
C:\Program Files\comet systems\Products\SSWP\sswp_skin.gif
C:\Program Files\comet systems\Products\SSWP\sswp_skinover.gif
C:\Program Files\comet systems\Products\SSWP\sswp_systray.js
C:\Program Files\comet systems\Products\SSWP\sswpmgr.js
C:\Program Files\comet systems\Products\SSWP\sswpmgr.xml
C:\Program Files\comet systems\Products\SSWP\sswpmgr_ar.js
C:\Program Files\comet systems\Products\Toolbar\adzap_tb.js
C:\Program Files\comet systems\Products\Toolbar\adzapper.ani
C:\Program Files\comet systems\Products\Toolbar\beep.wav
C:\Program Files\comet systems\Products\Toolbar\bullet_blue.gif
C:\Program Files\comet systems\Products\Toolbar\bullet_green.gif
C:\Program Files\comet systems\Products\Toolbar\clsdown.gif
C:\Program Files\comet systems\Products\Toolbar\clsmask.gif
C:\Program Files\comet systems\Products\Toolbar\clsover.gif
C:\Program Files\comet systems\Products\Toolbar\clsskin.gif
C:\Program Files\comet systems\Products\Toolbar\def_arr.gif
C:\Program Files\comet systems\Products\Toolbar\doh.wav
C:\Program Files\comet systems\Products\Toolbar\funbutton.bmp
C:\Program Files\comet systems\Products\Toolbar\hzbutton.bmp
C:\Program Files\comet systems\Products\Toolbar\hzbutton_disable.bmp
C:\Program Files\comet systems\Products\Toolbar\hzbutton_on.bmp
C:\Program Files\comet systems\Products\Toolbar\label_instruction.gif
C:\Program Files\comet systems\Products\Toolbar\logo_starter.gif
C:\Program Files\comet systems\Products\Toolbar\logotitle.gif
C:\Program Files\comet systems\Products\Toolbar\meep.wav
C:\Program Files\comet systems\Products\Toolbar\meow.wav
C:\Program Files\comet systems\Products\Toolbar\minmiz_norm.gif
C:\Program Files\comet systems\Products\Toolbar\minmiz_over.gif
C:\Program Files\comet systems\Products\Toolbar\panic_norm.gif
C:\Program Files\comet systems\Products\Toolbar\panic_over.gif
C:\Program Files\comet systems\Products\Toolbar\pcursor.gif
C:\Program Files\comet systems\Products\Toolbar\pix.gif
C:\Program Files\comet systems\Products\Toolbar\pubutton.bmp
C:\Program Files\comet systems\Products\Toolbar\pubutton_alert.bmp
C:\Program Files\comet systems\Products\Toolbar\pubutton_off.bmp
C:\Program Files\comet systems\Products\Toolbar\pwr_offdown.gif
C:\Program Files\comet systems\Products\Toolbar\pwr_offover.gif
C:\Program Files\comet systems\Products\Toolbar\pwr_ondown.gif
C:\Program Files\comet systems\Products\Toolbar\pwr_onover.gif
C:\Program Files\comet systems\Products\Toolbar\refbutton.bmp
C:\Program Files\comet systems\Products\Toolbar\scmask.gif
C:\Program Files\comet systems\Products\Toolbar\screensaver.bmp
C:\Program Files\comet systems\Products\Toolbar\screensaver.js
C:\Program Files\comet systems\Products\Toolbar\scskin.gif
C:\Program Files\comet systems\Products\Toolbar\scskin_over.gif
C:\Program Files\comet systems\Products\Toolbar\smileytown.bmp
C:\Program Files\comet systems\Products\Toolbar\smileytown.xml
C:\Program Files\comet systems\Products\Toolbar\supercursors.bmp
C:\Program Files\comet systems\Products\Toolbar\supercursors.ico
C:\Program Files\comet systems\Products\Toolbar\sys_except.xml
C:\Program Files\comet systems\Products\Toolbar\textbox.gif
C:\Program Files\comet systems\Products\Toolbar\travelbutton.bmp
C:\Program Files\comet systems\Products\Toolbar\webbutton.bmp
C:\Program Files\comet systems\Products\Toolbar\yes.wav
C:\Program Files\comet systems\Products\Toolbar\zap.wav
C:\Program Files\comet systems\Products\Travel\cars.xsl
C:\Program Files\comet systems\Products\Travel\flights.xsl
C:\Program Files\comet systems\Products\Travel\hotels.xsl
C:\Program Files\comet systems\Products\Travel\travel.js
C:\Program Files\comet systems\Products\Travel\travel_context.xml
C:\Program Files\comet systems\Wallpaper\swpstart.exe
C:\Program Files\icroso~1
C:\WINDOWS\system32\3941\4522.dll
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\smante~1

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 09:30 . 2008-09-23 09:30 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx
2008-09-22 17:10 . 2008-09-22 17:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 17:10 . 2008-09-22 17:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-22 17:10 . 2008-09-22 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 17:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 17:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 16:10 . 2008-09-22 16:11 <DIR> d-------- C:\Program Files\QuickTime
2008-09-22 16:10 . 2008-09-22 16:10 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-22 16:09 . 2008-09-22 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-22 16:08 . 2008-09-22 16:08 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-22 16:08 . 2008-09-22 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-22 12:05 . 2008-09-22 12:05 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-22 11:57 . 2008-09-22 11:57 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-22 11:55 . 2008-09-22 11:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 11:51 . 2008-09-22 12:29 <DIR> d-------- C:\SDFix
2008-09-19 09:06 . 2008-09-19 09:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-17 09:01 . 2008-09-17 09:01 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-17 09:01 . 2008-09-17 09:01 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-17 09:01 . 2008-09-17 09:01 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-16 22:47 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-16 22:44 . 2008-04-13 19:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-16 22:43 . 2008-04-13 19:12 786,432 -----c--- C:\WINDOWS\system32\dllcache\migrate.exe
2008-09-16 22:42 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-16 22:42 . 2008-04-13 19:11 286,720 -----c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2008-09-16 22:42 . 2008-04-13 19:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-09-16 22:42 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-16 22:42 . 2008-04-13 12:23 8,192 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll
2008-09-16 22:42 . 2008-04-13 19:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-09-16 22:42 . 2002-09-03 08:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-09-16 22:14 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-16 17:24 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-16 17:24 . 2003-03-18 15:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-16 17:24 . 2003-02-20 22:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-09-16 17:23 . 2008-09-16 17:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-16 16:54 . 2008-09-16 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-09-16 16:53 . 2008-09-16 16:53 <DIR> d-------- C:\Program Files\AVG
2008-09-16 16:53 . 2008-09-19 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 14:12 --------- d-----w C:\Program Files\PhoneTools
2008-09-19 14:12 --------- d-----w C:\Program Files\HP
2008-09-19 14:12 --------- d-----w C:\Program Files\FruityLoops 3.56
2008-09-19 14:12 --------- d-----w C:\Program Files\FinePixViewer
2008-09-19 14:12 --------- d-----w C:\Program Files\Creative
2008-09-19 14:12 --------- d-----w C:\Program Files\Common Files\aolshare
2008-09-19 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-09-17 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 16:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-17 16:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-16 21:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-07-02 08:13 128 ----a-w C:\3g324623.bat
2008-06-15 21:21 17,911 -c--a-w C:\Documents and Settings\All Users\Application Data\gykecevij.sys
2008-06-15 21:21 16,628 -c--a-w C:\Documents and Settings\Owner\Application Data\qopyhah.dll
2008-06-15 21:21 16,523 -c--a-w C:\Program Files\Common Files\ahyrusir.ban
2008-06-15 21:21 16,523 -c--a-w C:\Documents and Settings\All Users\Application Data\byrikody.vbs
2008-06-15 21:21 11,898 -c--a-w C:\Program Files\Common Files\ovigakasof.bat
2004-09-19 17:05 41,416 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 4841472]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2003-05-07 53248]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"nwiz"="nwiz.exe" [2003-07-28 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmakieb]
C:\WINDOWS\system32\S?mantec\j?vaw.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-05-07 16:54 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-01-16 18:23 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
--a------ 2003-05-07 06:00 90112 C:\WINDOWS\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
--------- 2001-01-03 15:50 66048 C:\WINDOWS\system32\SK9910DM.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 RioPNP;RioPNP;C:\WINDOWS\system32\drivers\RioPNP.sys [2000-06-06 6736]
S3 DVDACCSS;DVDACCSS;C:\PROGRA~1\DVDACC~1\DVDAX.SYS [2000-07-26 179264]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys [2001-11-09 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys [2001-11-09 69744]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-zfwm - C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
SSODL-CDBurn- - (no file)
MSConfigStartUp-Antivirus - C:\Program Files\Antivirus2008\Antvrs.exe
MSConfigStartUp-GetModule23 - C:\Program Files\GetModule\GetModule23.exe
MSConfigStartUp-GetPack21 - C:\Program Files\GetPack\GetPack21.exe
MSConfigStartUp-lphc1g7j0ec4n - C:\WINDOWS\system32\lphc1g7j0ec4n.exe
MSConfigStartUp-Microsoft Windows Installer - C:\Documents and Settings\Owner\Application Data\Microsoft\dtsc\13330.exe
MSConfigStartUp-mjc - C:\Program Files\mjc\mjc.exe
MSConfigStartUp-Sakora - C:\Program Files\Sakora\Sakora.exe
MSConfigStartUp-SBUSA - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\SBUSA.exe
MSConfigStartUp-SMrhc5g7j0ec4n - C:\Program Files\rhc5g7j0ec4n\rhc5g7j0ec4n.exe
MSConfigStartUp-Spam Blocker for Outlook Express - C:\PROGRA~1\SPAMBL~1\bin\102215~1.0\SBInst.exe
MSConfigStartUp-SpamBlockerUtilityOE - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\OEAddOn.exe
MSConfigStartUp-SpeedRunner - C:\Documents and Settings\Owner\Application Data\SpeedRunner\SpeedRunner.exe
MSConfigStartUp-WeatherDPA - C:\Program Files\SpamBlockerUtility\bin\10.2.215.0\Weather.exe
MSConfigStartUp-webHancer Agent - C:\Program Files\webHancer\Programs\whagent.exe
MSConfigStartUp-zfwm - C:\PROGRA~1\COMMON~1\zfwm\zfwmm.exe
MSConfigStartUp-{4c19b279-d1bc-e7ab-5af0-792276eae63f} - C:\WINDOWS\system32\pnrsveepycvnobaeq.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\TechTools.INF
C:\WINDOWS\System32\scrrun.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msstkprp.dll
C:\WINDOWS\system32\msvbvm60.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\TechTools.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 09:35:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\NMSSvc.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-09-23 9:40:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 14:40:38

Pre-Run: 66,032,472,064 bytes free
Post-Run: 66,368,577,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

363 --- E O F --- 2008-09-23 08:06:40

 

[cybertech]

I managed to get the log copied to the shared folder so here it is:

Before we do anything can you explain how you went about this? What kind of access do you have to the machine? Can we remove more malware, because there is still plenty there?