8 replies to this topic

[l12beth]

Hi

I'm having a major problem with unwanted pop ups, especially winfix. I have found a strange file that I can't delete of change called check_LSA7 and wondered if this is the problem??

Please help, this is my hijack this log file

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 13:43:20, on 06/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hkgoxgpy.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189179034390
O17 - HKLM\System\CCS\Services\Tcpip\..\{095A1217-664D-4F8C-946F-C9E8734BC360}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{095A1217-664D-4F8C-946F-C9E8734BC360}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Scotty]

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.


Download and Run ComboFix

• Download this file from below:
  
  Here
  
• Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

[l12beth]

Hi Scotty

Many thanks for helping me, here is my combo fix scan file:-

ComboFix 07-10-07.1 - Liz 2007-10-07 8:28:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT 1:00]
Running from: C:\Documents and Settings\Liz.YAZA1867\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtrppp.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\fwcmwjpm.dll
C:\WINDOWS\system32\jxxxleqw.ini
C:\WINDOWS\system32\kidhknnc.dll
C:\WINDOWS\system32\mpjwmcwf.ini
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\wqelxxxj.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 08:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 13:58 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Application Data\AdobeUM
2007-10-03 10:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games
2007-10-02 16:51 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Application Data\AdobeUM
2007-10-01 18:15 <DIR> d-------- C:\Documents and Settings\Mick.YAZA1867\Application Data\Apple Computer
2007-10-01 18:10 <DIR> d-------- C:\Documents and Settings\Mick.YAZA1867\Application Data\PC Suite
2007-09-28 21:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-28 21:25 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Application Data\Lavasoft
2007-09-27 08:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
2007-09-21 19:54 <DIR> d-------- C:\Program Files\ImTOO
2007-09-20 00:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-19 23:27 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-19 22:26 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Application Data\PlayFirst
2007-09-19 22:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2007-09-19 22:25 <DIR> d-------- C:\Program Files\Shockwave.com
2007-09-14 17:44 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Application Data\Nokia Multimedia Player
2007-09-14 17:43 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Application Data\Nokia
2007-09-14 17:37 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Phone Browser
2007-09-14 16:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-14 16:12 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2007-09-10 21:45 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Contacts
2007-09-10 21:44 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Application Data\PC Suite
2007-09-10 03:23 <DIR> d-------- C:\Documents and Settings\Steph.YAZA1867\Contacts
2007-09-10 03:22 <DIR> d-------- C:\Documents and Settings\Steph.YAZA1867\Application Data\PC Suite
2007-09-10 03:11 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Phone Browser
2007-09-10 03:09 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Application Data\Nokia
2007-09-10 03:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2007-09-10 03:08 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-10 03:08 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-10 03:08 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Application Data\PC Suite
2007-09-10 03:07 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-10 03:07 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-10 03:07 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-10 03:07 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-10 03:07 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-10 03:07 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-10 03:07 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-10 03:07 <DIR> d-------- C:\Program Files\Nokia
2007-09-10 03:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2007-09-08 23:09 <DIR> d-------- C:\Documents and Settings\Steph.YAZA1867\Application Data\Apple Computer
2007-09-08 00:55 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-08 00:55 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Contacts
2007-09-08 00:55 <DIR> d-------- C:\Documents and Settings\Emma!.YAZA1867\Application Data\Apple Computer
2007-09-07 23:44 <DIR> d-------- C:\Documents and Settings\Liz.YAZA1867\Application Data\Samsung
2007-09-07 23:22 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-09-07 23:21 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-09-07 23:21 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-09-07 23:21 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-09-07 23:21 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-09-07 23:21 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-09-07 23:21 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-09-07 23:21 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-09-07 23:21 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-09-07 23:21 <DIR> d-------- C:\Program Files\Samsung
2007-09-07 23:18 <DIR> d-------- C:\Program Files\Power Tab Software
2007-09-07 23:16 <DIR> d-------- C:\Program Files\BearShare
2007-09-07 23:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2007-09-07 23:04 <DIR> d-------- C:\Program Files\Bonjour
2007-09-07 22:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2007-09-07 22:37 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-07 22:36 <DIR> d-------- C:\Program Files\CyberLink
2007-09-07 22:35 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-09-07 22:34 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-09-07 22:34 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-09-07 22:34 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-09-07 22:34 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-07 22:34 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-09-07 22:26 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-09-07 22:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-07 22:26 <DIR> d-------- C:\Program Files\Ahead
2007-09-07 22:13 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-07 22:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision
2007-09-07 21:59 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-07 21:59 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-07 21:59 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-09-07 21:59 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-07 21:59 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-09-07 21:56 <DIR> d-------- C:\Program Files\Common Files\HP
2007-09-07 21:54 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2007-09-07 21:54 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-09-07 21:53 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-07 21:53 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-07 21:53 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-07 21:53 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-07 21:53 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-09-07 21:53 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-07 21:53 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-07 21:52 38,868 --------- C:\WINDOWS\hpomdl03.dat
2007-09-07 21:52 24,366 --a------ C:\WINDOWS\hpoins03.dat
2007-09-07 21:52 <DIR> d-------- C:\Program Files\HP
2007-09-07 21:50 917,504 --a------ C:\WINDOWS\system32\TblRes.dll
2007-09-07 21:50 69,632 --a------ C:\WINDOWS\system32\Funckey.dll
2007-09-07 21:50 65,536 --a------ C:\WINDOWS\system32\wintab32.dll
2007-09-07 21:50 49,152 --a------ C:\WINDOWS\system32\tblmouse.exe
2007-09-07 21:50 45,056 --a------ C:\WINDOWS\system32\Tblfunc.dll
2007-09-07 21:50 36,864 --a------ C:\WINDOWS\system32\utblfilt.dll
2007-09-07 21:50 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-09-07 21:50 176,128 --a------ C:\WINDOWS\system32\Atwtusb.exe
2007-09-07 21:50 12,084 --a------ C:\WINDOWS\system32\drivers\UTBLFILT.sys
2007-09-07 21:50 <DIR> d-------- C:\Program Files\A_Tablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 19:17 --------- d-------- C:\Program Files\iTunes
2007-09-28 19:17 --------- d-------- C:\Program Files\iPod
2007-09-20 22:58 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-07 17:17 --------- d-------- C:\Program Files\MSN Messenger
2007-09-07 16:24 --------- d-------- C:\Program Files\Apple Software Update
2007-09-07 05:36 --------- d-------- C:\Program Files\Thomson
2007-08-27 08:59 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-17 15:06 --------- d-------- C:\Program Files\DIFX
2007-08-11 08:30 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-09 21:18 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-09 09:38 --------- d-------- C:\Program Files\QuickTime
2007-08-09 09:36 --------- d-------- C:\Program Files\Common Files\Apple
2007-08-07 19:14 --------- d-------- C:\Program Files\Intel
2007-08-07 19:12 --------- d-------- C:\Program Files\Viewpoint
2007-08-07 19:12 --------- d-------- C:\Program Files\Learn2.com
2007-08-07 19:11 --------- d-------- C:\Program Files\Common Files\Nullsoft
2007-08-07 19:09 --------- d-------- C:\Program Files\Common Files\New Boundary
2007-07-31 03:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-31 03:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 03:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-31 03:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-31 03:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-31 03:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-31 03:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-31 03:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-31 03:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 C:\WINDOWS\mixer.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 19:38]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"atwtusb"="atwtusb.exe" [2002-03-11 19:42 C:\WINDOWS\system32\Atwtusb.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 01:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 23:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 06:55]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 23:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-24 15:00:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 17:26:20 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-07 17:26:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 08:36:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 8:39:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 08:39
.
--- E O F ---



This is the uninstall list from hijackThis:-

Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
BearShare
Cake Mania® 2
Delicious 2 Deluxe
DVDFab Platinum 3.1.5.0
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Intel® Graphics Media Accelerator Driver
iTunes
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
MPEG Encoder 3
MSXML 4.0 SP2 (KB936181)
Nero Suite
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
PC Connectivity Solution
PCI Audio Driver
PDF Settings
Power Tab Editor 1.7
PowerDVD
QuickTime
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio II 2.0 PIMS & File Manager
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SpeedTouch USB Software
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WIRELESS DESIGN & WORK TABLET 100/200/400/1200

And finally the new log file:-

Logfile of HijackThis v1.99.1
Scan saved at 08:46:09, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1189179034390
O17 - HKLM\System\CCS\Services\Tcpip\..\{095A1217-664D-4F8C-946F-C9E8734BC360}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{095A1217-664D-4F8C-946F-C9E8734BC360}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Again many thanks.

Liz

[Scotty]

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    
    + Extended(If available otherwise Standard)
  • Scan Options:
    
    + Scan Archives
    + Scan Mail Bases
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button
• Save the file to your desktop.
• Copy and paste that information in your next post.

[l12beth]

Hi Scotty Loaded Kaspersky as reqested and this is the report:- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, October 07, 2007 3:02:59 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 7/10/2007 Kaspersky Anti-Virus database records: 428727 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 89812 Number of viruses found: 5 Number of infected objects: 15 Number of suspicious objects: 0 Duration of the scan process: 01:13:15 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Logs\{46F2A6AE-DBA1-4243-897E-7775EF18D02B}.log Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\VirusScan\Data\TFRB.tmp Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\History\History.IE5\MSHist012007100720071008\index.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\ntuser.dat Object is locked skipped C:\Documents and Settings\Liz.YAZA1867\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped C:\qoobox\Quarantine\catchme2007-10-07_ 83645.82.zip/awtrppp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\qoobox\Quarantine\catchme2007-10-07_ 83645.82.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP19\A0004842.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP19\A0004842.exe/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP19\A0004842.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP48\A0009759.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP51\A0010008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP52\A0010229.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP54\A0010340.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP54\change.log Object is locked skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP8\A0001791.exe/EXE-file/stream/data0006 Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP8\A0001791.exe/EXE-file/stream Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP8\A0001791.exe/EXE-file Infected: not-a-virus:AdWare.Win32.NaviPromo.bw skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP8\A0001791.exe Embedded EXE: infected - 3 skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP8\A0001791.exe UPX: infected - 3 skipped C:\System Volume Information\_restore{C86DEF30-7DF6-4264-8FF0-46CCEEE4E501}\RP8\A0001791.exe PE_Patch.UPX: infected - 3 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcmsc_Dd1Grek3CK1SyPo Object is locked skipped C:\WINDOWS\Temp\mcmsc_gcEWZ0twlSuN8wv Object is locked skipped C:\WINDOWS\Temp\mcmsc_IINMfTGaboE7GDC Object is locked skipped C:\WINDOWS\Temp\mcmsc_WwepXq4qsabjdhX Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Is the qoobox file related to combofix?? Thanks

[Scotty]

Hi

Qoobox is Combo's quarantine folder.

To remove all things Combo go to Start>Run and type combofix /u then press ok.

This is my usual speech for when you are clean, which you appear to be.

Please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore.

It's also a good idea to Flush your System Restore points after ridding yourself of malware:

• Click Start | Help and Support | Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close the Help and Support Center box.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Here are some free programs I recommend, although you will not need them all.

Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

[l12beth]

Hi Scotty Many many thanks for you time and expertise Everything is running well now and no pop ups Thanks again Liz

[Scotty]

Hi You are welcome.

[Scotty]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.