hi, thanks for the steps .. the computer seems to behaving wonderful now! Thanks a lot for your help! =D i did all the things you told me.. but i had difficulty finding the vrsvs service when i was trying to do the 'disable NT services' section in your steps.. the rest, i did as normal and everything turned out alright.. here are the reports that you told me to post.
combofix - first running ::
------------------------
My PC - 06-11-28 17:00:21.72 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\My PC\desktop"
Command switches used :: /v vorenbj ppgglue svsahaf ljjjkhh ybtxw ssqqr ioceuskd tnziiib cqjkpwk vvdkkpe winmqx32
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vorenbj.dll
C:\WINDOWS\system32\ppgglue.dll
C:\WINDOWS\system32\svsahaf.dll
C:\WINDOWS\system32\tnziiib.dll
C:\WINDOWS\system32\cqjkpwk.dll
C:\WINDOWS\system32\vvdkkpe.dll
C:\WINDOWS\system32\rqqss.ini
C:\WINDOWS\system32\rqqss.bak2
C:\WINDOWS\system32\rqqss.bak1
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Safety Bar
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{44645217-0383-1033-0803-01022403003d}
C:\Program Files\Common Files\{34645217-0383-1033-0803-01022403003d}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\Common Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\MBOLS~1\??rss.exe
C:\QooBox\Purity\Documents and Settings\My PC\Application Data\ąPPATC~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))
2006-11-27 21:27 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-27 21:20 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-27 21:11 71,168 --a------ C:\WINDOWS\system32\drvsov.dll
2006-11-27 21:11 40,973 ---hs---- C:\WINDOWS\system32\rqroopo.dll
2006-11-27 19:19 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\AVG7
2006-11-27 19:08 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-27 19:08 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-27 19:08 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-27 19:08 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-27 19:08 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-27 19:08 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-27 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-27 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-25 09:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-25 09:17 <DIR> d-------- C:\Program Files\Grisoft
2006-11-22 23:24 <DIR> d-------- C:\HijackThis
2006-11-22 18:05 40,973 ---hs---- C:\WINDOWS\system32\efcyyab.dll
2006-11-22 00:05 <DIR> d--hs---- C:\FOUND.003
2006-11-21 07:24 40,973 ---hs---- C:\WINDOWS\system32\jkkhfge.dll
2006-11-19 23:56 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-19 23:55 <DIR> d--hs---- C:\FOUND.002
2006-11-19 21:02 40,973 ---hs---- C:\WINDOWS\system32\opnkkjg.dll
2006-11-19 08:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-19 06:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-19 06:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-19 05:32 <DIR> d-------- C:\Program Files\SpywareHeal
2006-11-19 04:08 <DIR> d-------- C:\WINDOWS\system32\ądobe
2006-11-19 04:06 40,973 ---hs---- C:\WINDOWS\system32\byxyvvt.dll
2006-11-18 23:19 <DIR> d--hs---- C:\FOUND.001
2006-11-18 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-11-18 07:08 12,288 --a------ C:\WINDOWS\system32\impborl.dll
2006-11-18 07:06 <DIR> d---s---- C:\Documents and Settings\My PC\UserData
2006-11-17 21:52 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-17 21:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-17 21:52 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-17 21:50 40,973 ---hs---- C:\WINDOWS\system32\yayawvt.dll
2006-11-17 20:53 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-17 20:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-17 19:55 <DIR> d-------- C:\Documents and Settings\My PC\Shared
2006-11-17 19:55 <DIR> d-------- C:\Documents and Settings\My PC\Incomplete
2006-11-17 19:51 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\LimeWire
2006-11-17 19:47 <DIR> d-------- C:\Program Files\Java
2006-11-17 19:46 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-17 19:45 <DIR> d-------- C:\Program Files\LimeWire
2006-11-17 19:43 <DIR> d-------- C:\My Downloads
2006-11-17 18:59 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Macromedia
2006-11-17 17:58 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\SearchToolbarCorp
2006-11-17 17:22 196,608 --a------ C:\WINDOWS\system32\RtlLib.dll
2006-11-17 17:22 155,648 --a------ C:\WINDOWS\system32\IpLib.dll
2006-11-17 17:22 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2006-11-17 17:22 126,976 --a------ C:\WINDOWS\system32\EnumDevLib.dll
2006-11-17 17:22 108,160 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2006-11-17 17:22 <DIR> d-------- C:\WINDOWS\OPTIONS
2006-11-17 17:15 59,136 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2006-11-17 17:15 <DIR> d-------- C:\Program Files\NETGEAR
2006-11-17 17:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-17 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-17 17:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-17 17:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-17 17:07 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-11-17 17:03 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe
2006-11-17 17:03 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL
2006-11-17 17:03 116,736 --------- C:\WINDOWS\system32\CNMLM6e.DLL
2006-11-17 17:03 <DIR> d--hs---- C:\FOUND.000
2006-11-17 17:03 <DIR> d--h----- C:\BJPrinter
2006-11-17 17:02 <DIR> d-------- C:\WINDOWS\StartHtmico
2006-11-17 17:02 <DIR> d-------- C:\WINDOWS\IP1000
2006-11-17 17:01 <DIR> d-------- C:\Program Files\Canon
2006-11-17 16:58 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-17 16:55 110,612 --a------ C:\WINDOWS\system32\assqmddj.exe
2006-11-17 16:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-17 16:53 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-17 16:50 <DIR> d--hs---- C:\Recycled
2006-11-17 16:49 40,973 ---hs---- C:\WINDOWS\system32\byxxvtt.dll
2006-11-17 16:49 2 --a------ C:\WINDOWS\system32\wapisvtr.exe
2006-11-16 18:48 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-16 18:18 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-16 18:18 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-16 18:18 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-16 18:18 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-16 18:18 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-16 18:17 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-16 18:17 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-16 18:17 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-16 18:16 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2006-11-16 18:16 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-16 18:12 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-16 18:12 13,312 --a------ C:\WINDOWS\system32\irclass.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-20 07:46 17144 --a------ C:\Documents and Settings\My PC\Application Data\GDIPFONTCACHEV1.DAT
2006-10-13 23:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 23:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 23:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 21:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-13 16:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uuir"="\"C:\\PROGRA~1\\COMMON~1\\WNSXS~1\\fast.exe\" -vt tzt"
"Bwcpgrj"="C:\\Program Files\\Common Files\\??mbols\\??rss.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RtWLan"="C:\\Program Files\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe /H"
"tnziiib.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\tnziiib.dll,xeokrvd"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"cqjkpwk.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\cqjkpwk.dll,kghdbsf"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"vvdkkpe.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\vvdkkpe.dll,agkxvbc"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvsov.dll,startup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About
:Home"
"SubscribedURL"="About
:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
"nLite"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,\
65,2e,63,6d,64,00
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
"nLite"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,\
65,2e,63,6d,64,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{0bad5052-665d-40d4-a9bd-a2891eaafb42}"="boucicault"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoInternetOpenWith"=dword:00000001
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"cussers"="{ff170564-36c8-43f7-9100-559e166405cf}"
"boucicault"="{0bad5052-665d-40d4-a9bd-a2891eaafb42}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-28 17:03:39.38
C:\ComboFix.txt ... 06-11-28 17:03
--------------------
here is the AVG A/S scan::
--------------------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:02:05 PM 28/11/2006
+ Scan result:
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0003395.dll -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-746137067-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-746137067-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0006970.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP10\A0003406.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005523.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006925.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP6\A0001249.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP7\A0001506.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0001903.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0003003.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP10\A0003420.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP10\A0003421.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005555.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005556.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005557.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005570.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005571.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005572.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005574.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005575.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP11\A0005576.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006856.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006857.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006858.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006907.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0006959.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0006960.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP6\A0001328.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0002925.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0003398.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0003399.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0006950.DLL -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\byxxvtt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\byxyvvt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\efcyyab.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jkkhfge.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\opnkkjg.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yayawvt.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP9\A0003396.exe -> Adware.VirusBurst.c : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{898272CF-3ACE-4A7B-98FA-9EB8DB8B26DC} -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006917.ini -> Adware.VirusRescue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006919.tlb -> Adware.VirusRescue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006920.exe -> Adware.VirusRescue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP17\A0006931.ini -> Adware.VirusRescue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0006994.dll -> Adware.VirusRescue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0007027.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP6\A0001459.dll -> Downloader.Zlob.akg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0007025.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0007026.dll -> Not-A-Virus.Hoax.Win32.Renos.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0007023.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C4EE6BC2-8580-4263-BB6A-CC8A87B1926A}\RP18\A0007022.dll -> Trojan.Agent.neq : Cleaned with backup (quarantined).
::Report end
----------------------------
here is the rapport.txt from Smitfraud::
---------------------------
SmitFraudFix v2.125
Scan done at 17:21:46.87, Tue 28/11/2006
Run from C:\Documents and Settings\My PC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0bad5052-665d-40d4-a9bd-a2891eaafb42}"="boucicault"
[HKEY_CLASSES_ROOT\CLSID\{0bad5052-665d-40d4-a9bd-a2891eaafb42}\InProcServer32]
@="C:\WINDOWS\system32\fmrmhc.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0bad5052-665d-40d4-a9bd-a2891eaafb42}\InProcServer32]
@="C:\WINDOWS\system32\fmrmhc.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\.protected Deleted
C:\DOCUME~1\MYPC~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\MYPC~1\STARTM~1\PROGRAMS\STARTUP\.protected Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\.protected Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-------------------------------
here is the combofix.txt the second time running::
-------------------------------
My PC - 06-11-28 18:55:19.84 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\My PC\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\Common Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\MBOLS~1\??rss_exe.vir
C:\QooBox\Purity\Documents and Settings\My PC\Application Data\ąPPATC~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))
2006-11-28 18:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-28 18:20 <DIR> d-------- C:\WINDOWS\LastGood
2006-11-28 17:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-28 17:21 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-28 17:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-28 17:21 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-27 21:27 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-27 21:20 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-27 21:11 71,168 --a------ C:\WINDOWS\system32\drvsov.dll
2006-11-27 21:11 40,973 ---hs---- C:\WINDOWS\system32\rqroopo.dll
2006-11-27 19:19 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\AVG7
2006-11-27 19:08 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-27 19:08 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-27 19:08 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-27 19:08 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-27 19:08 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-27 19:08 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-27 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-27 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-25 09:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-25 09:17 <DIR> d-------- C:\Program Files\Grisoft
2006-11-22 23:24 <DIR> d-------- C:\HijackThis
2006-11-22 00:05 <DIR> d--hs---- C:\FOUND.003
2006-11-19 23:56 <DIR> d-------- C:\WINDOWS\Minidump
2006-11-19 23:55 <DIR> d--hs---- C:\FOUND.002
2006-11-19 08:58 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-19 06:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-19 06:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-19 04:08 <DIR> d-------- C:\WINDOWS\system32\ądobe
2006-11-18 23:19 <DIR> d--hs---- C:\FOUND.001
2006-11-18 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-11-18 07:08 12,288 --a------ C:\WINDOWS\system32\impborl.dll
2006-11-18 07:06 <DIR> d---s---- C:\Documents and Settings\My PC\UserData
2006-11-17 21:52 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-17 21:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-17 21:52 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-17 20:53 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-17 20:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-11-17 19:55 <DIR> d-------- C:\Documents and Settings\My PC\Shared
2006-11-17 19:55 <DIR> d-------- C:\Documents and Settings\My PC\Incomplete
2006-11-17 19:51 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\LimeWire
2006-11-17 19:47 <DIR> d-------- C:\Program Files\Java
2006-11-17 19:46 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-17 19:45 <DIR> d-------- C:\Program Files\LimeWire
2006-11-17 19:43 <DIR> d-------- C:\My Downloads
2006-11-17 18:59 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Macromedia
2006-11-17 17:58 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\SearchToolbarCorp
2006-11-17 17:22 196,608 --a------ C:\WINDOWS\system32\RtlLib.dll
2006-11-17 17:22 155,648 --a------ C:\WINDOWS\system32\IpLib.dll
2006-11-17 17:22 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2006-11-17 17:22 126,976 --a------ C:\WINDOWS\system32\EnumDevLib.dll
2006-11-17 17:22 108,160 --a------ C:\WINDOWS\system32\drivers\wg111v2.sys
2006-11-17 17:22 <DIR> d-------- C:\WINDOWS\OPTIONS
2006-11-17 17:15 59,136 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2006-11-17 17:15 <DIR> d-------- C:\Program Files\NETGEAR
2006-11-17 17:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-17 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-17 17:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-17 17:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-17 17:07 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-11-17 17:03 86,016 -ra------ C:\WINDOWS\system32\CNMCP6e.exe
2006-11-17 17:03 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL
2006-11-17 17:03 116,736 --------- C:\WINDOWS\system32\CNMLM6e.DLL
2006-11-17 17:03 <DIR> d--hs---- C:\FOUND.000
2006-11-17 17:03 <DIR> d--h----- C:\BJPrinter
2006-11-17 17:02 <DIR> d-------- C:\WINDOWS\StartHtmico
2006-11-17 17:02 <DIR> d-------- C:\WINDOWS\IP1000
2006-11-17 17:01 <DIR> d-------- C:\Program Files\Canon
2006-11-17 16:58 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-17 16:55 110,612 --a------ C:\WINDOWS\system32\assqmddj.exe
2006-11-17 16:54 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-17 16:53 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-17 16:50 <DIR> d--hs---- C:\Recycled
2006-11-17 16:49 2 --a------ C:\WINDOWS\system32\wapisvtr.exe
2006-11-16 18:48 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-16 18:18 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-16 18:18 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-16 18:18 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-16 18:18 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-16 18:18 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-16 18:17 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-16 18:17 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-16 18:17 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-16 18:16 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2006-11-16 18:16 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-16 18:12 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-16 18:12 13,312 --a------ C:\WINDOWS\system32\irclass.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-20 07:46 17144 --a------ C:\Documents and Settings\My PC\Application Data\GDIPFONTCACHEV1.DAT
2006-10-13 23:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 23:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 23:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 21:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-13 16:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uuir"="\"C:\\PROGRA~1\\COMMON~1\\WNSXS~1\\fast.exe\" -vt tzt"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RtWLan"="C:\\Program Files\\NETGEAR\\WG111v2 Configuration Utility\\RtWLan.exe /H"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
"nLite"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,\
65,2e,63,6d,64,00
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00
"nLite"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,69,6e,66,5c,6e,6c,69,74,\
65,2e,63,6d,64,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoInternetOpenWith"=dword:00000001
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-28 18:56:21.24
C:\ComboFix2.txt ... 06-11-28 17:03
C:\ComboFix.txt ... 06-11-28 18:56
----------------------------
and finally the new HJT log in normal mode::
---------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:58:35 PM, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\HijackThis\filo.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2C2CC20D-65BF-46E6-94CA-D2BB81A38D12} - C:\WINDOWS\system32\ssqqr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\ljjjkhh.dll (file missing)
O2 - BHO: (no name) - {D7634C49-8AAF-F370-DEDF-A728EA7B67CD} - C:\WINDOWS\system32\ybtxw.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ioceuskd.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RtWLan] C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uuir] "C:\PROGRA~1\COMMON~1\WNSXS~1\fast.exe" -vt tzt
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
-------------------------
and thats everything you asked me to post ..
the computer is working faster than before and the popups are not coming up anymore! =D But i think there are still some viruses still left inside my computer when i ran the panda scan .. but thanks for everything so far, you've been a great help!