takamine0427

Hello,

Our computer is segmented using two log in accounts. A little while back Kapernsky auto-launched one day saying there was a trojan of some kind on the computer. It seemed to successfully quarantine the infection but we were then unable to use any application on that account that connected to the internet and I was unable to figure out how to reset everything. A few days later one of the family members realized that we could go on the internet using the other account on the computer and we've been doing that for a little while. All of a sudden we are getting pop up boxes that are supposed to look like Windows messages that alert us to mass infections on the computer and to click certain buttons to clear them etc...

I'm not really sure what to do from here and am hoping someone can help us get rid of whatever infection we have and restore settings so we can access the internet from both our log on accounts.



DDS (Ver_09-07-30.01) - NTFSx86
Run by Holly King at 11:41:20.75 on Fri 08/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.435 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Aladdin Systems\Internet Cleanup\icserv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Holly King\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://conversations.yahoo.com/dir/Conversations/Meet_People/Cultures_&_Community/Friends?a=1
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {319A68DB-06D0-46DA-9F93-A810D5A70836} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
mRun: [nwiz] nwiz.exe /install
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxdcmon.exe] "c:\program files\lexmark 1300 series\lxdcmon.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: <NO NAME> =
IE: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {bba9a1cb-c90a-4912-8f01-dfa51a2b4102} - {68627251-8a78-4bf4-8dd8-c4231dd80494} - c:\program files\aladdin systems\internet cleanup\ic3hlpr.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\aladdin systems\internet cleanup\adlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} - hxxp://www.bravetree.com/downloader/BTDownloadCtrl.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://digitallycaptured.instantlogic.com/XUpload.ocx
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4283/mcfscan.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-10-13 213520]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-7-29 208616]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 icservice;icservice;c:\program files\aladdin systems\internet cleanup\icserv.exe [2002-12-11 32768]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2008-5-7 99248]

=============== Created Last 30 ================

2009-08-12 06:50 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 06:50 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-07 07:48 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-06 06:55 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-06 06:54 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 06:54 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-06 06:54 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 06:54 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-06 06:54 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 06:54 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-06 06:54 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 06:53 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-21 11:41 794,656 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-08-21 11:41 4,844 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-20 18:20 3,659,296 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-20 18:20 30,716 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 08:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 08:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 06:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 03:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 03:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 03:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 07:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-01 09:27 2,445 a------- c:\windows\st_1243885181.exe
2009-06-01 09:27 2,444 a------- c:\windows\st_1243887221.exe
2008-06-01 15:52 10,240 a--sh--- c:\program files\Thumbs.db
2006-04-14 23:31 12,846,248 a------- c:\program files\QuickTimeFullInstaller.exe
2005-11-13 09:52 606,352 a------- c:\program files\BugdoctorSetup.exe
2005-10-09 15:34 34,039,576 a------- c:\program files\iTunesSetup.exe
2005-05-18 19:15 1,164,112 a------- c:\program files\wrar341.exe
2003-04-23 18:55 207,759 ac------ c:\program files\INSTALL.LOG
2002-09-11 09:26 63,730 a------- c:\program files\viewsonicinstruct_xp.pdf
2008-10-14 08:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat

============= FINISH: 11:42:26.10 ===============

Attached Files

	Attach.txt (10.4 KB, 0 views)
	ark.txt (6.7 KB, 2 views)

Glaswegian

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

takamine0427

Thank you for your help. The combofix report is below.

ComboFix 09-08-24.05 - Holly King 08/24/2009 20:35.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.473 [GMT -5:00]
Running from: c:\documents and settings\Holly King\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\04BC0EBE
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\Install.inf
c:\windows\Fonts\Wphv07nb.ttf
c:\windows\Installer\1ce2e52.msi
c:\windows\Installer\2665176.msi
c:\windows\Installer\528ad.msp
c:\windows\Installer\5d43259.msi
c:\windows\Installer\70434.msp
c:\windows\Installer\70437.msp
c:\windows\Installer\f595625.msi
c:\windows\sonce122714.dat
c:\windows\st_1243885181.exe
c:\windows\st_1243887221.exe
c:\windows\system32\42KJE738.ocx
c:\windows\system32\Data
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\sysloc

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-25 01:22 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Michael King\Application Data\mjusbsp\in00000\setup.exe
2009-08-25 01:21 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Michael King\Application Data\mjusbsp\ar00000\install.exe
2009-08-12 14:12 . 2009-08-12 14:12 -------- d-----w- c:\documents and settings\Holly King\Local Settings\Application Data\Apple
2009-08-12 11:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-06 11:55 . 2009-08-06 11:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-06 11:55 . 2009-08-06 11:55 -------- d-----w- c:\program files\MSBuild
2009-08-06 11:54 . 2009-08-06 11:54 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 11:54 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 11:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-06 11:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 11:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-06 11:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 11:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-06 11:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 11:53 . 2009-08-06 12:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 16:06 . 2009-07-26 16:06 1878984 ----a-w- c:\documents and settings\Holly King\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 01:48 . 2008-10-14 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-25 01:45 . 2008-10-14 03:32 802848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-25 01:45 . 2008-10-14 03:32 4872 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-25 01:45 . 2008-10-14 03:32 3659296 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-25 01:45 . 2008-10-14 03:32 30716 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-25 01:22 . 2008-12-31 01:09 -------- d-----w- c:\documents and settings\Michael King\Application Data\mjusbsp
2009-08-11 13:16 . 2003-04-28 23:38 64736 -c--a-w- c:\documents and settings\Michael King\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 12:50 . 2003-06-04 01:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-06 12:50 . 2003-06-17 13:14 -------- d-----w- c:\documents and settings\Holly King\Application Data\AdobeUM
2009-08-06 12:46 . 2003-04-29 15:02 64736 -c--a-w- c:\documents and settings\Holly King\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2002-08-29 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 15:16 . 2009-02-04 14:12 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-07-17 19:01 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-01-17 04:17 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 10:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2002-08-29 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-08-29 10:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2002-08-29 10:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2002-08-29 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2002-08-29 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-13 15:28 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-06-01 20:52 . 2005-06-05 14:07 10240 --sha-w- c:\program files\Thumbs.db
2006-04-15 04:31 . 2006-04-15 04:30 12846248 ----a-w- c:\program files\QuickTimeFullInstaller.exe
2005-11-13 14:52 . 2005-11-13 14:52 606352 ----a-w- c:\program files\BugdoctorSetup.exe
2005-10-09 20:34 . 2005-10-09 20:34 34039576 ----a-w- c:\program files\iTunesSetup.exe
2005-05-19 00:15 . 2005-05-19 00:15 1164112 ----a-w- c:\program files\wrar341.exe
2002-09-11 14:26 . 2005-02-22 00:41 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-09-06 36864]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-09-06 794112]
"tgcmdprovidersbc"="c:\program files\support.com\bin\tgcmd.exe" [2002-07-15 1544192]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-15 180269]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-04-02 684032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-26 208616]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-10-06 741376]

c:\documents and settings\Michael King\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-6-3 113664]
Connection Manager.lnk - c:\program files\SBC\Connection Manager\CManager.exe [2003-5-13 3403907]
PowerReg Scheduler.exe [2005-5-10 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-04 15:53 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdctime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Michael King\\Application Data\\mjusbsp\\magicJack.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\SYSTEM32\DRIVERS\klbg.sys [1/29/2008 6:29 PM 33808]
R2 icservice;icservice;c:\program files\Aladdin Systems\Internet Cleanup\icserv.exe [12/11/2002 4:17 PM 32768]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [4/30/2008 6:06 PM 24592]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcserv.exe [5/7/2008 6:56 PM 99248]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2003-04-28 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://conversations.yahoo.com/dir/Conversations/Meet_People/Cultures_&_Community/Friends?a=1
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
LSP: c:\program files\Aladdin Systems\Internet Cleanup\adlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 20:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???X???????????x???????????????????H???P???? ?w? ?w)??p????????(????????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\SYSTEM32\LexBceS.exe
c:\windows\SYSTEM32\Lexpps.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\windows\SYSTEM32\lxdccoms.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe
c:\windows\SYSTEM32\rundll32.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-25 20:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 01:57
ComboFix2.txt 2008-03-01 18:41

Pre-Run: 7,931,641,856 bytes free
Post-Run: 7,972,827,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
237 --- E O F --- 2009-08-13 15:46

Glaswegian

Hi again

How is your system running now?


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Delete the following File indicated in RED if it still exists.

c:\Program Files\BugdoctorSetup.exe

Note: If it proves to be stubborn, you may have to boot to Safe Mode to delete it.



Online Scan
Perform an online scan with Panda ActiveScan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log to your reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.

takamine0427

Hello,

...thank you for your continued help. The main account still cannot connect to the internet (I tried connecting to both Google and Yahoo) and is getting the error message posted below (with system error log info). The secondary account we still can access the internet and things seem a little bit better...at least we are not getting pop up boxes saying our computer is infected and to click buttons etc...to fix it....so that's good.

This is the error log I got from doing a system analysis on our main account...hopefully you can help guide me to fixing things so that account can access the internet again.

Windows cannot connect to the Internet using HTTP, HTTPS, or FTP.
This is probably caused by firewall settings on this computer.

Check the firewall settings for the HTTP port (80), HTTPS port (443) and FTP
port (21).


Last diagnostic run time: 08/25/09 21:32:04 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info HTTPS: Successfully connected to www.microsoft.com.
info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
info Redirecting user to support call



DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: yes
No DNS servers

DNS failure




Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:http=localhost:7171 Proxy Bypass list:*.local;<local>
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info Skipped gateway connectivity check because of IE proxy configuration



IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed



IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 192.168.1.101



Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR




WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel(R) PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Network connection: Name=Juno, Device=BCM V.92 56K Voicemodem, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=America Online, Device=BCM V.92 56K Voicemodem, MediaType=PHONE, SubMediaType=NONE
info Network connection: Name=sbc, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Network connection: Name=DSL Connection, Device=WAN Miniport (PPPOE), MediaType=PPPOE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12031 connecting to www.microsoft.com: The connection with the server was reset
warn HTTPS: Error 12037 connecting to www.passport.net: The date in the certificate is invalid or has expired
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.





I downloaded and ran the Panda Active Scan and it showed we still had infections. (see attachment)

Attached Files

ActiveScan.txt (29.1 KB, 1 views)

Glaswegian

Hi again

Panda is showing the cracks on your system – I would strongly recommend you delete these files

C:\Documents and Settings\Michael King\Desktop\Bibble\bibble.4.95-patch.exe
C:\Documents and Settings\Michael King\Desktop\Miscelaneous\DVD XCOPY CRACK-THIS WORKS.zip
C:\Documents and Settings\Michael King\Desktop\Miscelaneous\DVD XCOPY CRACK-THIS WORKS\Keygen.exe

Using crack files is inviting an infection onto your system. You have no idea where these cracks originate or who created them – or what they really contain.



Delete the following File indicated in RED if it still exists.

c:\documents and settings\holly king\favorites\antivirus test online.url

Note: If it proves to be stubborn, you may have to boot to Safe Mode to delete it.



Other than that, everything looks clean. I’m afraid I’m no expert when it comes to deciphering these error messages. I would recommend you try our XP Forum – plenty of experts there that will be able to help you with the profile issue. Remember and let them know that you’ve been cleared by Security.


If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.


The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /u



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.


Ad-aware 2008 Free Edition
Download and install Ad-Aware 2008 Free Edition. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall for XP does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm


Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.


Web of Trust
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.


ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system.


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.

takamine0427

Thank you for your help and advice! I downloaded and will start using Firefox. I'm wondering though...will the other programs interfere with Kapernsky?...since a lot of the functions overlap? Would the other programs you mentioned basically give me what Kapernsky does for free?...wondering if I should continue paying for Kapernsky when the contract renews...

Glaswegian

Hi

I use all the programmes listed in my signature - no conflicts. Most of these are stand alone on-demand scanners. Make sure you only have one AV and one firewall otherwise there will be conflicts.