HiJackThis Log Help

[YellowKid]

Hi I need a analyst for my HiJackThis Log. Can you please tell me which one I should fix,Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 1:20:03 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TASKMSN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jamie\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
O4 - HKLM\..\Run: [InternetEx] C:\WINDOWS\TASKMSN.EXE
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [f] C:\DOCUME~1\Jamie\LOCALS~1\Temp\1explore.exe
O4 - HKCU\..\Run: [mcbqdxjxyif1t] C:\DOCUME~1\Jamie\LOCALS~1\Temp\c0nime.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[YellowKid]

Hello? Someone please help?

[YellowKid]

Anyone? Please?

[tetonbob]

1. Download combofix.exe to your desktop.
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

[YellowKid]

Thank you for responding,I have followed your steps,and this is the following new Log of HiJackThis and Combo fix.

ComboFix 07-06-11
"Jamie" - 2007-06-10 18:52:41 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Jamie\Desktop\internet.lnk
C:\WINDOWS\system\1.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


2007-06-10 18:51 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-06 21:35 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-06 07:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-06-04 22:28 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\WinRAR
2007-06-03 18:24 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-03 18:24 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-03 13:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-02 13:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-02 13:12 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-02 08:33 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\CyberLink
2007-06-02 08:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-01 23:28 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-01 23:28 <DIR> d-------- C:\WINDOWS\Profiles
2007-06-01 23:28 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\InterTrust
2007-06-01 23:26 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-01 23:26 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-01 23:26 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-06-01 23:26 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-01 23:26 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-01 23:26 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-01 23:26 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-01 23:25 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-06-01 23:25 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-06-01 23:25 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-06-01 23:25 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-06-01 23:25 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2007-06-01 23:25 <DIR> d-------- C:\WINDOWS\InCD
2007-06-01 23:25 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-01 23:25 <DIR> d-------- C:\Program Files\Ahead
2007-06-01 23:23 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-06-01 23:23 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2007-06-01 23:23 <DIR> d-------- C:\Program Files\CyberLink
2007-06-01 23:23 <DIR> d-------- C:\MyWorks
2007-06-01 23:21 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2007-06-01 23:21 102,912 --------- C:\WINDOWS\system32\Vb6stkit.dll
2007-06-01 23:21 102,160 --------- C:\WINDOWS\system32\VB6KO.DLL
2007-06-01 23:21 <DIR> d-------- C:\Program Files\lg_fwupdate
2007-06-01 07:48 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Google
2007-06-01 07:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-06-01 07:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-01 07:46 <DIR> d-------- C:\Program Files\Real
2007-06-01 07:46 <DIR> d-------- C:\Program Files\Google
2007-06-01 07:46 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-01 07:46 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Real
2007-06-01 07:43 <DIR> d-------- C:\My Downloads
2007-05-31 18:12 86,016 --a------ C:\WINDOWS\system32\rpcapd.exe
2007-05-31 18:12 6,656 --a------ C:\WINDOWS\system32\NetMonInstaller.exe
2007-05-31 18:12 49,152 --a------ C:\WINDOWS\system32\npf_mgm.exe
2007-05-31 18:12 49,152 --a------ C:\WINDOWS\system32\daemon_mgm.exe
2007-05-31 07:45 <DIR> d---s---- C:\DOCUME~1\Jamie\UserData
2007-05-30 19:34 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-05-30 19:26 <DIR> d-------- C:\Nexon
2007-05-29 20:22 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-05-29 20:20 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-29 20:20 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-29 20:20 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-29 20:20 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-29 20:20 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-29 20:20 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-29 20:20 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-29 20:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2007-05-29 20:20 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-29 20:20 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-29 20:20 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-29 20:20 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-29 20:20 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-05-29 20:20 <DIR> d-------- C:\Program Files\Realtek
2007-05-29 20:14 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Help
2007-05-29 19:44 86,016 --a------ C:\WINDOWS\SoundMan.exe
2007-05-29 19:44 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-05-29 19:44 4,030,144 --a------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-05-29 19:44 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-05-29 19:44 <DIR> d-------- C:\Program Files\Realtek AC97
2007-05-29 19:43 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-05-29 19:43 217,088 --a------ C:\WINDOWS\alcrmv.exe
2007-05-29 19:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-29 19:07 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-29 19:07 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-05-29 19:06 9,711,104 --a------ C:\WINDOWS\RTLCPL.exe
2007-05-29 19:06 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-05-29 19:06 4,258,816 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-05-29 19:06 364,544 --a------ C:\WINDOWS\RtlUpd.exe
2007-05-29 19:06 2,809,344 --a------ C:\WINDOWS\alcwzrd.exe
2007-05-29 19:06 2,158,592 --a------ C:\WINDOWS\MicCal.exe
2007-05-29 19:06 16,120,832 --a------ C:\WINDOWS\RTHDCPL.exe
2007-05-29 18:58 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-29 18:58 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-29 18:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-29 18:38 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-05-29 18:38 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-05-29 18:38 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-05-29 18:38 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll
2007-05-29 18:38 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-05-29 18:38 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-05-29 18:38 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-05-29 18:38 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-05-29 18:38 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-05-29 18:38 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-05-29 18:38 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-05-29 18:38 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-01 07:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-26 18:25 C:\WINDOWS\RTHDCPL.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-01 07:46]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 10:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 18:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-01 07:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9C194C3F-615E-47EC-8552-88BB30DFF968}"="C:\WINDOWS\hngind.dll" []
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 18:58:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-10 19:00:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-10 19:00

--- E O F ---




Logfile of HijackThis v1.99.1
Scan saved at 7:11:13 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[tetonbob]

Good work.....

---------------------------------------------------------------------------------------------

Please download the Suspicious File Packer http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\system32\rpcapd.exe
C:\WINDOWS\system32\NetMonInstaller.exe
C:\WINDOWS\system32\npf_mgm.exe
C:\WINDOWS\system32\daemon_mgm.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.

---------------------------------------------------------------------------------------------

Copy and paste the following text inside the quote box into Notepad (don't forget to copy and paste REGEDIT4):

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9C194C3F-615E-47EC-8552-88BB30DFF968}"=-

Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware

• From the main screen, click on update, then click the Start
  update button.
• After the update finishes (the status bar at the bottom will display "Update
  successful")
• select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
• Select "Do Not Automatically generate report after every scan"

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the licence, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Create an uninstall list:

With HiJackThis still open

• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on the Box that says "Open Uninstall Manager"
• Click on the button "Save list"
• Copy and past the List from the notepad file into your post

---------------------------------------------------------------------------------------------

Please return with results from:

AVG Anti-Spyware
Kaspersky online scan
HijackThis
Uninstall list

[YellowKid]

I have done everything you have told me from the last post. Here are my results.

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 10:42:16 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Jamie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

HiJackThis Uninstall List


Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
DVD Solution
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
InCD
J2SE Runtime Environment 5.0 Update 3
Kaspersky Online Scanner
LG ODD Auto Firmware Update
LimeWire 4.12.11
MapleStory
Multimedia Launcher
Nero OEM
PowerDVD
PowerProducer
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Spybot - Search & Destroy 1.4
Windows Live Messenger
Windows XP Service Pack 2
WinRAR archiver


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:50:53 AM 6/11/2007

+ Scan result:



C:\Documents and Settings\Jamie\Cookies\jamie@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jamie\Cookies\jamie@network-ca.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jamie\Cookies\jamie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jamie\Cookies\jamie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jamie\Cookies\jamie@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.


::Report end

KasperSkyOnline results

Monday, June 11, 2007 5:23:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/06/2007
Kaspersky Anti-Virus database records: 342456


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 32359
Number of viruses found 1
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:41:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Jamie\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\dfsr.db Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\fsr.log Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Messenger\Rycedude@hotmail.com\SharingMetadata\Working\database_30F8_7DFD_F87D_C220\tmp.edb Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\Rycedude@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\Rycedude@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\MSHist012007061120070612\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DF73A3.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DF73BA.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFA51F.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFA5DA.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFD895.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Jamie\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Jamie\UserData\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system\1.exe.vir Infected: Trojan-Downloader.Win32.Agent.bst skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP12\A0004074.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP14\A0004260.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0008304.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0011310.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0013310.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015310.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015311.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015312.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015313.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015314.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015315.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015316.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015317.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015318.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015319.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015320.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015321.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015322.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015323.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015324.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015325.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015326.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015327.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015328.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015329.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015330.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015331.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015332.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015333.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015334.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015335.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015336.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015337.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015338.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015339.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015340.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015341.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015342.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015343.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015344.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015345.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015346.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015347.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015348.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015349.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015350.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015351.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015352.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015353.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015354.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015355.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015356.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015357.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015358.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015359.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015360.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015361.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015362.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015363.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015364.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015365.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015366.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015367.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015368.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015369.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015370.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015371.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015372.exe Object is locked skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP17\A0015376.exe Infected: Trojan-Downloader.Win32.Agent.bst skipped

C:\System Volume Information\_restore{032C976B-ACB4-42A3-BD86-CF044FE2DD97}\RP18\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[tetonbob]

Well done. We still have a few items to address.

P2P - I see you have P2P software ( Limewire, ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 u1.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". (4th one down)
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name. In your case, it is J2SE Runtime Environment 5.0 Update 3
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u1-windowsi586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

C:\QooBox\ is ComboFix's quarantine folder. You can safely delete it


C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Clear & Reset System Restore's Cache

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  Here are a few very good free Antivirus products which are available:
  • AOL Active Virus Shield (powered by Kaspersky Antivirus)
  • Avast!
  • AVG
  • Avira PersonalEdition Classic
  Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  

  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial

• FIREWALL
  If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  Do not install more than one firewall program because they will conflict with each other.

• Comodo Personal Firewall
• ZoneAlarm

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[YellowKid]

I have followed all your steps and my computer is running smoothly now,I thank you very much and I will try to keep my computer safe from any infections. Once again thank you ver much :)