Tech Support banner
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 · (Edited)
Hello,

I've recently started having problems with popups that open the URL softshape.info/serve and mobilerider.com. These are unsolicited popups anytime a link is clicked in MSIE. If I use the AOL Explorer, I am not interupted by these popups.

I am running a popup blocker and antispyware, but these still persist. Following is my Hijack This log. Thanks in advance for your assistance.


Darrell

Logfile of HijackThis v1.99.1
Scan saved at 10:41:04 PM, on 12/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\yiauftbA.exe
C:\Program Files\Common Files\AOL\1122147419\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1122147419\ee\aolsoftware.exe
c:\program files\common files\aol\1122147419\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1122147419\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\?asks\r?gsvr32.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {800909C9-942B-F48A-7A47-ECECDAE24F9D} - C:\WINDOWS\system32\kewobr.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sjdii.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eekmttv.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Web Assistant - {04CDB16C-AB38-43CD-A86A-6FEB90290939} - C:\Program Files\PadsysAssistant\AssistantLibrary.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {800909C9-942B-F48A-7A47-ECECDAE24F9D} - C:\WINDOWS\system32\kewobr.dll
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - C:\WINDOWS\system32\guhlaktq.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1122147419\ee\SSCRun.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [yiauftbA] C:\WINDOWS\yiauftbA.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm027YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.8.4.51/aces/aces-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.5.21/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.5.21/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.5.21/jigsaw/jigsaw-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.8.4.51/freecell/freecell-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122155299184
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122597138468
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://sametime.nutechs.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.23.9/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 

·
Registered
Joined
·
2,096 Posts
Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.
 

·
Registered
Joined
·
2,096 Posts
Hello and welcome to TSF :smile:.

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

________________________________________________

Downloads

1. Please download Cleanup! and install it. You will use this later. Do not install if you are using the 64 bit version of windows. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs_edits/xp_whichcpu.exe

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

The following is the alternate download location for CleanUp!. Please download the program from this link if the main link is out of service:

http://www.stevengould.org/downloads/cleanup/CleanUp452.exe

2. Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

3. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:BFU).

Do not do anything with these yet!

4. Download combofix from one of these locations:**Save it to your desktop**

Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /v kewobr guhlaktq



When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
________________________________________________

Show Hidden Files and Folders

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.
________________________________________________________________________________

Fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

MyWebSearch

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R3 - URLSearchHook: (no name) - {800909C9-942B-F48A-7A47-ECECDAE24F9D} - C:\WINDOWS\system32\kewobr.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sjdii.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,eekmttv.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [yiauftbA] C:\WINDOWS\yiauftbA.exe


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
- Please leave these two 06 entries alone if you have set these restrictions yourself with Spybot Search&Destroy.

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm027YYUS
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab


Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\MyWebSearch
C:\WINDOWS\system32\sjdii.exe
C:\WINDOWS\system32\eekmttv.exe
C:\WINDOWS\yiauftbA.exe

__________________________________________________________________

Cleanup!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program.
Do not logoff or reboot when prompted.

AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

BFU

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon
    and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG Anti Spyware text report that you saved and a new HiJackThis log.
_______________________________________________________________

Combofix

Please run Combofix again. Double click on the file combofix.exe saved on your desktop and follow the prompts and post the content of the log it produces with your next reply.
Do not mouse click combofix's window whilst it's running. That may cause it to stall.
__________________________________________________________________

Reboot your system in Normal Mode.

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


Please provide the following logs with your next post (In the Following Order):

Combofix2.txt
AVG Anti-Spyware
Panda Scan
Combofix.txt
HijackThis (A fresh one)


Please let me know about your systems overall behaviour :smile:.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #4 ·
Reply to post 'Softshape.info/serve Popups'

Thank you for a quick response. I have completed the suggested steps and all seems to be working properly. The log files you requested are included below.

Combofix2.txt

"Diane" - 07-01-01 13:39:41.37 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\Diane\desktop"
Command switches used :: /v kewobr guhlaktq

ntpB was used

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKCU\...\Run C:\WINDOWS\system32\damein.exe
O4 - HKLM\...\Run C:\WINDOWS\system32\damein.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\syste
C:\Documents and
C:\WINDOWS\busla
C:\WINDOWS\system32\damein.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


07-01-01 00:00 323 busla.dll.qoo
06-12-10 19:31 53 qpwnol.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\kewobr.dll
C:\WINDOWS\system32\guhlaktq.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG
C:\WINDOWS\system32\aamd532.dll
C:\WINDOWS\Downloaded Program Files\Quarantine
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\ICROSO~1\?icrosoft
C:\qoobox\purity\WINDOWS\ASKS~1
C:\qoobox\purity\WINDOWS\ASKS~1\r?gsvr32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))


2007-01-01 13:35 <DIR> d-------- C:\BFU
2007-01-01 13:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-01 13:29 <DIR> d-------- C:\Program Files\Grisoft
2006-12-31 16:21 <DIR> d-------- C:\Program Files\Cartoon Network
2006-12-30 12:45 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-30 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-30 02:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-30 01:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-29 23:49 <DIR> d-------- C:\DOCUME~1\Diane\.housecall6.6
2006-12-29 23:30 <DIR> d-------- C:\New Folder (2)
2006-12-29 13:21 <DIR> d-------- C:\HJT
2006-12-24 19:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-23 21:39 801,920 -r-hs---- C:\WINDOWS\yiauftbA.exe
2006-12-20 08:25 <DIR> d-------- C:\WINDOWS\CAVTemp
2006-12-17 09:07 <DIR> d-------- C:\DOCUME~1\Diane\APPLIC~1\Lavasoft
2006-12-17 08:28 157,184 --a------ C:\WINDOWS\system32\jhmeawh.dll
2006-12-16 23:45 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-16 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2006-12-16 23:44 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2006-12-16 23:44 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2006-12-16 23:44 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2006-12-16 23:44 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-12-16 23:44 243,824 --a------ C:\WINDOWS\unicows.dll
2006-12-16 23:44 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2006-12-16 23:44 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2006-12-16 23:44 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2006-12-16 23:44 115,824 --a------ C:\WINDOWS\UnVet32.exe
2006-12-16 23:44 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2006-12-16 23:44 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-12-16 23:43 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2006-12-16 23:43 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll
2006-12-16 23:42 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-12-16 23:42 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-12-16 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-16 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-16 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-10 19:33 2 --a------ C:\WINDOWS\system32\wtstr.exe
2006-12-10 19:33 <DIR> d--hs---- C:\WINDOWS\RGlhbmUgVHVnZW5kZXI
2006-12-10 19:32 <DIR> d-------- C:\WINDOWS\ukow
2006-12-10 19:32 <DIR> d-------- C:\Program Files\Common Files\ukow
2006-12-10 19:31 343,040 --a------ C:\WINDOWS\system32\damein.exe
2006-12-10 19:31 309,088 --a------ C:\WINDOWS\adsponsor.exe
2006-12-10 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
2006-12-05 16:10 <DIR> d-------- C:\Program Files\MySpace
2006-12-05 16:10 <DIR> d-------- C:\DOCUME~1\Diane\APPLIC~1\MySpace
2006-12-02 20:17 <DIR> d-------- C:\Program Files\IrfanView


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-30 02:14 -------- d-------- C:\Program Files\efax messenger 4.1
2006-12-30 02:14 -------- d-------- C:\Program Files\Common Files\scanner
2006-12-30 02:13 -------- d-------- C:\Program Files\Common Files\aolshare
2006-12-29 23:32 -------- d-------- C:\Program Files\google
2006-12-24 20:01 -------- d-------- C:\Program Files\windows media connect 2
2006-12-21 17:17 -------- d-------- C:\Documents and Settings\Diane\Application Data\google
2006-12-19 13:14 -------- d-------- C:\Program Files\java
2006-12-17 09:07 -------- d-------- C:\Documents and Settings\Diane\Application Data\lavasoft
2006-12-17 08:29 -------- d-------- C:\Program Files\yahoo!
2006-12-17 08:28 -------- d-------- C:\Program Files\mcafee.com
2006-12-16 13:12 -------- d-------- C:\Program Files\america online 9.0
2006-12-12 11:45 -------- d-------- C:\Program Files\Common Files\aol
2006-12-09 15:37 -------- d---s---- C:\Documents and Settings\Diane\Application Data\microsoft
2006-12-05 16:10 -------- d-------- C:\Documents and Settings\Diane\Application Data\myspace
2006-11-30 19:12 19496 --a------ C:\Documents and Settings\Diane\Application Data\gdipfontcachev1.dat
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-13 21:32 -------- d--h----- C:\Program Files\installshield installation information
2006-11-12 14:22 -------- d-------- C:\Program Files\the learning company
2006-11-12 08:59 26 --a------ C:\WINDOWS\winstart.bat
2006-11-12 08:59 168 --a------ C:\WINDOWS\tmpcpyis.bat
2006-11-12 08:59 122 --a------ C:\WINDOWS\tmpdelis.bat
2006-11-12 08:59 -------- d-------- C:\Program Files\Common Files\adobe
2006-11-08 00:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 17:56 -------- d-------- C:\Documents and Settings\Diane\Application Data\hulabee
2006-11-07 17:11 -------- d-------- C:\Program Files\disney
2006-11-04 20:12 -------- d-------- C:\Program Files\oberon media
2006-11-04 19:55 -------- d-------- C:\Program Files\apple software update
2006-11-01 07:40 -------- d-------- C:\Program Files\aol games
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --------- C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --------- C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --------- C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --------- C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --------- C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --------- C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --------- C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --------- C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --------- C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --------- C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --------- C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --------- C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --------- C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --------- C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --------- C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --------- C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --------- C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --------- C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --------- C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --------- C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 65536 --------- C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --------- C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --------- C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"eFax 4.1"="\"C:\\Program Files\\eFax Messenger 4.1\\J2GDllCmd.exe\" /R"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\SSCRun.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"yiauftbA"="C:\\WINDOWS\\yiauftbA.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ynxwj"="C:\\WINDOWS\\system32\\damein.exe reg_run"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN

Completion time: 07-01-01 13:50:36.74
==========================================================

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:42:41 PM 1/1/2007

+ Scan result:



C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082391.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP496\A0086761.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP477\A0082744.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP478\A0082833.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP479\A0082955.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP478\A0082832.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082350.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP477\A0082736.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP496\A0086757.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082365.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082366.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082367.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP485\A0084346.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-706699826-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP480\A0083028.exe -> Adware.Nexus : Cleaned with backup (quarantined).
C:\Program Files\PadsysAssistant\PadsysLibrary.sys -> Adware.PudsyAssistent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP498\A0086895.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082418.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP498\A0086896.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082406.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082407.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082409.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082410.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082411.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP412\A0069418.exe -> Backdoor.Rbot.bbd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP412\A0069519.exe -> Backdoor.Rbot.bbd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP436\A0072662.exe -> Backdoor.Rbot.bbd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP440\A0073206.exe -> Backdoor.Rbot.bbd : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uhyfp.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP478\A0082905.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\damein.exe -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iwbhu.dat -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jhmeawh.dll -> Downloader.Qoologic.bp : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP496\A0086760.dll -> Trojan.Agent.yd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082380.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP496\A0086756.exe -> Trojan.Imiserv.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP475\A0082362.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP477\A0082737.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wtstr.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

==========================================================
Panda Scan

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp ==========================================================

Combofix.txt

"Diane" - 07-01-01 16:02:14.42 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\Diane\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\ICROSO~1\?icrosoft
C:\qoobox\purity\WINDOWS\ASKS~1
C:\qoobox\purity\WINDOWS\ASKS~1\r?gsvr32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))


2007-01-01 15:48 <DIR> d-------- C:\bintheredunthat
2007-01-01 13:51 24 --a------ C:\WINDOWS\busla.dll
2007-01-01 13:35 <DIR> d-------- C:\BFU
2007-01-01 13:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-01 13:29 <DIR> d-------- C:\Program Files\Grisoft
2006-12-31 16:21 <DIR> d-------- C:\Program Files\Cartoon Network
2006-12-30 12:45 <DIR> d-------- C:\Program Files\Viewpoint
2006-12-30 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-12-30 02:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-30 01:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-29 23:49 <DIR> d-------- C:\DOCUME~1\Diane\.housecall6.6
2006-12-29 23:30 <DIR> d-------- C:\New Folder (2)
2006-12-29 13:21 <DIR> d-------- C:\HJT
2006-12-24 19:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-23 21:39 801,920 -r-hs---- C:\WINDOWS\yiauftbA.exe
2006-12-20 08:25 <DIR> d-------- C:\WINDOWS\CAVTemp
2006-12-17 09:07 <DIR> d-------- C:\DOCUME~1\Diane\APPLIC~1\Lavasoft
2006-12-16 23:45 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-16 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2006-12-16 23:44 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2006-12-16 23:44 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2006-12-16 23:44 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2006-12-16 23:44 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-12-16 23:44 243,824 --a------ C:\WINDOWS\unicows.dll
2006-12-16 23:44 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2006-12-16 23:44 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2006-12-16 23:44 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2006-12-16 23:44 115,824 --a------ C:\WINDOWS\UnVet32.exe
2006-12-16 23:44 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2006-12-16 23:44 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-12-16 23:43 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2006-12-16 23:43 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll
2006-12-16 23:42 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-12-16 23:42 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-12-16 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-16 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-16 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-10 19:33 <DIR> dr------- C:\Program Files\PadsysAssistant
2006-12-10 19:33 <DIR> d--hs---- C:\WINDOWS\RGlhbmUgVHVnZW5kZXI
2006-12-10 19:32 <DIR> d-------- C:\WINDOWS\ukow
2006-12-10 19:32 <DIR> d-------- C:\Program Files\Common Files\ukow
2006-12-10 19:31 309,088 --a------ C:\WINDOWS\adsponsor.exe
2006-12-10 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
2006-12-05 16:10 <DIR> d-------- C:\Program Files\MySpace
2006-12-05 16:10 <DIR> d-------- C:\DOCUME~1\Diane\APPLIC~1\MySpace
2006-12-02 20:17 <DIR> d-------- C:\Program Files\IrfanView


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-30 02:14 -------- d-------- C:\Program Files\efax messenger 4.1
2006-12-30 02:14 -------- d-------- C:\Program Files\Common Files\scanner
2006-12-30 02:13 -------- d-------- C:\Program Files\Common Files\aolshare
2006-12-29 23:32 -------- d-------- C:\Program Files\google
2006-12-24 20:01 -------- d-------- C:\Program Files\windows media connect 2
2006-12-21 17:17 -------- d-------- C:\DOCUME~1\Diane\Application Data\google
2006-12-19 13:14 -------- d-------- C:\Program Files\java
2006-12-17 09:07 -------- d-------- C:\DOCUME~1\Diane\Application Data\lavasoft
2006-12-17 08:29 -------- d-------- C:\Program Files\yahoo!
2006-12-17 08:28 -------- d-------- C:\Program Files\mcafee.com
2006-12-16 13:12 -------- d-------- C:\Program Files\america online 9.0
2006-12-12 11:45 -------- d-------- C:\Program Files\Common Files\aol
2006-12-09 15:37 -------- d---s---- C:\DOCUME~1\Diane\Application Data\microsoft
2006-12-05 16:10 -------- d-------- C:\DOCUME~1\Diane\Application Data\myspace
2006-11-30 19:12 19496 --a------ C:\DOCUME~1\Diane\Application Data\gdipfontcachev1.dat
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-13 21:32 -------- d--h----- C:\Program Files\installshield installation information
2006-11-12 14:22 -------- d-------- C:\Program Files\the learning company
2006-11-12 08:59 26 --a------ C:\WINDOWS\winstart.bat
2006-11-12 08:59 168 --a------ C:\WINDOWS\tmpcpyis.bat
2006-11-12 08:59 122 --a------ C:\WINDOWS\tmpdelis.bat
2006-11-12 08:59 -------- d-------- C:\Program Files\Common Files\adobe
2006-11-08 00:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 17:56 -------- d-------- C:\DOCUME~1\Diane\Application Data\hulabee
2006-11-07 17:11 -------- d-------- C:\Program Files\disney
2006-11-04 20:12 -------- d-------- C:\Program Files\oberon media
2006-11-04 19:55 -------- d-------- C:\Program Files\apple software update
2006-11-01 07:40 -------- d-------- C:\Program Files\aol games
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --------- C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --------- C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --------- C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --------- C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --------- C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --------- C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --------- C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --------- C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --------- C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --------- C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --------- C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --------- C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --------- C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --------- C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --------- C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --------- C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --------- C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --------- C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --------- C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --------- C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 65536 --------- C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --------- C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --------- C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"eFax 4.1"="\"C:\\Program Files\\eFax Messenger 4.1\\J2GDllCmd.exe\" /R"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\SSCRun.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ynxwj"="C:\\WINDOWS\\system32\\damein.exe reg_run"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Completion time: 07-01-01 16:08:34.34
C:\ComboFix2.txt ... 07-01-01 13:50
==========================================================

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 5:19:12 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1122147419\ee\aolsoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1122147419\ee\aolsoftware.exe
c:\program files\common files\aol\1122147419\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1122147419\ee\aolsoftware.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1122147419\ee\SSCRun.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.8.4.51/aces/aces-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.5.21/euchre/euchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.5.21/firstclass2/firstclass2-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.7.5.21/jigsaw/jigsaw-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.8.4.51/freecell/freecell-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122155299184
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122597138468
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - http://sametime.nutechs.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.23.9/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

==========================================================
 

·
Registered
Joined
·
2,096 Posts
Hello yerbmeld, good job! :smile:

System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Fix

Clear IE6 cookies

1. On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. This will delete all the files that are currently stored in your cache [that includes cookies too].

3. Click OK, and then click OK again.

You can check this link for more information.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Manager

Click Start>Run and copy/paste regsvr32 /u occache.dll into the Run box and click OK.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\RGlhbmUgVHVnZW5kZXI
C:\Program Files\PadsysAssistant
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINDOWS\adsponsor.exe
C:\WINDOWS\yiauftbA.exe
C:\WINDOWS\busla.dll
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf


Now click Start>Run and copy/paste regsvr32 occache.dll into the Run box and click OK.
______________________________________________________________

Registry Fix

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ynxwj"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=-
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:

Double click on fix.reg & allow it to merge into the registry.

Reboot your system in Normal Mode.
_________________________________________________________________

Online Scan

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives[*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
______________________________________________________________

Combofix

Please run Combofix again. Double click on the file combofix.exe saved on your desktop and follow the prompts and post the content of the log it produces with your next reply.
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

So with your next post please provide Kaspersky Online Scan Report, Combofix.txt and also let me know whether you faced any difficulty in deleting any of the files and folders listed above.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #6 ·
Kaspersky Online Scan Report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 06, 2007 7:08:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/01/2007
Kaspersky Anti-Virus database records: 256486
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 49809
Number of viruses found: 2
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:10:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_e9ce6f27-29ac-40f7-81f8-ba098a30efdf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Diane\.housecall6.6\Quarantine\c.bac_a03060 Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\Documents and Settings\Diane\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Diane\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Diane\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Diane\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Diane\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diane\Local Settings\History\History.IE5\MSHist012007010620070107\index.dat Object is locked skipped
C:\Documents and Settings\Diane\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Diane\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Diane\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP503\A0088416.exe/data0010 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP503\A0088416.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5F3574F1-CEE5-427B-A196-D9414FCD08A9}\RP503\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
=================================================

Combofix.txt
"Diane" - 07-01-06 19:10:27.20 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\Diane\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\ICROSO~1\?icrosoft
C:\qoobox\purity\WINDOWS\ASKS~1
C:\qoobox\purity\WINDOWS\ASKS~1\r?gsvr32.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))


2007-01-06 15:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-06 15:52 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-01 17:45 <DIR> d-------- C:\DOCUME~1\Diane\APPLIC~1\ieSpell
2007-01-01 17:44 <DIR> d-------- C:\Program Files\ieSpell
2007-01-01 15:48 <DIR> d-------- C:\bintheredunthat
2007-01-01 13:35 <DIR> d-------- C:\BFU
2007-01-01 13:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-01 13:29 <DIR> d-------- C:\Program Files\Grisoft
2006-12-31 16:21 <DIR> d-------- C:\Program Files\Cartoon Network
2006-12-30 02:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-30 01:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-29 23:49 <DIR> d-------- C:\DOCUME~1\Diane\.housecall6.6
2006-12-29 23:30 <DIR> d-------- C:\New Folder (2)
2006-12-29 13:21 <DIR> d-------- C:\HJT
2006-12-24 19:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-20 08:25 <DIR> d-------- C:\WINDOWS\CAVTemp
2006-12-17 09:07 <DIR> d-------- C:\DOCUME~1\Diane\APPLIC~1\Lavasoft
2006-12-16 23:45 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-12-16 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2006-12-16 23:44 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2006-12-16 23:44 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2006-12-16 23:44 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2006-12-16 23:44 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2006-12-16 23:44 243,824 --a------ C:\WINDOWS\unicows.dll
2006-12-16 23:44 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2006-12-16 23:44 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2006-12-16 23:44 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2006-12-16 23:44 115,824 --a------ C:\WINDOWS\UnVet32.exe
2006-12-16 23:44 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2006-12-16 23:44 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2006-12-16 23:43 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2006-12-16 23:43 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll
2006-12-16 23:42 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-12-16 23:42 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-12-16 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2006-12-16 23:32 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-16 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-10 19:33 <DIR> dr------- C:\Program Files\PadsysAssistant
2006-12-10 19:32 <DIR> d-------- C:\WINDOWS\ukow
2006-12-10 19:32 <DIR> d-------- C:\Program Files\Common Files\ukow
2006-12-10 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-01 17:45 -------- d-------- C:\DOCUME~1\Diane\Application Data\iespell
2007-01-01 16:41 -------- d-------- C:\Program Files\efax messenger 4.1
2007-01-01 16:41 -------- d-------- C:\Program Files\Common Files\scanner
2006-12-30 02:13 -------- d-------- C:\Program Files\Common Files\aolshare
2006-12-29 23:32 -------- d-------- C:\Program Files\google
2006-12-29 21:55 -------- d-------- C:\Program Files\irfanview
2006-12-24 20:01 -------- d-------- C:\Program Files\windows media connect 2
2006-12-21 17:17 -------- d-------- C:\DOCUME~1\Diane\Application Data\google
2006-12-19 13:14 -------- d-------- C:\Program Files\java
2006-12-17 09:07 -------- d-------- C:\DOCUME~1\Diane\Application Data\lavasoft
2006-12-17 08:29 -------- d-------- C:\Program Files\yahoo!
2006-12-17 08:28 -------- d-------- C:\Program Files\mcafee.com
2006-12-16 13:12 -------- d-------- C:\Program Files\america online 9.0
2006-12-13 23:07 -------- d-------- C:\Program Files\myspace
2006-12-12 11:45 -------- d-------- C:\Program Files\Common Files\aol
2006-12-09 15:37 -------- d---s---- C:\DOCUME~1\Diane\Application Data\microsoft
2006-12-05 16:10 -------- d-------- C:\DOCUME~1\Diane\Application Data\myspace
2006-11-30 19:12 19496 --a------ C:\DOCUME~1\Diane\Application Data\gdipfontcachev1.dat
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-13 21:32 -------- d--h----- C:\Program Files\installshield installation information
2006-11-12 14:22 -------- d-------- C:\Program Files\the learning company
2006-11-12 08:59 26 --a------ C:\WINDOWS\winstart.bat
2006-11-12 08:59 168 --a------ C:\WINDOWS\tmpcpyis.bat
2006-11-12 08:59 122 --a------ C:\WINDOWS\tmpdelis.bat
2006-11-12 08:59 -------- d-------- C:\Program Files\Common Files\adobe
2006-11-08 00:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 17:56 -------- d-------- C:\DOCUME~1\Diane\Application Data\hulabee
2006-11-07 17:11 -------- d-------- C:\Program Files\disney
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --------- C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --------- C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --------- C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --------- C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --------- C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --------- C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --------- C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --------- C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --------- C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --------- C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --------- C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --------- C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --------- C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --------- C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --------- C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --------- C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --------- C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --------- C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --------- C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --------- C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --------- C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --------- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --------- C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --------- C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --------- C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 65536 --------- C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --------- C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --------- C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"eFax 4.1"="\"C:\\Program Files\\eFax Messenger 4.1\\J2GDllCmd.exe\" /R"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\SSCRun.exe"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\AOLSoftware.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1122147419\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Completion time: 07-01-06 19:13:01.31
C:\ComboFix2.txt ... 07-01-01 16:08
C:\ComboFix3.txt ... 07-01-01 13:50
===============================================
 

·
Registered
Joined
·
2,096 Posts
Hello yerbmeld :smile:

Please get a Uninstall List using HijackThis using the following instructions:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

I have asked you to delete C:\Program Files\PadsysAssistant, but your last logs are showing the presence of this folder in your machine.
Please delete this folder using windows explorer in case you have missed it earlier. If you face any difficulty in deleting this folder [or you have faced earlier in deleting this folder], please let me know.

So with your next post please provide Uninstall List from HijackThis and confirm whether you could delete the above folder.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top