Options

troyan virus downloader.generic2.dbs

Unknown
edited May 2007 in Spyware & Virus Removal
Well I seen that there was a thread already about it but it said to make my own thread, I have 3 things in the same folder infected by this and AVG won't get rid of it. so heres my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:43:29 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {9F207A4A-B3D3-9272-ADFC-E63B837176C5} - C:\WINDOWS\system32\jspoj.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {EEAA968F-021B-22B3-6EED-528008495292} - C:\WINDOWS\system32\njp.dll
R3 - URLSearchHook: (no name) - {AB87A68D-2F2B-6187-43DD-65AD390F7FA1} - C:\WINDOWS\system32\njp.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9F207A4A-B3D3-9272-ADFC-E63B837176C5} - C:\WINDOWS\system32\jspoj.dll (file missing)
O2 - BHO: (no name) - {AB87A68D-2F2B-6187-43DD-65AD390F7FA1} - C:\WINDOWS\system32\njp.dll
O2 - BHO: (no name) - {EEAA968F-021B-22B3-6EED-528008495292} - C:\WINDOWS\system32\njp.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029AIUS_ZNxdm835BBUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chance\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Home
O17 - HKLM\Software\..\Telephony: DomainName = Home
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Home
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: scanregw.dll C:\WINDOWS\system32\csrss.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Comments

  • chrlmfld
    edited May 2007
    So should I just clikc Fix checked after checking all the ones you said?
  • TroganTrogan London, UK
    edited May 2007
    halo2_god, please check your PM's.

    Hi chrlmfld,

    I'm going through your log now and will post some instructions in a few minutes.
  • TroganTrogan London, UK
    edited May 2007
    Hi chrlmfld,

    Please do the following...

    1. Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html

    R3 - URLSearchHook: (no name) - {9F207A4A-B3D3-9272-ADFC-E63B837176C5} - C:\WINDOWS\system32\jspoj.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - {EEAA968F-021B-22B3-6EED-528008495292} - C:\WINDOWS\system32\njp.dll
    R3 - URLSearchHook: (no name) - {AB87A68D-2F2B-6187-43DD-65AD390F7FA1} - C:\WINDOWS\system32\njp.dll

    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9F207A4A-B3D3-9272-ADFC-E63B837176C5} - C:\WINDOWS\system32\jspoj.dll (file missing)
    O2 - BHO: (no name) - {AB87A68D-2F2B-6187-43DD-65AD390F7FA1} - C:\WINDOWS\system32\njp.dll
    O2 - BHO: (no name) - {EEAA968F-021B-22B3-6EED-528008495292} - C:\WINDOWS\system32\njp.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...S_ZNxdm835BBUS

    - Close ALL open windows (especially Internet Explorer!)
    - Click Fix Checked
    Close HiajckThis

    2. Download this file to your Desktop - combofix.exe
    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    3. I need to see another log from HijackThis.
    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.
    4. Please post the following...
    • ComboFix log
    • Uninstall list
    • New HijackThis log
  • chrlmfld
    edited May 2007
    Okay I clicked on the combofix.exe thing and it opened a folder named ComboFixT and another icon called Start.bat , do I just click on Start.bat and go through all that?
  • chrlmfld
    edited May 2007
    Okay I went through the start.bat thing but when I went to get click on my log it said ComboFix.txt.bat on it and after clicked it came up with a virus alert for a hidden .bat , it gave me like 20 seconds to make my mind up before it shielded it so I sent it too the vault. Anyways heres the Log from ComboFix (it came up after I vaulted it)

    "Chance" - 2007-05-19 21:52:52 Service Pack 2
    ComboFix 07-05.20.5.V - Running from: "C:\Documents and Settings\Chance\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\Chance\Desktop.\internet explorer.lnk
    C:\WINDOWS\system32\wnsapicc.exe
    C:\install.log
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\C\DOCUME~1
    C:\qoobox\purity\C\DOCUME~1\Chance
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\ASEMBL~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\PPATCH~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\PPPATC~2
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\SKS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YMANTE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\RACLE~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\!update-4345.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\!update-4365.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\ctxad-465.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\ASKS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\CROSOF~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\FNTS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\SSEMBL~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\STEM~1
    C:\qoobox\purity\C\Program Files\APPATC~1
    C:\qoobox\purity\C\Program Files\CROSOF~1
    C:\qoobox\purity\C\Program Files\MCROSO~1
    C:\qoobox\purity\C\Program Files\PPATCH~1
    C:\qoobox\purity\C\Program Files\PPPATC~2
    C:\qoobox\purity\C\Program Files\SMANTE~1
    C:\qoobox\purity\C\Program Files\STEM~1
    C:\qoobox\purity\C\Program Files\WNSXS~1
    C:\qoobox\purity\C\Program Files\YMANTE~1
    C:\qoobox\purity\C\Program Files\Common Files\RACLE~1
    C:\qoobox\purity\C\Program Files\Common Files\SEMBLY~1
    C:\qoobox\purity\C\Program Files\Common Files\SSTEM3~1
    C:\qoobox\purity\C\Program Files\Common Files\TSKS~1
    C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
    C:\qoobox\purity\C\Program Files\Common Files\YSTEM3~1
    C:\qoobox\purity\C\WINDOWS\CROSOF~1
    C:\qoobox\purity\C\WINDOWS\DOBE~2
    C:\qoobox\purity\C\WINDOWS\ECURIT~1
    C:\qoobox\purity\C\WINDOWS\FNTS~1
    C:\qoobox\purity\C\WINDOWS\RACLE~1
    C:\qoobox\purity\C\WINDOWS\SCURIT~1
    C:\qoobox\purity\C\WINDOWS\SMBOLS~1
    C:\qoobox\purity\C\WINDOWS\YMANTE~1
    C:\qoobox\purity\C\WINDOWS\system32\APPATC~1
    C:\qoobox\purity\C\WINDOWS\system32\CROSOF~1
    C:\qoobox\purity\C\WINDOWS\system32\ICROSO~1.NET
    C:\qoobox\purity\C\WINDOWS\system32\RACLE~1
    C:\qoobox\purity\C\WINDOWS\system32\SSEMBL~1
    C:\qoobox\purity\C\WINDOWS\system32\TSKS~1
    C:\qoobox\purity\C\WINDOWS\system32\YSTEM3~1
    C:\qoobox\purity\C\WINDOWS\system32\YSTEM~1



    And here is the Uninstall list

    ABBYY FineReader 5.0 Sprint
    Ad-Aware SE Personal
    Adobe Flash Player 9 ActiveX
    AOL Explorer
    AOL Instant Messenger
    AOL Toolbar 2.0
    AOL Uninstaller (Choose which Products to Remove)
    AVG 7.5
    Broadcom Driver Installer
    Conexant SmartHSFi V92 56K DF PCI Modem
    Dell AIO Printer A940
    Dell Picture Studio - Dell Image Expert
    Dell ResourceCD
    Easy CD Creator 5 Basic
    ExtractNow
    FaxTools
    Google Earth
    Google Video Player
    Heroes of Might and Magic II
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Intel(R) PRO Network Adapters and Drivers
    iPod for Windows 2005-02-22
    iScrobbler
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    LimeWire 4.12.6
    Macromedia Shockwave Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft FrontPage 2000
    Microsoft Office 2000 Standard
    My Wal-Mart Digital Photo Center
    MySpaceIM
    NVIDIA Display Driver
    NVIDIA Windows 2000/XP Display Drivers
    Paint Shop Pro 7
    Plaxo Toolbar for Outlook (with AIM Enhancements)
    PokerStars.net
    PowerDVD
    QuickTime
    SecondLife (remove only)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Sierra Utilities
    SoundMAX
    TI-83 Plus Flash Debugger
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    WebCam for MSN Messenger
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Connect
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WordPerfect Office 2002
    WordPerfect Office 2002
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Mail Quick Select Tool (PhotoMail)
    Yahoo! Messenger
    Yahoo! Photos Easy Upload Tool 1v7


    And heres my new HiJackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:07:46 PM, on 5/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\AOL\1125761740\ee\aolsoftware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chance\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
    O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Home
    O17 - HKLM\Software\..\Telephony: DomainName = Home
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Home
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: scanregw.dll C:\WINDOWS\system32\csrss.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • TroganTrogan London, UK
    edited May 2007
    chrlmfld,

    Please run ComboFix.exe again. This time, run the ComboFix.exe file (the red circle with the white X). Once the scan is completed, it should produce a log.

    Please post the ComboFix.exe log back here, along with a new HijackThis log.
  • chrlmfld
    edited May 2007
    ComboFix.exe Log:

    "Chance" - 2007-05-19 21:52:52 Service Pack 2
    ComboFix 07-05.20.5.V - Running from: "C:\Documents and Settings\Chance\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\Chance\Desktop.\internet explorer.lnk
    C:\WINDOWS\system32\wnsapicc.exe
    C:\install.log
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\C\DOCUME~1
    C:\qoobox\purity\C\DOCUME~1\Chance
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\ASEMBL~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\PPATCH~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\PPPATC~2
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\SKS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YMANTE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\RACLE~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\!update-4345.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\!update-4365.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\ctxad-465.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\ASKS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\CROSOF~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\FNTS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\SSEMBL~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\STEM~1
    C:\qoobox\purity\C\Program Files\APPATC~1
    C:\qoobox\purity\C\Program Files\CROSOF~1
    C:\qoobox\purity\C\Program Files\MCROSO~1
    C:\qoobox\purity\C\Program Files\PPATCH~1
    C:\qoobox\purity\C\Program Files\PPPATC~2
    C:\qoobox\purity\C\Program Files\SMANTE~1
    C:\qoobox\purity\C\Program Files\STEM~1
    C:\qoobox\purity\C\Program Files\WNSXS~1
    C:\qoobox\purity\C\Program Files\YMANTE~1
    C:\qoobox\purity\C\Program Files\Common Files\RACLE~1
    C:\qoobox\purity\C\Program Files\Common Files\SEMBLY~1
    C:\qoobox\purity\C\Program Files\Common Files\SSTEM3~1
    C:\qoobox\purity\C\Program Files\Common Files\TSKS~1
    C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
    C:\qoobox\purity\C\Program Files\Common Files\YSTEM3~1
    C:\qoobox\purity\C\WINDOWS\CROSOF~1
    C:\qoobox\purity\C\WINDOWS\DOBE~2

    HiJackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:27:47 PM, on 5/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chance\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
    O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Home
    O17 - HKLM\Software\..\Telephony: DomainName = Home
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Home
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: scanregw.dll C:\WINDOWS\system32\csrss.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • chrlmfld
    edited May 2007
    Heres the full ComboFix.txt Log:

    "Chance" - 2007-05-20 18:59:23 Service Pack 2
    ComboFix 07-05.21.5.V - Running from: "C:\Documents and Settings\Chance\Desktop\"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\C\DOCUME~1
    C:\qoobox\purity\C\DOCUME~1\Chance
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\ASEMBL~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\PPATCH~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\PPPATC~2
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\SKS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YMANTE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\RACLE~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1
    C:\qoobox\purity\C\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\YSTEM3~1\ctxad-465.0000
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\ASKS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\CROSOF~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\FNTS~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\RACLE~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\SSEMBL~1
    C:\qoobox\purity\C\DOCUME~1\Chance\MYDOCU~1\STEM~1
    C:\qoobox\purity\C\Program Files\APPATC~1
    C:\qoobox\purity\C\Program Files\CROSOF~1
    C:\qoobox\purity\C\Program Files\MCROSO~1
    C:\qoobox\purity\C\Program Files\PPATCH~1
    C:\qoobox\purity\C\Program Files\PPPATC~2
    C:\qoobox\purity\C\Program Files\SMANTE~1
    C:\qoobox\purity\C\Program Files\STEM~1
    C:\qoobox\purity\C\Program Files\WNSXS~1
    C:\qoobox\purity\C\Program Files\YMANTE~1
    C:\qoobox\purity\C\Program Files\Common Files\RACLE~1
    C:\qoobox\purity\C\Program Files\Common Files\SEMBLY~1
    C:\qoobox\purity\C\Program Files\Common Files\SSTEM3~1
    C:\qoobox\purity\C\Program Files\Common Files\TSKS~1
    C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
    C:\qoobox\purity\C\Program Files\Common Files\YSTEM3~1
    C:\qoobox\purity\C\WINDOWS\CROSOF~1
    C:\qoobox\purity\C\WINDOWS\DOBE~2
    C:\qoobox\purity\C\WINDOWS\ECURIT~1
    C:\qoobox\purity\C\WINDOWS\FNTS~1
    C:\qoobox\purity\C\WINDOWS\RACLE~1
    C:\qoobox\purity\C\WINDOWS\SCURIT~1
    C:\qoobox\purity\C\WINDOWS\SMBOLS~1
    C:\qoobox\purity\C\WINDOWS\YMANTE~1
    C:\qoobox\purity\C\WINDOWS\system32\APPATC~1
    C:\qoobox\purity\C\WINDOWS\system32\CROSOF~1
    C:\qoobox\purity\C\WINDOWS\system32\ICROSO~1.NET
    C:\qoobox\purity\C\WINDOWS\system32\RACLE~1
    C:\qoobox\purity\C\WINDOWS\system32\SSEMBL~1
    C:\qoobox\purity\C\WINDOWS\system32\TSKS~1
    C:\qoobox\purity\C\WINDOWS\system32\YSTEM3~1
    C:\qoobox\purity\C\WINDOWS\system32\YSTEM~1

    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))

    2007-05-19 21:59 49,152 --a
    C:\WINDOWS\nircmd.exe
    2007-05-12 10:33 816,736 --a
    C:\Norton_Removal_Tool.exe
    2007-05-11 22:46 188,406 --a
    C:\updatecdr4_53_71.exe
    2007-05-11 22:44 21,407,888 --a
    C:\avg75free_467a1008.exe
    2007-04-29 14:20 <DIR> d
    C:\DOCUME~1\Cheryl\APPLIC~1\SecondLife
    2007-04-29 14:18 <DIR> d
    C:\Program Files\SecondLife
    2007-04-29 14:17 32,332,148 --a
    C:\Second Life 1-15-0-2 Setup.exe

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-05-12 15:34:52
    d
    w C:\Program Files\Common Files\Symantec Shared
    2007-05-12 15:12:57
    d
    w C:\Program Files\Symantec
    2007-05-12 15:02:20
    d
    w C:\DOCUME~1\Chance\APPLIC~1\Symantec
    2007-05-12 03:46:28 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-04-17 21:18:27
    d
    w C:\DOCUME~1\Chance\APPLIC~1\Yahoo!
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-10 20:38:54
    d
    w C:\Program Files\PokerStars.NET
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-13 22:25:10 67,480 ----a-w C:\MySpaceIM_Setup.exe
    2007-02-05 22:12:44 9,225,216 ----a-w C:\MSSetup.exe
    2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}=C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 13:41]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-24 19:24]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-11 22:48]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Aida"="C:\DOCUME~1\Chance\APPLIC~1\YSTEM3~1\chkdsk.exe" -vt ndrv
    "<NO NAME>"=C:\WINDOWS\system32\SSEMBL~1\DDPLAY~1.EXE
    "Psbp"=C:\Program Files\?ppPatch\?hkdsk.exe
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"= scanregw.dll C:\WINDOWS\system32\csrss.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
    "C:\DOCUME~1\Chance\APPLIC~1\RACLE~1\dexplore.exe" -vt ndrv
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ayv]
    C:\WINDOWS\system32\SSEMBL~1\DDPLAY~1.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
    "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1125761740\ee\AOLSoftware.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
    C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kuifdzcj]
    C:\Program Files\?ppPatch\??xplore.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mjci]
    C:\WINDOWS\system32\l?gonui.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
    C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Steam\Steam.exe -silent
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    *Newly Created Service* -PROCEXP90
    ********************************************************************
    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-20 19:15:07
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    ********************************************************************
    Completion time: 2007-05-20 19:21:39
    C:\ComboFix-quarantined-files.txt ... 2007-05-20 19:21
    C:\ComboFix2.txt ... 2007-05-19 21:59
    --- E O F ---
  • TroganTrogan London, UK
    edited May 2007
    Hi chrlmfld! Thanks for the complete log.

    Please do the following...

    1. Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O20 - AppInit_DLLs: scanregw.dll C:\WINDOWS\system32\csrss.dll

    - Close ALL open windows (especially Internet Explorer!)
    - Click Fix Checked
    Close HiajckThis

    2. Run HijackThis again and click on Open the Misc Tools section.
    Click on Delete a file on reboot...
    Copy and paste the following into the "File name:" text box and then click Open:

    C:\WINDOWS\system32\csrss.dll

    When you are asked "Do you want to restart your computer now?", click OK.

    Your PC MUST reboot to delete the file!

    3. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
    This program is for XP and Windows 2000 only!

    Double-click ATF Cleaner.exe to open it.

    Under Main select the following:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    4. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes
    . Reboot back into Normal Mode, and post a new HJT log, along with the AVG anti-spyware log.
  • chrlmfld
    edited May 2007
    I messed up and didn't get quarentine everything the first time I ran it so I ran it too times, I'm sorry, but I have both Scan Reports:

    The first one:
    AVG Anti-Spyware - Scan Report
    + Created at: 7:37:03 PM 5/21/2007
    + Scan result:

    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Ignored.
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr20B5 -> Adware.PurityScan : Ignored.
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr3FAA -> Adware.PurityScan : Ignored.
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr6FBF -> Adware.PurityScan : Ignored.
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.frAE73 -> Adware.PurityScan : Ignored.
    C:\Program Files\Hijackthis\backups\backup-20070519-213650-392.dll -> Adware.PurityScan : Ignored.
    C:\Program Files\Hijackthis\backups\backup-20070519-213650-821.dll -> Adware.PurityScan : Ignored.
    C:\Program Files\ΑppPatch\сhkdsk.exe -> Adware.PurityScan : Ignored.
    C:\System Volume Information\_restore{E998F6F5-7E5C-491C-B906-E8185E0DBFB2}\RP841\A0099083.dll -> Adware.PurityScan : Ignored.
    C:\System Volume Information\_restore{E998F6F5-7E5C-491C-B906-E8185E0DBFB2}\RP841\A0099133.exe -> Downloader.PurityScan.cz : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{E998F6F5-7E5C-491C-B906-E8185E0DBFB2}\RP768\A0087316.exe -> Dropper.Mudrop.o : Cleaned with backup (quarantined).
    C:\Documents and Settings\Chance\Cookies\chance@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Chance\Cookies\chance@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Chance\Cookies\chance@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Chance\Cookies\chance@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Chance\Cookies\chance@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Chance\Cookies\chance@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Chance\Cookies\chance@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr5101 -> Trojan.Small : Cleaned with backup (quarantined).
    C:\QooBox\Quarantine\C\WINDOWS\system32\wnsapicc.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{E998F6F5-7E5C-491C-B906-E8185E0DBFB2}\RP841\A0099130.exe -> Trojan.Small : Cleaned with backup (quarantined).

    ::Report end


    Second one:
    AVG Anti-Spyware - Scan Report
    + Created at: 9:06:10 PM 5/21/2007
    + Scan result:

    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr20B5 -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr3FAA -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.fr6FBF -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Documents and Settings\Cheryl\Local Settings\Temp\temp.frAE73 -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\Hijackthis\backups\backup-20070519-213650-392.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\Hijackthis\backups\backup-20070519-213650-821.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\Program Files\ΑppPatch\сhkdsk.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{E998F6F5-7E5C-491C-B906-E8185E0DBFB2}\RP841\A0099083.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

    ::Report end


    Heres the HiJackThis one:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:28 PM, on 5/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\AOL\1125761740\ee\aolsoftware.exe
    c:\program files\common files\aol\1125761740\ee\aim6.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chance\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
    O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
    O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://yumemisaki-camera.aa0.netvolante.jp:8080/kxhcm10.ocx
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Home
    O17 - HKLM\Software\..\Telephony: DomainName = Home
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Home
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • TroganTrogan London, UK
    edited May 2007
    Hi chrlmfld,

    Please do the following...

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u1.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement."
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
      • J2SE Runtime Environment 5.0 Update 4
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

    -Your HijackThis log is clean. Are the anymore problems?
    -Do you have an active Firewall?
Sign In or Register to comment.