help please.. pop up problem

aznshorty89

I've been getting a lot of pop ups and whatnot. plus, there is this blue sidebar on my desktop and i have no idea how to get rid of it. here is my kaspersky scan and hijackthis log. i couldnt get the panda scan because it would never finish. any help would be appreciated thanks

kaspersky

---

KASPERSKY ONLINE SCANNER REPORT
Sunday, September 30, 2007 10:15:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 1/10/2007
Kaspersky Anti-Virus database records: 425755

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 82467
Number of viruses found: 58
Number of infected objects: 120
Number of suspicious objects: 9
Duration of the scan process: 02:05:27

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM\bdesecureinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
C:\WINDOWS\SYSTEM\bde3d_refp4.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.g skipped
C:\WINDOWS\BDE\Cache\bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\WINDOWS\BDE\b3dsetup.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100 skipped
C:\WINDOWS\BDE\bdeclean.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.30170 skipped
C:\WINDOWS\BDE\bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
C:\_RESTORE\ARCHIVE\FS367.CAB/A0065507.CPY Suspicious: not-a-virus:Porn-Dialer.Win32.DialerComp skipped
C:\_RESTORE\ARCHIVE\FS367.CAB/A0065508.CPY Suspicious: not-a-virus:Porn-Dialer.Win32.DialerComp skipped
C:\_RESTORE\ARCHIVE\FS367.CAB CAB: suspicious - 2 skipped
C:\_RESTORE\ARCHIVE\FS257.CAB/A0047010.CPY Suspicious: not-a-virus:Porn-Dialer.Win32.DialerComp skipped
C:\_RESTORE\ARCHIVE\FS257.CAB CAB: suspicious - 1 skipped
C:\_RESTORE\ARCHIVE\FS264.CAB/A0047396.CPY Infected: Trojan-Downloader.Win32.Dyfuca.bn skipped
C:\_RESTORE\ARCHIVE\FS264.CAB CAB: infected - 1 skipped
C:\_RESTORE\ARCHIVE\FS650.CAB/W0115116.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\_RESTORE\ARCHIVE\FS650.CAB CAB: infected - 1 skipped
C:\_RESTORE\ARCHIVE\FS637.CAB/A0097074.CPY/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.CommonName.p skipped
C:\_RESTORE\ARCHIVE\FS637.CAB/A0097074.CPY/WISE0037.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\_RESTORE\ARCHIVE\FS637.CAB/A0097074.CPY/WISE0038.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak skipped
C:\_RESTORE\ARCHIVE\FS637.CAB/A0097074.CPY/WISE0038.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
C:\_RESTORE\ARCHIVE\FS637.CAB/A0097074.CPY/WISE0038.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
C:\_RESTORE\ARCHIVE\FS637.CAB/A0097074.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
C:\_RESTORE\ARCHIVE\FS637.CAB CAB: infected - 6 skipped
C:\_RESTORE\ARCHIVE\FS917.CAB/A0170063.CPY Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\_RESTORE\ARCHIVE\FS917.CAB CAB: infected - 1 skipped
C:\Program Files\Common Files\Totem Shared\Update\dial.dll.017 Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
C:\Program Files\WinAble\winable.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\Program Files\Insider\Insider.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\Program Files\Insider\UnInstall.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\Program Files\Outerinfo\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Program Files\Outerinfo\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\Outerinfo\OiUninstaller.exe NSIS: infected - 2 skipped
C:\3DE.tmp Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\WINXP\system32\config\system.LOG Object is locked skipped
C:\WINXP\system32\config\software.LOG Object is locked skipped
C:\WINXP\system32\config\default.LOG Object is locked skipped
C:\WINXP\system32\config\SAM.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY.LOG Object is locked skipped
C:\WINXP\system32\config\AppEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SecEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SysEvent.Evt Object is locked skipped
C:\WINXP\system32\config\DEFAULT Object is locked skipped
C:\WINXP\system32\config\SECURITY Object is locked skipped
C:\WINXP\system32\config\SOFTWARE Object is locked skipped
C:\WINXP\system32\config\SYSTEM Object is locked skipped
C:\WINXP\system32\config\SAM Object is locked skipped
C:\WINXP\system32\drivers\core.sys Object is locked skipped
C:\WINXP\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINXP\system32\ciwuoe.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\WINXP\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINXP\system32\CatRoot2\edb.log Object is locked skipped
C:\WINXP\system32\h323log.txt Object is locked skipped
C:\WINXP\Debug\PASSWD.LOG Object is locked skipped
C:\WINXP\wiadebug.log Object is locked skipped
C:\WINXP\Sti_Trace.log Object is locked skipped
C:\WINXP\wiaservc.log Object is locked skipped
C:\WINXP\SchedLgU.Txt Object is locked skipped
C:\WINXP\WindowsUpdate.log Object is locked skipped
C:\WINXP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINXP\SoftwareDistribution\EventCache\{75FB1D11-BD47-4866-8DA6-47A39F2BF269}.bin Object is locked skipped
C:\WINXP\b122.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\WINXP\b103.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\WINXP\b103.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINXP\b103.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINXP\b103.exe NSIS: infected - 3 skipped
C:\WINXP\b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINXP\b136.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINXP\b136.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINXP\b136.exe NSIS: infected - 3 skipped
C:\WINXP\b147.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\organize\CACHE\yalli22 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\organize\yallier Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\organize\yallier.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\organize\yallier.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\idb\YALLIER\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\idb\YALLIER\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\idb\YALLIER\style.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\idb\APP10575.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\ShopAssist\DataStore\users\YALLIER.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\Cc_America Online 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip/Toolbar/unins.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Temp\Perflib_Perfdata_a04.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\History\History.IE5\MSHist012007093020071001\index.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Temporary Internet Files\Content.IE5\2T2L8OJ4\index[1].html Infected: Trojan-Downloader.JS.IESlice.c skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Temporary Internet Files\Content.IE5\K9UJSTEV\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Temporary Internet Files\Content.IE5\K9UJSTEV\a8f5a020e4b833865a1034489887c8b9[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\AOL\Cc_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\AOL\Cc_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\AOL\Cc_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\AOL\Cc_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\AOL\Cc_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\GTek\GTUpdate\AUpdate\AOLCC\ACCAgnt.log Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\GTek\GTUpdate\AUpdate\AOLCC\AUAolOn.log Object is locked skipped
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WTUninstaller.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\MELISSA RIVERA\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP447\A0290054.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP447\A0290056.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP455\A0294352.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP455\A0294393.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP448\A0290224.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP449\A0290336.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP452\A0290680.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP452\A0290708.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292763.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292795.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292798.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292874.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0294064.exe Infected: Trojan-Downloader.Win32.Agent.djj skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294156.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294157.EXE Infected: Trojan-Downloader.Win32.Adload.lj skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294158.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294186.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294273.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294429.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294430.DLL Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294431.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294432.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294433.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294434.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294435.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294437.exe Infected: not-a-virus:AdWare.Win32.Agent.dn skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294438.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294442.DLL Infected: not-a-virus:AdWare.Win32.IGetNet.g skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294443.DLL Infected: not-a-virus:AdWare.Win32.IGetNet.d skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294444.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294445.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294446.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294447.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294448.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294449.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294449.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294449.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294449.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294449.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294453.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294457.EXE/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294457.EXE/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294457.EXE/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294457.EXE NSIS: infected - 3 skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294485.DLL Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294546.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP457\A0294593.dll Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP457\A0294742.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0295818.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0295878.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.fs skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0295891.EXE Infected: Trojan-Downloader.Win32.Agent.dlx skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0296110.exe Infected: not-a-virus:Downloader.Win32.Acceler skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0296134.exe Infected: Trojan-Downloader.Win32.Agent.dow skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP459\change.log Object is locked skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP431\A0285805.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP431\A0285807.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP432\A0285929.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP432\A0286093.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP432\A0286094.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP432\A0286246.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP432\A0286247.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP434\A0286683.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP434\A0286684.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP443\A0289424.EXE Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP443\A0289425.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP443\A0289482.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP445\A0289857.DLL Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP445\A0289858.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP450\A0290466.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fz skipped
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP442\A0288374.exe Infected: Trojan-Downloader.Win32.Wren.j skipped
C:\temp\twisterfree.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.bc skipped
C:\temp\twisterfree.exe/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
C:\temp\twisterfree.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.IGetNet skipped
C:\temp\twisterfree.exe/WISE0024.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\temp\twisterfree.exe/WISE0024.BIN/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\temp\twisterfree.exe/WISE0024.BIN/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\temp\twisterfree.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
C:\temp\twisterfree.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\temp\twisterfree.exe WiseSFX: infected - 8 skipped

Scan process completed.

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:21 AM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\brss01a.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\wdfmgr.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\system32\fxssvc.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\wscntfy.exe
C:\WINXP\System32\alg.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINXP\system32\CURITY~1\logonui.exe
C:\WINXP\?icrosoft.NET\??xplore.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINXP\system32\devldr32.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINXP\System32\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINXP\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINXP\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {36D52868-9DD1-E751-A03D-9D2B5AE28C99} - C:\WINXP\system32\zsekh.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Eaah] "C:\WINXP\system32\CURITY~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Alr] C:\WINXP\?icrosoft.NET\??xplore.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINXP\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://img.photobucket.com/albums/v309/nesarocc23/sigachurchservicefinal.jpg

--
End of file - 11073 bytes

Veka

Hi, aznshorty89. I'm sorry for delay.

Please post a fresh Hijackthis log.

icrpaul

It's so ... so ... so ....

aznshorty89

sorry for the delay... my computer couldn't get on the internet for some reason. here is my new HJT log though:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:07 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\brss01a.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINXP\system32\CURITY~1\logonui.exe
C:\WINXP\?icrosoft.NET\??xplore.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINXP\system32\devldr32.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINXP\system32\wscntfy.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\System32\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINXP\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CAB83B26-D0C6-F811-BB5C-8B8A30852C97} - C:\WINXP\system32\dukfwae.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Eaah] "C:\WINXP\system32\CURITY~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Alr] C:\WINXP\?icrosoft.NET\??xplore.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINXP\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://img.photobucket.com/albums/v309/nesarocc23/sigachurchservicefinal.jpg

--
End of file - 10708 bytes

Veka

Please do followings...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Close teatimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
This is a two step process:

Step 1

Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident

Step 2

Open Spybot S&D
Click Mode, check Advanced Mode
In the Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
UNcheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.


If you don't do it this way, the registry settings remain when you exit.
In addition TeaTimer may put itself back

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 1

Open Control Panel, and go to Add or Remove Programs.

Find and remove ( if present ) :

WinAble
Outerinfo
Insider

Step 2

Download to your desktop

ATF Cleaner
Combofix

Step 3

Run ATF Cleaner

Note: this program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• lick Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 4

Run Combofix

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you.
• Save the log to your desktop.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Step 5

• Go "Start" > "Search" > "All Files and Folders".
• Enter connwsp1.dll in "All or part of file name".
• Select "More advanced options".
• Check-mark "Search system folders," "Search hidden files and folders," and "Search subfolders".
• Click "Search".

When search is done, please send the file to virustotal

• Go to www.virustotal.com.
• Upload connwsp1.dll file
• Write the file path in to the file box
• Submit the file and copy and paste the results back into this thread.

Step 6

Get uninstall list

• Start HijackThis
• Click "Open the Misc Tools section" button.
• Click "Open Uninstall Manager".
• Click "Save list"
• Save it to your Desktop.
• Copy the contents of the file to your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post Combofix log, fresh HijackThis log and Uninstall List.

aznshorty89

Thanks for the reply. Here's the new HJT log and uninstall list. I couldn't get the combofix because it wouldn't ever finish scanning. Thanks again for the reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24, on 2007-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\brss01a.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\system32\fxssvc.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
C:\WINXP\system32\ctfmon.exe
C:\WINXP\system32\wscntfy.exe
C:\Program Files\WinAble\winable.exe
C:\WINXP\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINXP\System32\MDM.EXE
C:\WINXP\system32\cmd.exe
C:\WINXP\system32\cscript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINXP\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll

and here is the uninstall list


215 Best PDA Programs
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Airlink101 MIMO XR PCI Adapter
AOL Computer Check-Up
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
CCHelp
CCScore
CR2
Creative Broadband Blaster DSL Ethernet/USB 8012U
eMusic Download Manager
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSvpaht
ESSvpot
Far West
FISHERMANS PARADISE V902 Screen Saver
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Indeo® software
iTunes
J2SE Runtime Environment 5.0 Update 3
JumpStart Music v1.0
Kaspersky Online Scanner
Kodak EasyShare software
KODAK Picture Software
KSU
LimeWire 4.12.11
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player
McAfee SecurityCenter
McAfee VirusScan
Memory Stick / Floppy Disk Adaptor
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Morrowind
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Nero - Burning Rom (Web installer)
NETGEAR PS121v2
Norton Ghost
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
PCDLNCH
PC-Linq
Pirates
Pocket PC Connection Wizard
PowerDVD
Pure Networks Port Magic
QuickTime
QuickTime for Windows (32-bit)
RealPlayer Basic
ScanSoft PaperPort 10.0
ScanSoft PDF Create 2.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SFR
SFR2
Shockwave
Shockwave.com JigsawMaker
SpellForce
SPGT5602 Mass Storage Controller
Spinner
Spybot - Search & Destroy
Spybot - Search & Destroy 1.2
SpywareBlaster v3.5.1
Stellaluna
SureThing CD Labeler - Stomper Edition 32 bit
The Axe Effect
The Sims Deluxe Edition
Ulead Photo Explorer 7.0 SE Basic
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VCAMCEN
Viewpoint Media Player
VPRINTOL
WeatherBug
What's Her Face!(tm) CD-ROM
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
WL1100B
Yahoo! Companion
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

Veka

Thank you. The HijackThis log is not complete. Post again. Also, can you check this file connwsp1.dll in virustotal as I asked ( Step 5 ).

aznshorty89

sorry about that. oh and the connwsp1.dll file came back with no results. i think it said 0/31 or around that number.

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28, on 2007-10-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\brss01a.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\system32\fxssvc.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
C:\WINXP\system32\ctfmon.exe
C:\WINXP\system32\wscntfy.exe
C:\Program Files\WinAble\winable.exe
C:\WINXP\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINXP\System32\MDM.EXE
C:\WINXP\system32\cmd.exe
C:\WINXP\system32\cscript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINXP\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINXP\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://img.photobucket.com/albums/v309/nesarocc23/sigachurchservicefinal.jpg

--
End of file - 9981 bytes

Veka

Thanks. Try to run Combofix again.

aznshorty89

i've tried to run combofix. it was open for about an hour with no results. sorry.

Veka

I'm so sorry for the delay!

You may want to print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.


Please do the followings...

Step 1

Donwload

AVG Anti-Spyware

Step 2

Configure and update AVG Anti-Spyware

• Install and run AVG Anti-Spyware
• Click the Update icon
• Click Start update
• Wait until updates are downloaded
• Click the Scanner icon
• Open the Settings tab
  • Make sure that under "How to act?" read Quarantine (If not, click the text and choose Quarantine)
  • Under "How to scan?" all checkboxes should be ticked
  • Under "Reports" select "DO NOT automatically generate report" and unselect Only if threats were found.
  • Under "What to scan?" select Scan every file

• Click the Shield icon
• Under the "Resident shield is" click active to make it inactive
• Close AVG Anti-Spyware ( do not scan yet )

Step 3

Reboot into Safe Mode

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
• Instead of Windows loading as normal, a menu with options should appear
• Select the first option, to run Windows in Safe Mode, then press Enter
• Choose your usual account.

Step 4

Run Combofix

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you.
• Save the log to your desktop.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Step 5

Run AVG Anti-Spyware

• Close all open windows / programs / folders
• Start AVG Anti-Spyware
• Click the Scanner icon
• Click Complete System Scan
• Let the program scan the machine
  (do NOT use your computer while sanning)
• When the scan has finished, follow the instructions below
  • Make sure that under "Set all elements to" read Quarantine (If not, click the text and choose Quarantine)
  • Click Apply all actions
  • Click Save Report
  • Click Save reports as
  • Save report to your Desktop

Step 6

Reboot your computer into normal mode.

Please post Combofix log, AVG Anti-Spyware report, and a fresh HijackThis log.

aznshorty89

hello. thanks for all your help so far. here's the combofix log, the avg log, and the HJT log.

combofix:[/SIZE]

ComboFix 07-10-28.2** - MELISSA RIVERA 2007-11-04 20:55:14.6 - FAT32x86 MINIMAL
Running from: C:\Documents and Settings\MELISSA RIVERA\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MELISSA RIVERA\Application Data\DOBE~1
C:\Documents and Settings\MELISSA RIVERA\Application Data\STEM~1
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\config.cfg.1322b2aa837e66e377de1e31b5951442
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\MELISSA RIVERA\Application Data\WNSXS~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\CROSOF~1.NET
C:\Documents and Settings\MELISSA RIVERA\My Documents\DOBE~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\MANTEC~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\RACLE~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\SCURIT~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\SKS~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\SMBOLS~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\SSTEM~1
C:\Documents and Settings\MELISSA RIVERA\My Documents\YMANTE~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\fnts~1
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Program Files\ystem3~1
C:\temp\tn3
C:\WINXP\asks~1
C:\WINXP\b103.exe
C:\WINXP\b122.exe
C:\WINXP\b136.exe
C:\WINXP\b138.exe
C:\WINXP\b147.exe
C:\WINXP\fnts~1
C:\WINXP\icroso~1.net
C:\WINXP\sembly~1
C:\WINXP\system32\appatc~1
C:\WINXP\system32\curity~1
C:\WINXP\system32\drivers\core.cache.dsk
C:\WINXP\system32\drivers\core.sys
C:\WINXP\system32\drivers\sfsync02.sys
C:\WINXP\system32\fnts~1
C:\WINXP\system32\mbols~1
C:\WINXP\system32\wnsapiicomsv32.exe
C:\WINXP\system32\ymante~1
C:\WINXP\ystem~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

---

\LEGACY_CMDSERVICE

---

\LEGACY_CORE

---

\LEGACY_NETWORK_MONITOR

---

\LEGACY_NWSAPAGENT

---

\LEGACY_SFSYNC02

---

\core

---

\NwSapAgent

---

\sfsync02


((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-04 20:39 <DIR> d

---

C:\Documents and Settings\MELISSA RIVERA\Application Data\Grisoft
2007-11-04 20:38 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-04 20:38 10,872 --a

---

C:\WINXP\system32\drivers\AvgAsCln.sys
2007-11-03 00:54 <DIR> d

---

C:\Program Files\FotoSketcher
2007-11-03 00:34 <DIR> d

---

C:\Program Files\Photo To Sketch
2007-10-28 14:41 51,200 --a

---

C:\WINXP\NirCmd.exe
2007-10-11 17:55 <DIR> d

---

C:\Program Files\Windows Media Connect 2
2007-10-11 17:53 <DIR> d

---

C:\WINXP\system32\drivers\UMDF
2007-10-09 23:01 584,192

---

C:\WINXP\system32\dllcache\rpcrt4.dll
2007-10-07 00:10 <DIR> d

---

C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 03:42

---

d

---

w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-01 03:38

---

d

---

w C:\Program Files\SpywareBlaster
2007-09-24 05:42

---

d

---

w C:\Program Files\Lavasoft
2007-09-24 05:42

---

d

---

w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-05 06:20

---

d

---

w C:\Documents and Settings\MELISSA RIVERA\Application Data\U3
2007-08-22 14:12 96,256

---

w C:\WINXP\system32\dllcache\inseng.dll
2007-08-22 14:12 658,944

---

w C:\WINXP\system32\dllcache\wininet.dll
2007-08-22 14:12 615,424

---

w C:\WINXP\system32\dllcache\urlmon.dll
2007-08-22 14:12 55,808

---

w C:\WINXP\system32\dllcache\extmgr.dll
2007-08-22 14:12 532,480

---

w C:\WINXP\system32\dllcache\mstime.dll
2007-08-22 14:12 474,112

---

w C:\WINXP\system32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024

---

w C:\WINXP\system32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424

---

w C:\WINXP\system32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888

---

w C:\WINXP\system32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,058,176

---

w C:\WINXP\system32\dllcache\mshtml.dll
2007-08-22 14:12 251,392

---

w C:\WINXP\system32\dllcache\iepeers.dll
2007-08-22 14:12 205,312

---

w C:\WINXP\system32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384

---

w C:\WINXP\system32\dllcache\jsproxy.dll
2007-08-22 14:12 151,040

---

w C:\WINXP\system32\dllcache\cdfview.dll
2007-08-22 14:12 146,432

---

w C:\WINXP\system32\dllcache\msrating.dll
2007-08-22 14:12 1,494,528

---

w C:\WINXP\system32\dllcache\shdocvw.dll
2007-08-22 14:12 1,054,208

---

w C:\WINXP\system32\dllcache\danim.dll
2007-08-22 14:12 1,022,976

---

w C:\WINXP\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432

---

w C:\WINXP\system32\dllcache\iedw.exe
2007-08-21 07:15 683,520 ----a-w C:\WINXP\system32\inetcomm.dll
2007-08-21 07:15 683,520

---

w C:\WINXP\system32\dllcache\inetcomm.dll
2002-08-28 06:14 271 --sh--w C:\Program Files\desktop.ini
2002-08-28 06:14 23,357 ---h--w C:\Program Files\folder.htt
2005-07-30 00:24:26 472 --sha-r C:\WINXP\TElOTyBFLiBEQVJERQ\nH5inV1IM21HkpLHlk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS121v2"="C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" [2006-08-25 16:47]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"HostManager"="C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe" [2006-09-25 16:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" []
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 11:18]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AOL Fast Start"="c:\progra~1\americ~1.0\AOL.EXE" -b

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINXP\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINXP\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Memory Stick Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Memory Stick Monitor.lnk
backup=C:\WINXP\pss\Memory Stick Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINXP\pss\Microsoft Find Fast.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINXP\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINXP\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazingTens]
"C:\Program Files\AmazingTens\AmazingTens.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLCC]
"C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bbui]
C:\Program Files\Creative\8xxx\bbui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeICON]
C:\WINXP\SPMSMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINXP\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1111801936\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
????£?????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MovieNetworks]
"C:\Program Files\MovieNetworks\MovieNetworks.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINXP\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
????£?????

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MIMO XR TM PCI WLService"=2 (0x2)
"WANMiniportService"=2 (0x2)
"ptssvc"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"GhostStartService"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOLService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 FPMSNT;FPMSNT;C:\WINXP\system32\drivers\FPMSNT.sys
R2 Sdselect;Sdselect;C:\WINXP\system32\drivers\Sdselect.sys
R2 SVKP;SVKP;\??\C:\WINXP\System32\SVKP.sys
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\WINXP\system32\DRIVERS\NETGEARUHOST.sys
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\WINXP\system32\DRIVERS\NETGEARUHUB.sys
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINXP\system32\DRIVERS\ss.sys
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINXP\system32\DRIVERS\atirtcap.sys
S3 ATWPKT;ATWPKT;\??\C:\WINXP\system32\Drivers\ATWPKT.SYS
S3 efipsk;efipsk;\??\C:\DOCUME~1\LINODA~1\LOCALS~1\Temp\efipsk.sys
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINXP\system32\Drivers\Icam3.sys
S3 NaiFiltr;NaiFiltr;C:\WINXP\system32\DRIVERS\NaiFiltr.sys
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;C:\WINXP\system32\DRIVERS\NETGEARUCOMP.sys
S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;C:\WINXP\system32\DRIVERS\vvbEth.sys
S3 vvbususb;Broadband Blaster 8012U USB;C:\WINXP\system32\drivers\vvbususb.sys
S3 Wdm1;USB Bridge Cable Driver;C:\WINXP\system32\Drivers\usbbc.sys
S4 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService;C:\Program Files\Airlink101\AWLH5026\WLService.exe
S4 ptssvc;ptssvc;C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7315fb0-e06c-11db-b8f6-0014a5db7e15}]
Auto\command - infrom.exe
AutoRun\command - C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 04:49:02 C:\WINXP\Tasks\McAfee.com Update Check (LINOBEDROOM-LINO DARDE).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-05 05:01:02 C:\WINXP\Tasks\McAfee.com Update Check (LINOBEDROOM-SERENA).job"
"2007-11-05 04:50:02 C:\WINXP\Tasks\McAfee.com Update Check (LINOBEDROOM-MELISSA RIVERA).job"
"2007-11-05 05:02:16 C:\WINXP\Tasks\McAfee.com Update Check (MELISSASCOMPUTE-MELISSA RIVERA).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-03 07:34:02 C:\WINXP\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 21:01:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc]
"ImagePath"=multi:"System32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"System32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"System32\DRIVERS\fdc.sys\00"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"System32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
.
Completion time: 2007-11-04 21:02:51 - machine was rebooted
.
--- E O F ---

AVG log:[/SIZE]

---

AVG Anti-Spyware - Scan Report

---

+ Created at: 9:50:52 PM 11/4/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\81158091.asw -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM\bde3d_refp4.dll -> Adware.BDE : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294445.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294446.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\WINDOWS\BDE\Cache\bdeclean.exe -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\WINDOWS\BDE\b3dsetup.exe -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\WINDOWS\BDE\bdeclean.exe -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\WINDOWS\BDE\bdeplayer2.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM\bdesecureinstall.exe -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294429.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294430.DLL -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294485.DLL -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINXP\iLookup -> Adware.eZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294456.DLL -> Adware.Funweb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294442.DLL -> Adware.IGetNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294443.DLL -> Adware.IGetNet : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS650.CAB/W0115116.CPY -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294439.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Update\dial.dll.017 -> Dialer.DialerOffline : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS917.CAB/A0170063.CPY -> Dialer.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294157.EXE -> Downloader.Adload.lj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301141.exe -> Downloader.Adload.lv : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir -> Downloader.Adload.lv : Cleaned with backup (quarantined).
C:\Documents and Settings\MELISSA RIVERA\Application Data\Microsoft\Windows\tljmwq.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294453.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301143.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Documents and Settings\MELISSA RIVERA\Application Data\WinTouch\WTUninstaller.exe.vir -> Downloader.Agent.buo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP452\A0290708.exe -> Downloader.Agent.cpj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292795.exe -> Downloader.Agent.djj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0294064.exe -> Downloader.Agent.djj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP455\A0294393.exe -> Downloader.Agent.djj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0295891.EXE -> Downloader.Agent.dlx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301134.exe -> Downloader.Agent.dpn : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINXP\b122.exe.vir -> Downloader.Agent.dpn : Cleaned with backup (quarantined).
C:\_RESTORE\ARCHIVE\FS264.CAB/A0047396.CPY -> Downloader.Dyfuca.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294447.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294448.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294449.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294457.EXE -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294435.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ziiz\ziizd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294433.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294432.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301135.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINXP\b103.exe.vir -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294434.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294444.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301136.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINXP\b136.exe.vir -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0296110.exe -> Not-A-Virus.Downloader.Win32.Acceler : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294431.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301146.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINXP\system32\drivers\core.sys.vir -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\WINDOWS\Cookies\melissa@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Cookies\melissa@ad-flow[2].txt -> TrackingCookie.Ad-flow : Cleaned.
C:\WINDOWS\Cookies\anyuser@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\Cookies\anyuser@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\Cookies\melissa@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\Cookies\melissa@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\Cookies\melissa@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\Cookies\melissa@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\Cookies\anyuser@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Cookies\melissa@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Cookies\melissa@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Cookies\anyuser@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\WINDOWS\Cookies\melissa@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\WINDOWS\Cookies\melissa@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\WINDOWS\Cookies\user@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\WINDOWS\Cookies\melissa@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\WINDOWS\Cookies\melissa@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\WINDOWS\Cookies\melissa@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned.
C:\WINDOWS\Cookies\melissa@clickagents[2].txt -> TrackingCookie.Clickagents : Cleaned.
C:\WINDOWS\Cookies\melissa@www.commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\WINDOWS\Cookies\melissa@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\WINDOWS\Cookies\melissa@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\WINDOWS\Cookies\melissa@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Cookies\melissa@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Cookies\user@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Cookies\melissa@euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@adopt.euroclick[2].txt[/email] -> TrackingCookie.Euroclick : Cleaned.
C:\WINDOWS\Cookies\melissa@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\WINDOWS\Cookies\melissa@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
C:\WINDOWS\Cookies\melissa@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\WINDOWS\Cookies\melissa@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\WINDOWS\Cookies\melissa@gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\WINDOWS\Cookies\melissa@webpdp.gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\WINDOWS\Cookies\melissa@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@ehg-quinstreet.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\user@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\user@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\WINDOWS\Cookies\melissa@adserv.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\WINDOWS\Cookies\melissa@adserv.internetfuel[3].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\WINDOWS\Cookies\melissa@nitrous.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\WINDOWS\Cookies\melissa@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Cookies\melissa@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@ssl-hints.netflame[1].txt[/email] -> TrackingCookie.Netflame : Cleaned.
C:\WINDOWS\Cookies\melissa@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\Cookies\melissa@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\Cookies\user@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\WINDOWS\Cookies\melissa@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
C:\WINDOWS\Cookies\melissa@www.qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\WINDOWS\Cookies\melissa@www.qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\WINDOWS\Cookies\user@www.qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\WINDOWS\Cookies\melissa@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\WINDOWS\Cookies\melissa@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\WINDOWS\Cookies\anyuser@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@artistguide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@home.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@music.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@realguide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@www.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\melissa@www.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\WINDOWS\Cookies\user@www.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@realmedia[1].txt[/email] -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@realmedia[2].txt[/email] -> TrackingCookie.Realmedia : Cleaned.
C:\WINDOWS\Cookies\melissa@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@revsci[2].txt[/email] -> TrackingCookie.Revsci : Cleaned.
C:\WINDOWS\Cookies\melissa@ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\WINDOWS\Cookies\user@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\WINDOWS\Cookies\user@counter1.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\WINDOWS\Cookies\user@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\WINDOWS\Cookies\user@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\WINDOWS\Cookies\melissa@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@statcounter[1].txt[/email] -> TrackingCookie.Statcounter : Cleaned.
C:\WINDOWS\Cookies\melissa@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\WINDOWS\Cookies\melissa@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\WINDOWS\Cookies\melissa@servedby.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\WINDOWS\Cookies\melissa@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\WINDOWS\Cookies\melissa@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\WINDOWS\Cookies\melissa@valueclick[4].txt -> TrackingCookie.Valueclick : Cleaned.
C:\WINDOWS\Cookies\melissa@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\WINDOWS\Cookies\melissa@x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\WINDOWS\Cookies\melissa@x10[2].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@ad.yieldmanager[1].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\MELISSA RIVERA\Cookies\melissa [email]rivera@ad.yieldmanager[3].txt[/email] -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Cookies\melissa@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294438.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP471\A0299375.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP471\A0299376.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301138.exe -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINXP\b147.exe.vir -> Trojan.Agent.bnd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP447\A0290054.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP447\A0290062.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP448\A0290228.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP449\A0290342.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP450\A0290469.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP452\A0290683.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292766.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292802.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP453\A0292877.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294189.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294276.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP455\A0294356.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP456\A0294547.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP457\A0294597.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP457\A0294746.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0295822.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0295884.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP458\A0296132.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP459\A0296226.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP459\A0296329.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP459\A0296410.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP466\A0298563.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP467\A0298757.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP472\A0299605.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP475\A0301133.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINXP\TElOTyBFLiBEQVJERQ\nH5inV1IM21HkpLHlk.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINXP\system32\wnsapiicomsv32.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9EF45DD2-ECE3-452C-ADA4-13703651D0BD}\RP454\A0294158.exe -> Trojan.Small.oa : Cleaned with backup (quarantined).
C:\Documents and Settings\MELISSA RIVERA\Shared\Steven Spielberg gets a hilarious prank phone call.wma -> Trojan.Wimad.a : Cleaned with backup (quarantined).


::Report end

and the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:42 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\brss01a.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\system32\fxssvc.exe
C:\WINXP\system32\wscntfy.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINXP\system32\ctfmon.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [PS121v2] "C:\Program Files\NETGEAR\PS121v2\PS121v2.exe" /hide
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111801936\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O10 - Unknown file in Winsock LSP: connwsp1.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O20 - AppInit_DLLs: WIKI.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINXP\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://img.photobucket.com/albums/v309/nesarocc23/sigachurchservicefinal.jpg

--
End of file - 9561 bytes

Veka

Run HijackThis. Click Do system scan only, [SIZE=-1]and check these items.
[/SIZE]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

When done, close all web browsers and click Fix Checked.

Please read this System Restore Guide. It will help you to clean ( disable and enable ) your system restore.

http://www.bleepingcomputer.com/tutorials/tutorial56.html

How is the computer running now?

aznshorty89

the computer's startup is a lot faster and there are no pop ups so far so thats good. there's one more thing though.. i have this blue sidebar on my desktop and i have no idea how to get rid of it. here's a picture of it.

Veka

Sorry, I can't help you. I don't use Windows XP.