Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008/blue Screen(wallpaper)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Curious Guy

Curious Guy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 09 August 2008 - 02:51 AM

This all started about 2 days ago.

My computer started freezing and AVG starting noting trojan alerts/threat. I rebooted after the freeze and as the start-up programs loaded Antivirus XP 2008 popped up and a "system alert" saying (Antivirus XP 2008) had found 68 viruses and the "viruses" it found kept increasing with each alert. Also it replaced the wallpaper with a blue screen.

I browsed the forums, looked for similar problems ,which said to run the Deckard System Scanner and Kapersky scanners.

This are the Hijackthis logs and the Kapersky log...

Main.Txt

Deckard's System Scanner v20071014.68
Run by Luis on 2008-08-09 02:12:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-08-09 06:12:22 UTC - RP142 - Deckard's System Scanner Restore Point
1: 2008-08-09 03:54:29 UTC - RP141 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Luis.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:11 AM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc3j1j0enfn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Luis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphc3j1j0enfn] C:\WINDOWS\system32\lphc3j1j0enfn.exe
O4 - HKLM\..\Run: [SMrhc7j1j0enfn] C:\Program Files\rhc7j1j0enfn\rhc7j1j0enfn.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\RunOnce: [SpybotDeletingA9391] command /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9315] cmd /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3931] command /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2696] cmd /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm022YYPR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11229 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 XDva152 - c:\windows\system32\xdva152.sys (file missing)
S3 XDva158 - c:\windows\system32\xdva158.sys (file missing)
S3 XDva164 - c:\windows\system32\xdva164.sys (file missing)
S3 XDva186 - c:\windows\system32\xdva186.sys (file missing)
S3 XDva189 - c:\windows\system32\xdva189.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S? Netcom3 -
S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&267A616A&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&267A616A&0&05
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Motorola SURFboard SB5120 USB Cable Modem
Device ID: USB\VID_07B2&PID_5120\001180670E57
Manufacturer: Motorola
Name: Motorola SURFboard SB5120 USB Cable Modem
PNP Device ID: USB\VID_07B2&PID_5120\001180670E57
Service: USB_RNDIS

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_043D&PID_00F7&MI_02\6&242F54CA&0&0002
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_043D&PID_00F7&MI_02\6&242F54CA&0&0002
Service: USBSTOR

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_1106&DEV_3288&SUBSYS_72551462&REV_10\3&299B68E7&0&08
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_1106&DEV_3288&SUBSYS_72551462&REV_10\3&299B68E7&0&08
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-08 17:32:27 408 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-28 22:56:49 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 02:14:50 0 d-------- C:\Program Files\Trend Micro
2008-08-09 01:54:55 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Malwarebytes
2008-08-09 01:54:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:54:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-09 01:54:35 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-09 01:28:13 94208 --a------ C:\WINDOWS\system32\pphc3j1j0enfn.exe
2008-08-08 23:13:23 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-08 22:58:56 0 d-------- C:\Program Files\SpywareBlaster
2008-08-08 13:28:44 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia
2008-08-08 13:28:43 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Adobe
2008-08-08 13:28:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-08 13:28:34 0 d-------- C:\Program Files\Norton PC Checkup
2008-08-07 10:16:38 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn
2008-08-07 10:16:15 0 d-------- C:\Program Files\rhc7j1j0enfn
2008-08-07 10:15:36 137728 --a------ C:\WINDOWS\system32\lphc3j1j0enfn.exe
2008-07-23 14:08:09 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Apple Computer
2008-07-23 14:07:27 0 d-------- C:\Program Files\iPod
2008-07-23 14:07:22 0 d-------- C:\Program Files\iTunes
2008-07-23 14:07:05 0 d-------- C:\Program Files\Bonjour
2008-07-23 14:05:23 0 d-------- C:\Program Files\QuickTime
2008-07-23 14:05:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-07-23 14:04:44 0 d-------- C:\Program Files\Apple Software Update
2008-07-23 14:04:15 0 d-------- C:\Program Files\Common Files\Apple
2008-07-23 14:04:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-07-23 02:25:37 0 d-------- C:\ijji
2008-07-22 14:16:22 0 d-------- C:\WINDOWS\NV36603884.TMP
2008-07-22 10:11:00 0 d-------- C:\Program Files\NHN USA
2008-07-22 09:41:40 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-22 09:41:40 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\AVGTOOLBAR
2008-07-21 07:45:25 0 d-------- C:\Program Files\WarRock
2008-07-20 22:28:47 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Xfire
2008-07-12 13:35:30 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Ventrilo
2008-07-12 13:35:03 0 d-------- C:\Program Files\Ventrilo
2008-07-12 13:34:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 20:35:09 0 d-------- C:\Nexon
2008-07-11 20:35:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS


-- Find3M Report ---------------------------------------------------------------

2008-08-09 02:11:50 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\DNA
2008-08-09 02:04:57 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Skype
2008-08-09 01:56:04 0 d-------- C:\Program Files\Netcom3 Cleaner
2008-08-09 01:54:35 0 d-------- C:\Program Files\Common Files
2008-08-08 23:56:02 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\LimeWire
2008-08-08 22:31:39 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Xfire
2008-08-05 16:36:35 0 d-------- C:\Program Files\World of Warcraft
2008-08-02 16:20:51 0 d-------- C:\Program Files\Java
2008-07-31 18:50:27 0 d---s---- C:\Program Files\Xfire
2008-07-23 16:12:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 02:25:33 0 d--h----- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\ijjigame
2008-07-22 20:14:05 0 d-------- C:\Program Files\DNA
2008-07-22 09:54:34 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\IGN_DLM
2008-07-21 14:26:15 169 --a------ C:\WINDOWS\system32\noggavinfo.dat
2008-07-15 09:47:08 4399 --a------ C:\WINDOWS\system32\teexcept.dat
2008-07-09 09:33:34 2990368 --a------ C:\WINDOWS\system32\npescannert.exe <Not Verified; INCA Internet Co., Ltd.; nProtect Online Scanner>
2008-06-21 08:43:51 0 d-------- C:\Program Files\Tortun
2008-06-11 06:12:53 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Google
2008-06-09 04:27:25 0 d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\BitTorrent
2008-06-09 04:26:36 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-09 02:23:32 0 d-------- C:\Program Files\FRAPS
2008-06-08 16:55:26 753953 --a------ C:\WINDOWS\system32\npeisolation.exe <Not Verified; INCAInternet; nProtect Repository>
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
C:\WINDOWS\system32\msxml71.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [ ]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 05:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 05:55 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 05:55 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 05:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/06/2006 12:55 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [04/28/2006 11:36 PM]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [06/20/2006 09:37 AM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [07/10/2006 07:30 PM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [06/06/2006 11:05 PM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [06/07/2006 08:09 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/22/2008 09:41 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"lphc3j1j0enfn"="C:\WINDOWS\system32\lphc3j1j0enfn.exe" [08/07/2008 10:15 AM]
"SMrhc7j1j0enfn"="C:\Program Files\rhc7j1j0enfn\rhc7j1j0enfn.exe" [08/07/2008 06:20 AM]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/14/2006 04:21 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 01:34 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/14/2008 03:43 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/07/2008 07:42 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB3931"=command /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
"SpybotDeletingD2696"=cmd /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA9391"=command /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
"SpybotDeletingC9315"=cmd /c del "C:\WINDOWS\system32\blphc3j1j0enfn.scr_old"
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"iLike"=C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate

C:\Documents and Settings\Luis.LUIS-F29A722ECC\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [4/18/2008 3:21:09 PM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [7/15/2008 7:09:02 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll




-- End of Deckard's System Scanner: finished at 2008-08-09 02:16:11 ------------


Extra.Txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 510.36 MiB / 145.72 MiB
Pagefile Memory (total/avail): 1245.64 MiB / 558.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.33 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.75 GiB total, 431.21 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AACS-00ZUB0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.75 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\system32\\lxctcoms.exe"="C:\\WINDOWS\\system32\\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\ijji\\ENGLISH\\u_sf.exe"="C:\\ijji\\ENGLISH\\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\ijji\\ENGLISH\\u_gunz.exe"="C:\\ijji\\ENGLISH\\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Tortun\\gui.exe"="C:\\Program Files\\Tortun\\gui.exe:*:Enabled:gui"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LUIS-F29A722ECC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Luis.LUIS-F29A722ECC
LOGONSERVER=\\LUIS-F29A722ECC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1601
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LUIS~1.LUI\LOCALS~1\Temp
TMP=C:\DOCUME~1\LUIS~1.LUI\LOCALS~1\Temp
USERDOMAIN=LUIS-F29A722ECC
USERNAME=Luis
USERPROFILE=C:\Documents and Settings\Luis.LUIS-F29A722ECC
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Luis.LUIS-F29A722ECC (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AntivirXP08 --> "C:\Program Files\rhc7j1j0enfn\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe (remove only) --> "C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\Uninstall.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CABAL Online --> "C:\Program Files\OGPlanet\CABAL Online\unins000.exe"
Combat Arms --> "C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Fraps (remove only) --> "C:\Program Files\FRAPS\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
iLike Sidebar --> MsiExec.exe /X{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}
iMesh --> C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE /U C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
Install(US)2 --> C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest 2 (remove only) --> "C:\Program Files\Yahoo! Games\Jewel Quest 2\Uninstall.exe"
Lexmark 5400 Series --> C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MyPublisher BookMaker --> C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
Nero 7 Essentials --> MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton PC Checkup --> C:\Program Files\Norton PC Checkup\uninstall.exe
nProtect OnlineScanner --> C:\WINDOWS\system32\npeUninstaller.exe nps NOGG
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rakion International --> "C:\Program Files\Softnyx\RakionIS\unins000.exe"
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Soldier Front --> "C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Tortun 0.8 --> "C:\Program Files\Tortun\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WolfTeam International --> "C:\Program Files\Softnyx\WolfTeam\unins000.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (4)\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9957 / Error
Event Submitted/Written: 08/09/2008 02:14:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9944 / Error
Event Submitted/Written: 08/08/2008 05:32:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x012f9350.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type9935 / Error
Event Submitted/Written: 08/07/2008 08:15:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type9913 / Success
Event Submitted/Written: 08/06/2008 11:42:49 PM
Event ID/Source: 0 / session server address
Event Description:
u-sf-ss01.pubgame.ijji.com

Event Record #/Type9912 / Error
Event Submitted/Written: 08/06/2008 04:56:06 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 302095813.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10098 / Warning
Event Submitted/Written: 08/09/2008 02:03:46 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92082810. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type10097 / Warning
Event Submitted/Written: 08/09/2008 01:30:48 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92082810. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type10095 / Error
Event Submitted/Written: 08/09/2008 00:02:54 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.100.2 for the Network Card with network address 001D92082810 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type10094 / Error
Event Submitted/Written: 08/08/2008 11:55:22 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.2 on the
Network Card with network address 001D92082810.

Event Record #/Type10093 / Warning
Event Submitted/Written: 08/08/2008 11:55:22 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D92082810. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-08-09 02:16:11 ------------

Kapersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 09, 2008 07:22:35
Records in database: 1072099
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 73012
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 00:53:14


File name / Threat name / Threats count
C:\WINDOWS\system32\lphc3j1j0enfn.exe/C:\WINDOWS\system32\lphc3j1j0enfn.exe Infected: Trojan-Downloader.Win32.Small.aaii 1
C:\Program Files\rhc7j1j0enfn\rhc7j1j0enfn.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.nz 1
C:\WINDOWS\system32\8D.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\WINDOWS\system32\9A.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\WINDOWS\system32\lphc3j1j0enfn.exe Infected: Trojan-Downloader.Win32.Small.aaii 1

The selected area was scanned.

Right now I'm having some trouble booting up and loading start-up programs.

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 11 August 2008 - 09:44 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

I understand that downloading music and other files may be important to you; however, the Peer-to-Peer programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection all over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Here is some information that looks at the rates of infection:

http://www.benedelman.org/spyware/p2p/

With that being said, I recommend that you remove the following Peer-to-Peer program(s):

(Click on Start, then Control Panel. Double click on Add or Remove Programs)

BitTorrent
LimeWire 4.16.7
Tortun 0.8


Also remove the following programs -

AntivirXP08
Java™ 6 Update 5

______________

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • Close CCleaner.
______________

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -
  • Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so we may continue cleansing the system -

- the Combofix log (C:\ComboFix.txt)
- a HijackThis log
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Curious Guy

Curious Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 11 August 2008 - 08:58 PM

I removed all the P2P programs and the other things you mentioned, but I don't have a Windows Installation CD so I followed the steps and downloaded Combofix and went to http://support.microsoft.com/kb/310994 to download the other file, after that it says to drag the file onto the Combofix.exe, but once I do this it just runs ComboFix without installing the Windows Recovery Console. Another thing is AntivirXP2008 doesn't appear on the Add/Remove Programs List, but I have Spybot & Search and Destroy and MalwareBytes Anti-Malware and I ran these after posting this and the AntivirXP2008 stopped popping up on start-up. In any case I need help installing the Windows Recovery Console or an alternate method on how to install it.

And thanks for the reply.

Edited by Curious Guy, 11 August 2008 - 08:59 PM.


#4 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 12 August 2008 - 04:50 AM

Hi :thumbsup:

First of all, I'll need you to post a few logs.

Combofix will have created a log here - C:\Combofix.txt. Please post that in your next reply.
________________

I'll also need the Malwarebytes' Anti-Malware log. To find it, please do the following -

Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.
________________

To create a HijackThis log, please do the following -

Open Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Save it to a convenient location.
________________

Please post the Combofix log, along with the Malwarebytes' Anti-Malware report and the HijackThis log in your next reply.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#5 Curious Guy

Curious Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 12 August 2008 - 03:16 PM

As asked here are the logs (note both HijackThis and MABM logs were taken before ComboFix was used)

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm022YYPR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10068 bytes

MalwareBytes Log

Malwarebytes' Anti-Malware 1.24
Database version: 1035
Windows 5.1.2600 Service Pack 2

3:58:03 AM 8/9/2008
mbam-log-8-9-2008 (03-58-03).txt

Scan type: Quick Scan
Objects scanned: 49620
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 15

Memory Processes Infected:
C:\WINDOWS\system32\lphc3j1j0enfn.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7j1j0enfn (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc7j1j0enfn (Rogue.Multiple) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7j1j0enfn (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingb3931 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingd2696 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletinga9391 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc9315 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3j1j0enfn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhc7j1j0enfn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\rhc7j1j0enfn\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\8D.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9A.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\rhc7j1j0enfn\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7j1j0enfn\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7j1j0enfn\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7j1j0enfn\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc7j1j0enfn\rhc7j1j0enfn.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc3j1j0enfn.scr_old (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc3j1j0enfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

ComboFix Log

ComboFix 08-08-10.06 - Luis 2008-08-12 16:09:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.188 [GMT -4:00]
Running from: C:\Documents and Settings\Luis.LUIS-F29A722ECC\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\FunWebProducts
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\FunWebProducts\Data\Luis\avatar.dat
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\FunWebProducts\Data\Luis\wffavs.dat
C:\Documents and Settings\Luis.LUIS-F29A722ECC\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-11 13:23 . 2008-08-11 13:23 <DIR> d-------- C:\Program Files\CCleaner
2008-08-09 02:14 . 2008-08-09 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 02:11 . 2008-08-09 02:11 <DIR> d-------- C:\Deckard
2008-08-09 01:56 . 2008-08-09 01:56 101 --a------ C:\WINDOWS\wininit.ini
2008-08-09 01:54 . 2008-08-09 01:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 01:54 . 2008-08-09 01:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-09 01:54 . 2008-08-09 01:54 <DIR> d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Malwarebytes
2008-08-09 01:54 . 2008-08-09 01:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-09 01:54 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 01:54 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-08 23:56 . 2008-08-08 23:56 0 --a------ C:\WINDOWS\system32\D.tmp
2008-08-08 23:52 . 2008-08-08 23:52 0 --a------ C:\WINDOWS\system32\C.tmp
2008-08-08 23:13 . 2008-08-08 23:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-08 23:13 . 2008-08-12 16:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-08 22:58 . 2008-08-08 23:06 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-08 22:29 . 2008-08-08 22:29 0 --a------ C:\WINDOWS\system32\16.tmp
2008-08-08 17:55 . 2008-08-08 17:55 0 --a------ C:\WINDOWS\system32\25.tmp
2008-08-08 17:47 . 2008-08-08 17:47 0 --a------ C:\WINDOWS\system32\24.tmp
2008-08-08 17:32 . 2008-08-08 17:32 0 --a------ C:\WINDOWS\system32\1A.tmp
2008-08-08 17:25 . 2008-08-08 17:25 268 --ah----- C:\sqmdata19.sqm
2008-08-08 17:25 . 2008-08-08 17:25 244 --ah----- C:\sqmnoopt19.sqm
2008-08-08 17:23 . 2008-08-08 17:23 0 --a------ C:\WINDOWS\system32\E.tmp
2008-08-08 17:18 . 2008-08-08 17:18 0 --a------ C:\WINDOWS\system32\9F.tmp
2008-08-08 17:16 . 2008-08-08 17:16 0 --a------ C:\WINDOWS\system32\9C.tmp
2008-08-08 17:14 . 2008-08-08 17:14 0 --a------ C:\WINDOWS\system32\9B.tmp
2008-08-08 17:10 . 2008-08-08 17:10 0 --a------ C:\WINDOWS\system32\99.tmp
2008-08-08 17:09 . 2008-08-08 17:09 0 --a------ C:\WINDOWS\system32\98.tmp
2008-08-08 17:02 . 2008-08-08 17:02 0 --a------ C:\WINDOWS\system32\97.tmp
2008-08-08 16:54 . 2008-08-08 16:54 0 --a------ C:\WINDOWS\system32\94.tmp
2008-08-08 16:52 . 2008-08-08 16:52 0 --a------ C:\WINDOWS\system32\93.tmp
2008-08-08 16:46 . 2008-08-08 16:46 0 --a------ C:\WINDOWS\system32\92.tmp
2008-08-08 16:43 . 2008-08-08 16:43 0 --a------ C:\WINDOWS\system32\91.tmp
2008-08-08 16:33 . 2008-08-08 16:33 0 --a------ C:\WINDOWS\system32\8E.tmp
2008-08-08 16:29 . 2008-08-08 16:29 0 --a------ C:\WINDOWS\system32\8C.tmp
2008-08-08 16:27 . 2008-08-08 16:27 0 --a------ C:\WINDOWS\system32\8B.tmp
2008-08-08 16:22 . 2008-08-08 16:22 0 --a------ C:\WINDOWS\system32\8A.tmp
2008-08-08 16:19 . 2008-08-08 16:19 0 --a------ C:\WINDOWS\system32\89.tmp
2008-08-08 16:17 . 2008-08-08 16:17 0 --a------ C:\WINDOWS\system32\88.tmp
2008-08-08 16:09 . 2008-08-08 16:09 0 --a------ C:\WINDOWS\system32\85.tmp
2008-08-08 16:06 . 2008-08-08 16:06 0 --a------ C:\WINDOWS\system32\84.tmp
2008-08-08 16:05 . 2008-08-08 16:05 0 --a------ C:\WINDOWS\system32\83.tmp
2008-08-08 15:59 . 2008-08-08 15:59 0 --a------ C:\WINDOWS\system32\82.tmp
2008-08-08 15:36 . 2008-08-08 15:36 0 --a------ C:\WINDOWS\system32\7F.tmp
2008-08-08 15:28 . 2008-08-08 15:28 0 --a------ C:\WINDOWS\system32\7C.tmp
2008-08-08 15:26 . 2008-08-08 15:26 0 --a------ C:\WINDOWS\system32\7B.tmp
2008-08-08 15:24 . 2008-08-08 15:24 0 --a------ C:\WINDOWS\system32\7A.tmp
2008-08-08 15:22 . 2008-08-08 15:22 0 --a------ C:\WINDOWS\system32\79.tmp
2008-08-08 15:21 . 2008-08-08 15:21 0 --a------ C:\WINDOWS\system32\78.tmp
2008-08-08 15:16 . 2008-08-08 15:16 0 --a------ C:\WINDOWS\system32\77.tmp
2008-08-08 15:11 . 2008-08-08 15:11 0 --a------ C:\WINDOWS\system32\74.tmp
2008-08-08 15:10 . 2008-08-08 15:10 0 --a------ C:\WINDOWS\system32\73.tmp
2008-08-08 15:09 . 2008-08-08 15:09 0 --a------ C:\WINDOWS\system32\72.tmp
2008-08-08 15:05 . 2008-08-08 15:05 0 --a------ C:\WINDOWS\system32\71.tmp
2008-08-08 15:03 . 2008-08-08 15:03 0 --a------ C:\WINDOWS\system32\70.tmp
2008-08-08 13:28 . 2008-08-08 13:28 <DIR> d-------- C:\Program Files\Norton PC Checkup
2008-08-08 13:28 . 2008-08-08 13:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-08 13:16 . 2008-08-08 13:16 0 --a------ C:\WINDOWS\system32\15.tmp
2008-08-08 13:13 . 2008-08-08 13:13 0 --a------ C:\WINDOWS\system32\14.tmp
2008-08-07 21:22 . 2008-08-07 21:22 268 --ah----- C:\sqmdata18.sqm
2008-08-07 21:22 . 2008-08-07 21:22 244 --ah----- C:\sqmnoopt18.sqm
2008-08-07 16:17 . 2008-08-07 16:17 268 --ah----- C:\sqmdata17.sqm
2008-08-07 16:17 . 2008-08-07 16:17 244 --ah----- C:\sqmnoopt17.sqm
2008-08-07 10:29 . 2008-08-07 10:29 0 --a------ C:\WINDOWS\system32\B.tmp
2008-08-07 10:16 . 2008-08-07 10:16 0 --a------ C:\WINDOWS\system32\A.tmp
2008-08-06 14:42 . 2008-08-06 14:42 268 --ah----- C:\sqmdata16.sqm
2008-08-06 14:42 . 2008-08-06 14:42 244 --ah----- C:\sqmnoopt16.sqm
2008-08-06 12:54 . 2008-08-06 12:54 268 --ah----- C:\sqmdata15.sqm
2008-08-06 12:54 . 2008-08-06 12:54 244 --ah----- C:\sqmnoopt15.sqm
2008-08-06 03:25 . 2008-08-06 03:25 268 --ah----- C:\sqmdata14.sqm
2008-08-06 03:25 . 2008-08-06 03:25 244 --ah----- C:\sqmnoopt14.sqm
2008-08-05 20:26 . 2008-08-05 20:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-23 14:08 . 2008-07-23 14:08 <DIR> d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Apple Computer
2008-07-23 14:07 . 2008-07-23 14:07 <DIR> d-------- C:\Program Files\iTunes
2008-07-23 14:07 . 2008-07-23 14:07 <DIR> d-------- C:\Program Files\iPod
2008-07-23 14:07 . 2008-07-23 16:38 <DIR> d-------- C:\Program Files\Bonjour
2008-07-23 14:05 . 2008-07-23 14:06 <DIR> d-------- C:\Program Files\QuickTime
2008-07-23 14:05 . 2008-07-23 14:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-07-23 14:04 . 2008-07-23 14:04 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-23 14:04 . 2008-07-23 14:04 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-23 14:04 . 2008-07-23 14:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-07-23 02:25 . 2008-07-23 02:25 <DIR> d-------- C:\ijji
2008-07-23 02:24 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-07-23 02:24 . 2008-06-11 23:01 58,800 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-07-22 21:45 . 2008-07-22 21:45 268 --ah----- C:\sqmdata13.sqm
2008-07-22 21:45 . 2008-07-22 21:45 244 --ah----- C:\sqmnoopt13.sqm
2008-07-22 14:16 . 2008-07-22 20:12 <DIR> d-------- C:\WINDOWS\NV36603884.TMP
2008-07-22 14:16 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-22 10:11 . 2008-07-22 10:11 <DIR> d-------- C:\Program Files\NHN USA
2008-07-22 09:41 . 2008-08-07 10:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-22 09:41 . 2008-07-22 09:52 <DIR> d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\AVGTOOLBAR
2008-07-22 09:41 . 2008-07-22 09:41 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-22 09:41 . 2008-07-22 09:41 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-22 09:41 . 2008-07-22 09:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-22 09:37 . 2008-07-22 09:37 268 --ah----- C:\sqmdata12.sqm
2008-07-22 09:37 . 2008-07-22 09:37 244 --ah----- C:\sqmnoopt12.sqm
2008-07-21 14:31 . 2008-07-21 14:31 268 --ah----- C:\sqmdata11.sqm
2008-07-21 14:31 . 2008-07-21 14:31 244 --ah----- C:\sqmnoopt11.sqm
2008-07-21 14:15 . 2008-07-21 14:15 268 --ah----- C:\sqmdata10.sqm
2008-07-21 14:15 . 2008-07-21 14:15 244 --ah----- C:\sqmnoopt10.sqm
2008-07-21 08:17 . 2008-07-22 20:31 162,008 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-21 08:17 . 2008-07-22 20:31 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-21 08:17 . 2008-07-21 08:17 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-21 07:45 . 2008-07-21 08:16 <DIR> d-------- C:\Program Files\WarRock
2008-07-21 01:58 . 2008-07-21 01:58 268 --ah----- C:\sqmdata09.sqm
2008-07-21 01:58 . 2008-07-21 01:58 244 --ah----- C:\sqmnoopt09.sqm
2008-07-21 01:37 . 2008-07-21 01:37 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-21 01:26 . 2008-07-21 01:26 268 --ah----- C:\sqmdata08.sqm
2008-07-21 01:26 . 2008-07-21 01:26 244 --ah----- C:\sqmnoopt08.sqm
2008-07-20 22:30 . 2008-08-11 21:27 268 --ah----- C:\sqmdata07.sqm
2008-07-20 22:30 . 2008-08-11 21:27 244 --ah----- C:\sqmnoopt07.sqm
2008-07-20 22:28 . 2008-07-20 22:28 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Xfire
2008-07-20 19:33 . 2008-07-20 19:33 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-12 13:35 . 2008-07-12 13:35 <DIR> d-------- C:\Program Files\Ventrilo
2008-07-12 13:35 . 2008-07-15 09:50 <DIR> d-------- C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Ventrilo
2008-07-12 13:34 . 2008-07-12 13:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 20:12 --------- d-----w C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Skype
2008-08-12 20:04 --------- d-----w C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\DNA
2008-08-12 01:46 --------- d-s---w C:\Program Files\Xfire
2008-08-11 23:46 --------- d-----w C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\Xfire
2008-08-11 16:57 --------- d-----w C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\LimeWire
2008-08-09 05:56 --------- d-----w C:\Program Files\Netcom3 Cleaner
2008-08-09 04:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-08-05 20:36 --------- d-----w C:\Program Files\World of Warcraft
2008-08-02 20:20 --------- d-----w C:\Program Files\Java
2008-07-23 20:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 06:25 --------- d--h--w C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\ijjigame
2008-07-23 00:14 --------- d-----w C:\Program Files\DNA
2008-07-22 13:54 --------- d-----w C:\Documents and Settings\Luis.LUIS-F29A722ECC\Application Data\IGN_DLM
2008-07-12 00:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS
2008-07-09 13:33 2,990,368 ----a-w C:\WINDOWS\system32\npescannert.exe
2008-07-09 13:30 464,432 ----a-w C:\WINDOWS\system32\npeUninstaller.exe
2008-07-09 13:30 341,552 ----a-w C:\WINDOWS\system32\npesLauncher.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 20:55 753,953 ----a-w C:\WINDOWS\system32\npeisolation.exe
2008-05-16 15:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-21 21:55 11,973,584 ----a-w C:\Program Files\iMeshV7es.exe
2004-07-22 14:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 02:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 02:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 18:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 13:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 13:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 08:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 08:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 07:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-06-14 16:21 20002856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 13:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 15:43 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 19:42 289088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 17:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 17:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 17:55 1057328]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 17:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 00:55 54832]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 09:37 286720]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 19:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-06 23:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 08:09 106496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-22 09:41 1177368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Luis.LUIS-F29A722ECC\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-08-05 20:26:38 3065168]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\lxctcoms.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\ijji\\ENGLISH\\u_sf.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-22 09:41]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-22 09:41]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-22 09:41]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-22 09:41]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 XDva152;XDva152;C:\WINDOWS\system32\XDva152.sys []
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys []
S3 XDva164;XDva164;C:\WINDOWS\system32\XDva164.sys []
S3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []
S3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-iLike - C:\Program Files\iLike\1.1.41\ilikesidebar.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search - ?p=ZKxdm022YYPR

O16 -: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
C:\WINDOWS\Downloaded Program Files\nps.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\npesLauncher.exe
C:\WINDOWS\system32\np_kor.ini
C:\WINDOWS\system32\np_jpn.ini
C:\WINDOWS\system32\np_chs.ini
C:\WINDOWS\system32\np_eng.ini
C:\WINDOWS\system32\nps_jpn.ini
C:\WINDOWS\system32\nps_eng.ini
C:\WINDOWS\system32\nps_kor.ini
C:\WINDOWS\system32\npcopyv.exe
C:\WINDOWS\system32\npdownv.exe
C:\WINDOWS\system32\nps.ocx
C:\WINDOWS\system32\npeUninstLang_nps.xml
C:\WINDOWS\system32\npeUninst_nps.xml
C:\WINDOWS\system32\npeUninstaller.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 16:12:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


C:\Documents and Settings\Luis.LUIS-F29A722ECC\Local Settings\Application Data\Microsoft\Messenger\yomomma2103@hotmail.com\SharingMetadata\Working\database_306C_FC02_6CFB_C120\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-12 16:14:40
ComboFix-quarantined-files.txt 2008-08-12 20:14:37

Pre-Run: 461,520,728,064 bytes free
Post-Run: 461,747,666,944 bytes free

288 --- E O F --- 2008-07-22 07:01:49

I couldn't install the Recovery Console as noted in the last post.

Edited by Curious Guy, 12 August 2008 - 03:19 PM.


#6 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 13 August 2008 - 07:42 AM

Hi :thumbsup:

Step 1

Open HijackThis, perform a scan and put a check next to the following items (if present):

O8 - Extra context menu item: &Search - ?p=ZKxdm022YYPR

Close all programs except HijackThis and click on Fix checked.

Step 2

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Step 3

In your next reply, please post:
  • a new HijackThis log
  • the JavaRa log (C:\JavaRa.log)
  • a description of how your computer is currently running

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#7 Curious Guy

Curious Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 August 2008 - 03:42 PM

I scanned with Hijackthis and removed the following:O8 - Extra context menu item: &Search - ?p=ZKxdm022YYPR

This are the new logs:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:41 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm022YYPR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10035 bytes


JavaRa

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 13 16:34:40 2008

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

My computer is running fine now and the start-up programs load incredibly fast :thumbsup: , there is still a blue background oter than that there's nothing wrong.

#8 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 13 August 2008 - 04:11 PM

there is still a blue background

Please try changing your background by right-clicking anywhere on your desktop and choose Properties, then under the Desktop tab choose a background image.

Let me know in your next reply whether any problems remain.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#9 Curious Guy

Curious Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 August 2008 - 06:04 PM

Thanks for the help!!! The desktop tab is back in Properties now, anyways no problems...thanks again :thumbsup: !!!!!!

#10 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 14 August 2008 - 12:28 AM

You're very welcome :thumbsup:

As your logs look clean, here are some tips to prevent reinfection in the future -

Click Start then Run....
  • Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)

    Posted Image
  • This will uninstall Combofix.
Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - An excellent startup manager, notifies you if programs are added to startup, allows delayed startup, ... A must have! An installation guide can be found here: http://www.winpatrol.com/download.html

Malwarebytes' Anti-Malware - You should scan your computer with the program on a regular basis just as you would with your anti-virus software.

Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.

You can also read this excellent article by TonyKlein: So how did I get infected in the first place?

Follow this list and your potential for being infected again will reduce dramatically.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#11 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 17 August 2008 - 10:19 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a new topic.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users