Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing what I believe to be AntiVirus 2008/2009


  • This topic is locked This topic is locked
16 replies to this topic

#1 Stelmack

Stelmack

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 March 2009 - 01:42 PM

If it is any help you can find my original topic here.

I have tried removing it through many means, but none have worked. When I did delete the internet explorer files the desktop reverted to normal, but that is the only thing here that is not in the other topic. If you need any more info I would be glad to share. This virus has been here for weeks and is really taking its toll on my system.

I would also like to note that Firefox has been having corrupt files lately, which is most likely the work of the virus. Everytime I start it up it acts as if every peice of software on it is on its first use, and that my default browser is not firefox. So I get 4 taps and 2 pop ups of frst time messages.

The DDS Log Below

DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Owner at 13:35:42.78 on Sun 03/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.62 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: Avanquest Fix-It *On-access scanning enabled* (Updated)
FW: Norton Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Compaq_Owner.EMPEROR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.EMPEROR\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: DealioBHO Class: {6a87b991-a31f-4130-ae72-6d0c294bf082} - c:\program files\dealio\kb124\Dealio.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\nnnoMFwx.dll
BHO: {d17a172c-d32d-de08-5c14-6ac6c80318e6}: {6e81308c-6ca6-41c5-80ed-d23dc271a71d} - c:\windows\system32\hryeyz.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Dealio: {e67c74f4-a00a-4f2c-9fec-fd9dc004a67f} - c:\program files\dealio\kb124\Dealio.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Dealio: {5c4c24d0-28b6-4b6b-b70f-e09848367f10} - c:\program files\dealio\kb124\Dealio.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: Compare Prices with &Dealio - c:\documents and settings\compaq_owner.emperor\application data\dealio\kb124\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA} - c:\program files\dealio\kb124\Dealio.dll
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215701487597
DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} - file:///C:/Program%20Files/Intelore/AnimatedDesktop/advThemes/WorkDir/7760015/Files/ActiveFormProj1.inf
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: nnnoMFwx - nnnoMFwx.dll
AppInit_DLLs: hryeyz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\nnnoMFwx.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2008-12-22 13440]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-21 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 107272]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-2-10 13360]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-21 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-21 298264]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-2-10 68912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-6 24652]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NAVENG.Sys [2004-8-11 68168]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20040625.019\NavEx15.Sys [2004-8-11 600264]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-4-12 507264]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2007-11-6 87848]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-12-9 255096]
S4 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2003-12-9 218232]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-12-9 87160]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-12-9 234616]
S4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2004-6-4 174208]
S4 SBAMSvc;Sunbelt VIPRE Antivirus Service;c:\program files\common files\antivirus\SBAMSvc.exe [2008-8-5 849192]

=============== Created Last 30 ================

2009-02-28 14:47 251,392 a------- c:\windows\xccdf32_090131a.dll
2009-02-28 14:47 36,352 a------- c:\windows\xccdf16_090131a.dll
2009-02-28 14:47 155,175 a------- c:\windows\system\xccef090131.exe
2009-02-28 14:47 433 a------- c:\windows\xccwinsys.ini
2009-02-28 14:47 --d----- c:\windows\system32\inf
2009-02-28 14:47 155,175 a------- c:\windows\system32\icv.exe
2009-02-28 01:09 --d----- c:\docume~1\compaq~1.emp\applic~1\The Creative Assembly
2009-02-28 01:05 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-02-28 01:04 --d----- c:\windows\Logs
2009-02-26 17:45 --d----- c:\documents and settings\compaq_owner.emperor\DoctorWeb
2009-02-25 00:04 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 00:03 --d----- c:\program files\Lavasoft
2009-02-24 22:36 0 a------- c:\windows\PTWebCam.INI
2009-02-24 22:36 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2009-02-24 22:36 28,672 a------- c:\windows\system32\vidcap.ax
2009-02-24 22:36 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-24 22:36 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-02-24 22:32 48,128 a------- c:\windows\system32\Remove.exe
2009-02-24 22:32 408 a------- c:\windows\system32\Remover.ini
2009-02-24 22:32 --d----- c:\windows\PixArt
2009-02-24 22:32 --d----- c:\program files\PC CIF Camer@
2009-02-24 22:32 --d----- c:\program files\common files\PAC207
2009-02-24 22:31 --d----- c:\program files\PhoTags Express
2009-02-21 20:10 --d-h--- C:\$AVG8.VAULT$
2009-02-21 20:08 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-21 20:08 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-21 20:08 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-21 20:07 --d----- c:\windows\system32\drivers\Avg
2009-02-21 20:07 --d----- c:\docume~1\compaq~1.emp\applic~1\AVGTOOLBAR
2009-02-21 20:07 --d----- c:\program files\AVG
2009-02-21 20:07 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-10 16:10 --d----- c:\program files\World of Warcraft
2009-02-10 16:09 68,912 a------- c:\windows\system32\drivers\sbapifs.sys
2009-02-10 16:09 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-02-10 16:03 --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-02-09 19:51 --d----- c:\docume~1\alluse~1\applic~1\Avanquest
2009-02-09 19:49 --d-h--- C:\_Backup
2009-02-09 19:49 --d----- c:\docume~1\compaq~1.emp\applic~1\Avanquest
2009-02-09 19:49 --d----- c:\program files\common files\AntiVirus
2009-02-09 19:48 --d----- c:\program files\Avanquest
2009-02-09 12:58 1 a------- c:\windows\system32\uniq.tll
2009-02-07 22:22 529 a------- c:\windows\system32\winlogon2.exe
2009-02-07 13:40 --d----- c:\program files\Z-Virtual CD-DRIVE
2009-02-07 13:34 --d----- c:\program files\DAEMON Tools Pro
2009-02-07 13:34 --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-02-07 13:29 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-07 13:29 --d----- c:\docume~1\compaq~1.emp\applic~1\DAEMON Tools Pro
2009-02-07 13:23 --d----- c:\docume~1\compaq~1.emp\applic~1\J. A. Associates
2009-02-07 13:23 --d----- c:\program files\J. A. Associates
2009-02-03 22:02 499,200 a------- c:\windows\system32\WZDPlay.dll
2009-02-03 22:02 --d----- c:\program files\common files\Idu
2009-02-03 22:01 --d----- c:\program files\WarZone
2009-02-01 10:35 --d----- c:\docume~1\compaq~1.emp\applic~1\ooVoo Details
2009-02-01 10:35 --d----- c:\program files\ooVoo

==================== Find3M ====================

2008-12-11 15:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-10-20 15:22 30 a------- c:\documents and settings\compaq_owner.emperor\jagex_runescape_preferences.dat
2007-02-11 11:26 32,177 ---sh--- c:\program files\common files\Yazzle1122OinUninstaller.exe
2005-09-24 20:56 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 13:36:21.93 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 01 March 2009 - 05:36 PM

Hello Stelmack,

Posted Image

Please disable AVG, as it may interfere with this tool and what it needs to do.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.


Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 March 2009 - 06:04 PM

Without my Task Manager, which is disabled by the virus, I am at a loss to turn off these anti virus programs. I disabled them from the toolbar but they still run. I was deeply scared when the X on the combolog box let it continue to run till I shut it off as it started.

Could you tell me how to disable them without the task manager? I can use msconfig and could try to disable them on start-up, but some things may still linger behind is what Im afraid off.

Also do not worry, I don't plan on suing you. And if this doesn't work I could always "accidentally" mis-take the steps, brake the computer, and force my dad to buy me a new one :thumbup2: I also have some computer experience so I can understand some computer lingo lol.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 01 March 2009 - 06:27 PM

Go ahead and run it if it will let you.....nothing to be scared of. :) Thank you for telling me though.....we'll take care of things as they come up, and a run with ComboFix will take care of a lot of it. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 March 2009 - 07:50 PM

Here is the combo fix log. I must say I noticed many positive changes! But one negative - The return of windows security telling me to turn it on lol.

I will edit in the other log as soon as I finish it.

here is the log

ComboFix 09-03-01.01 - Compaq_Owner 2009-03-01 18:48:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.140 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner.EMPEROR\Desktop\ComboFix.exe
AV: Avanquest Fix-It *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
FW: Norton Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\Compaq_Owner\Application Data\CROSOF~1
c:\documents and settings\Compaq_Owner\Application Data\CURITY~1
c:\documents and settings\Compaq_Owner\Application Data\DOBE~1
c:\documents and settings\Compaq_Owner\Application Data\FNTS~1
c:\documents and settings\Compaq_Owner\Application Data\MANTEC~1
c:\documents and settings\Compaq_Owner\Application Data\MCROSO~1
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Compaq_Owner\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Compaq_Owner\Application Data\SSTEM~1
c:\documents and settings\Compaq_Owner\Application Data\SSTEM3~1
c:\documents and settings\Compaq_Owner\Application Data\TSKS~1
c:\documents and settings\Compaq_Owner\Favorites\Online Security Test.url
c:\documents and settings\Compaq_Owner\My Documents\PPPATC~1
c:\documents and settings\Compaq_Owner\My Documents\RACLE~1
c:\documents and settings\Compaq_Owner\My Documents\SEMBLY~1
c:\documents and settings\Compaq_Owner\My Documents\SKS~1
c:\documents and settings\Compaq_Owner\My Documents\SSEMBL~1
c:\documents and settings\Compaq_Owner\My Documents\SSTEM~1
c:\documents and settings\Compaq_Owner\My Documents\STEM32~1
c:\documents and settings\Compaq_Owner\My Documents\TSKS~1
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Outerinfo
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Outerinfo\Terms.lnk
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\install.exe
c:\program files\Common Files\{342D9~1
c:\program files\Common Files\{442D9~1
c:\program files\Common Files\{442D9~2
c:\program files\Common Files\asembl~1
c:\program files\Common Files\crosof~1.net
c:\program files\Common Files\dobe~1
c:\program files\Common Files\ecurit~1
c:\program files\Common Files\racle~1
c:\program files\Common Files\sembly~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\stem32~1
c:\program files\Common Files\wnsxs~1
c:\program files\Common Files\Yazzle1122OinUninstaller.exe
c:\program files\curity~1
c:\program files\pppatc~1
c:\program files\ssembl~1
c:\program files\stem~1
c:\program files\wnsxs~1
C:\smp.bat
c:\windows\appatc~1
c:\windows\BM471ea043.txt
c:\windows\BM471ea043.xml
c:\windows\cookies.ini
c:\windows\dobe~1
c:\windows\dobe~2
c:\windows\IA
c:\windows\IA\KE.vbs
c:\windows\icroso~1
c:\windows\icroso~1.net
c:\windows\Install.txt
c:\windows\mantec~1
c:\windows\mbols~1
c:\windows\mbols~1\MBOLS~1\ctxad-566.0000
c:\windows\mbols~1\MBOLS~1\ctxad-566.0001
c:\windows\mbols~1\MBOLS~1\ctxad-566.0002
c:\windows\pskt.ini
c:\windows\racle~1
c:\windows\sembly~1
c:\windows\sks~1
c:\windows\sks~2
c:\windows\smbols~1
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekarvalkvil.sys
c:\windows\system32\inf\rundll33.exe
c:\windows\system32\inf\xccdfb16_090131.dll
c:\windows\system32\inf\xccefb090131.scr
c:\windows\system32\mabidwe.exe
c:\windows\system32\senekajojotbai.dll
c:\windows\system32\senekapqpxbrkv.dll
c:\windows\system32\senekarjqjidcq.dat
c:\windows\system32\senekasrqrdlcf.dll
c:\windows\system32\senekawfdxvmtn.dat
c:\windows\system32\tmpxccacj0.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\uniq.tll
c:\windows\system32\w.exe
c:\windows\system32\winlogon2.exe
c:\windows\system32\xcchit32.ini
c:\windows\system32\zip32.dll
c:\windows\xccdf16_090131a.dll
c:\windows\xccwinsys.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Service_afisicx
-------\Service_mabidwe


((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-01 19:17 . 2009-03-01 19:17 <DIR> d--hs---- C:\found.001
2009-03-01 17:51 . 2002-02-15 14:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-28 14:48 . 2009-02-28 14:48 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-02-28 14:47 . 2009-03-01 18:52 <DIR> d-------- c:\windows\system32\inf
2009-02-28 14:47 . 2009-03-01 18:40 251,392 --a------ c:\windows\xccdf32_090131a.dll
2009-02-28 14:47 . 2009-02-28 14:47 155,175 --a------ c:\windows\system32\icv.exe
2009-02-28 14:47 . 2009-02-28 14:47 155,175 --a------ c:\windows\system\xccef090131.exe
2009-02-28 01:09 . 2009-02-28 01:09 <DIR> d-------- c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\The Creative Assembly
2009-02-28 01:05 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-02-28 01:04 . 2009-02-28 01:05 <DIR> d-------- c:\windows\Logs
2009-02-26 17:45 . 2009-02-26 19:14 <DIR> d-------- c:\documents and settings\Compaq_Owner.EMPEROR\DoctorWeb
2009-02-26 17:23 . 2004-08-10 10:30 <DIR> d-------- c:\documents and settings\Administrator.EMPEROR.000\WINDOWS
2009-02-26 17:23 . 2004-08-11 08:55 <DIR> d-------- c:\documents and settings\Administrator.EMPEROR.000\Application Data\Symantec
2009-02-26 17:23 . 2004-08-10 11:16 <DIR> d-------- c:\documents and settings\Administrator.EMPEROR.000\Application Data\SampleView
2009-02-26 17:23 . 2004-08-10 10:28 <DIR> d-------- c:\documents and settings\Administrator.EMPEROR.000\Application Data\Apple Computer
2009-02-26 17:23 . 2009-02-26 17:23 <DIR> d-------- c:\documents and settings\Administrator.EMPEROR.000
2009-02-25 00:04 . 2009-02-25 00:04 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-25 00:03 . 2009-02-25 00:03 <DIR> d-------- c:\program files\Lavasoft
2009-02-24 22:36 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2009-02-24 22:36 . 2004-08-04 00:56 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2009-02-24 22:36 . 2004-08-04 00:56 28,672 --a------ c:\windows\system32\vidcap.ax
2009-02-24 22:36 . 2004-08-04 00:56 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2009-02-24 22:36 . 2009-02-24 22:36 0 --a------ c:\windows\PTWebCam.INI
2009-02-24 22:32 . 2009-02-24 22:32 <DIR> d-------- c:\windows\PixArt
2009-02-24 22:32 . 2009-02-24 22:32 <DIR> d-------- c:\program files\PC CIF Camer@
2009-02-24 22:32 . 2009-02-24 22:32 <DIR> d-------- c:\program files\Common Files\PAC207
2009-02-24 22:32 . 2006-11-03 10:59 48,128 --a------ c:\windows\system32\Remove.exe
2009-02-24 22:32 . 2007-02-12 01:06 408 --a------ c:\windows\system32\Remover.ini
2009-02-24 22:31 . 2009-02-24 22:32 <DIR> d-------- c:\program files\PhoTags Express
2009-02-21 20:10 . 2009-03-01 02:02 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-21 20:08 . 2009-02-21 20:08 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-21 20:08 . 2009-02-21 20:08 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-21 20:08 . 2009-02-21 20:08 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-21 20:07 . 2009-03-01 18:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-21 20:07 . 2009-02-21 20:07 <DIR> d-------- c:\program files\AVG
2009-02-21 20:07 . 2009-02-25 19:40 <DIR> d-------- c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\AVGTOOLBAR
2009-02-21 20:07 . 2009-02-22 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-10 16:10 . 2009-02-21 19:24 <DIR> d-------- c:\program files\World of Warcraft
2009-02-10 16:09 . 2008-07-18 01:26 68,912 --a------ c:\windows\system32\drivers\sbapifs.sys
2009-02-10 16:09 . 2008-07-18 01:26 13,360 --a------ c:\windows\system32\drivers\sbaphd.sys
2009-02-10 16:03 . 2009-02-10 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-02-09 19:58 . 2009-02-09 19:58 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-02-09 19:51 . 2009-02-09 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avanquest
2009-02-09 19:49 . 2009-02-09 19:58 <DIR> d-------- c:\program files\Common Files\AntiVirus
2009-02-09 19:49 . 2009-02-09 20:03 <DIR> d-------- c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\Avanquest
2009-02-09 19:49 . 2009-02-09 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-09 19:49 . 2009-02-11 09:22 <DIR> d--h----- C:\_Backup
2009-02-09 19:48 . 2009-02-09 19:48 <DIR> d-------- c:\program files\Avanquest
2009-02-09 13:13 . 2009-02-09 13:13 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-02-09 13:13 . 2009-02-09 13:13 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Dealio
2009-02-07 13:40 . 2009-02-08 14:23 <DIR> d-------- c:\program files\Z-Virtual CD-DRIVE
2009-02-07 13:34 . 2009-02-07 13:37 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-02-07 13:34 . 2009-02-07 13:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-02-07 13:29 . 2009-02-07 14:06 <DIR> d-------- c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\DAEMON Tools Pro
2009-02-07 13:29 . 2009-02-07 13:29 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-07 13:23 . 2009-02-07 13:23 <DIR> d-------- c:\program files\J. A. Associates
2009-02-07 13:23 . 2009-02-07 13:23 <DIR> d-------- c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\J. A. Associates
2009-02-03 22:02 . 2009-02-03 22:02 <DIR> d-------- c:\program files\Common Files\Idu
2009-02-03 22:02 . 2008-03-23 07:15 499,200 --a------ c:\windows\system32\WZDPlay.dll
2009-02-03 22:01 . 2009-02-06 15:28 <DIR> d-------- c:\program files\WarZone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 22:51 --------- d-----w c:\program files\Steam
2009-02-25 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 03:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 01:25 --------- d-----w c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\DNA
2009-02-24 21:14 --------- d-----w c:\program files\DNA
2009-02-10 22:34 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-10 00:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-09 01:42 --------- d-----w c:\program files\Google
2009-02-07 19:40 --------- d-----w c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\uTorrent
2009-02-04 02:59 --------- d-----w c:\program files\Pk3 Manage Editor
2009-02-01 15:42 --------- d-----w c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\ooVoo Details
2009-02-01 15:35 --------- d-----w c:\program files\ooVoo
2009-01-18 06:34 --------- d-----w c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\Xfire
2009-01-18 00:13 --------- d-s---w c:\program files\Xfire
2009-01-05 05:31 --------- d-----w c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\BitTorrent
2009-01-05 04:58 --------- d-----w c:\program files\uTorrent
2008-10-20 20:22 30 ----a-w c:\documents and settings\Compaq_Owner.EMPEROR\jagex_runescape_preferences.dat
2007-03-05 13:21 1 ----a-w c:\documents and settings\Compaq_Owner\SI.bin
2005-09-25 01:56 32 ----a-r c:\documents and settings\All Users\hash.dat
2004-12-26 19:37 0 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-21 1601304]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"VTTimer"="VTTimer.exe" [2004-03-26 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-21 20:08 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hryeyz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.EMPEROR^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Compaq_Owner.EMPEROR\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.EMPEROR^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Compaq_Owner.EMPEROR\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.EMPEROR^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Compaq_Owner.EMPEROR\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-18 16:34 506712 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 08:47 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-06-24 20:10 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-01 01:51 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-12-09 01:18 70776 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 16:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2009-01-26 03:45 228808 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-12 14:27 133104 c:\documents and settings\Compaq_Owner.EMPEROR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a------ 2004-01-20 19:25 124056 c:\program files\Common Files\Symantec Shared\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 09:51 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 22:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2004-01-20 19:25 124056 c:\program files\Common Files\Symantec Shared\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteBurner]
--a------ 2008-12-02 12:02 5668864 c:\program files\NoteBurner\VTBurnerGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oovoo.exe]
--a------ 2008-11-20 14:45 14202672 c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-06 02:23 218240 c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-02-27 23:48 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-09-20 12:39 144792 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-25 08:36 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-10 10:04 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 19:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 12:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"wuauserv"=2 (0x2)
"TrkWks"=2 (0x2)
"SymWSC"=2 (0x2)
"SBAMSvc"=2 (0x2)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"Fix-It Task Manager"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"ccPwdSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"37676:TCP"= 37676:TCP:*:Disabled:ooVoo TCP port 37676
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2008-12-22 13440]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-21 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-21 107272]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-02-10 13360]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-21 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-21 298264]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-02-10 68912]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-08-03 48640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-06 24652]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-04-12 507264]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2007-11-06 87848]
S4 SBAMSvc;Sunbelt VIPRE Antivirus Service;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [2008-08-05 849192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946e7ba5-5e9f-11dd-8303-0011d80665cb}]
\Shell\AutoRun\command - K:\CA_Install.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-08-30 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe []

2009-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1846315750-2297867047-3254532082-1009.job
- c:\documents and settings\Compaq_Owner.EMPEROR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 14:27]

2009-02-23 c:\windows\Tasks\Scheduled Checkpoint.job
- c:\program files\VCOM\Recovery Commander\RCSCHED.EXE []

2004-08-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-14 03:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\nnnoMFwx.dll
BHO-{6e81308c-6ca6-41c5-80ed-d23dc271a71d} - c:\windows\system32\hryeyz.dll
HKLM-Explorer_Run-xccinit - c:\windows\system32\inf\rundll33.exe
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\nnnoMFwx.dll
Notify-nnnoMFwx - nnnoMFwx.dll
MSConfigStartUp-au - c:\program files\Dealio\DealioAU.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
IE: Compare Prices with &Dealio - c:\documents and settings\Compaq_Owner.EMPEROR\Application Data\Dealio\kb124\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} - file:///C:/Program%20Files/Intelore/AnimatedDesktop/advThemes/WorkDir/7760015/Files/ActiveFormProj1.inf
FF - ProfilePath -
.
.
------- File Associations -------
.
txtfile="c:\windows\system32\nxtepad.exe" "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 19:20:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\windows\system32\sopidkc.exe [1628] 0x8397E500

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\tpszxyd.sys 241152 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1846315750-2297867047-3254532082-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,ba,70,ab,c6,23,68,26,f8,e7,1b,7e,0e,d9,14,5a,b4,5e,8c,ad,80,5f,c6,
13,2d,cb,26,12,74,70,f8,f9,08,f4,67,24,fe,10,57,e7,41,68,cb,73,36,8a,5c,f2,\
"??"=hex:fd,ed,95,67,fd,c4,c7,eb,68,e1,97,3e,5e,71,d2,12

[HKEY_USERS\S-1-5-21-1846315750-2297867047-3254532082-1009\Software\SecuROM\License information*]
"datasecu"=hex:d0,c4,19,d8,eb,b6,f4,d4,4c,ce,c9,2d,aa,cd,99,4c,03,bd,e4,03,86,
34,6f,52,ce,95,ff,06,2e,0a,5a,aa,37,89,2a,2f,82,4a,94,0d,00,b8,eb,97,5b,44,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-01 19:35:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-02 00:34:37

Pre-Run: 3,590,447,104 bytes free
Post-Run: 4,360,581,120 bytes free

440 --- E O F --- 2008-12-20 04:38:27









here is the log for hijack this. I downloaded the executable to avoid instaling anything. I think i understand what your doing though. See what is a virus and help me delete it!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:36 PM, on 3/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner.EMPEROR\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Owner.EMPEROR\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215701487597
O16 - DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} (ActiveFormX Control) - file:///C:/Program%20Files/Intelore/AnimatedDesktop/advThemes/WorkDir/7760015/Files/ActiveFormProj1.inf
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: hryeyz.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9064 bytes

Edited by Stelmack, 01 March 2009 - 07:54 PM.


#6 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 March 2009 - 07:59 PM

Also if you have any suggestions as what to get rid of to clean my computer up in general, be my guest :thumbup2:

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 01 March 2009 - 08:05 PM

That's what we're doing.....it'll be clean when we get done with it. :thumbup2:

First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (Norton and AVG) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable or uninstall the other one, and use it as an on demand only scan occasionally.

One more download, please:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 March 2009 - 08:48 PM

Well Id like to start off saying until I ran that I had no idea that Norton was still on my computer....It came with the computer as a non-removable program. I though I defeated it 3 years ago but apparently I was wrong.....there's nothing I know of of it running. Also I would have no idea as I said before to turn either off completely.

Another thing is that after the reboot AVG turned back on again and it reported 1 infection and 5 malware. I do not know what I should do, delete them or ignore them.

Here is the MBAM log

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 2

3/1/2009 8:33:14 PM
mbam-log-2009-03-01 (20-33-14).txt

Scan type: Quick Scan
Objects scanned: 89049
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\txtfile\shell\open\command\ (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msrstart.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nxtepad.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umtcdtw.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\xccdf32_090131a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system\xccef090131.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.






Here is the hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:27 PM, on 3/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.EMPEROR\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Owner.EMPEROR\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215701487597
O16 - DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} (ActiveFormX Control) - file:///C:/Program%20Files/Intelore/AnimatedDesktop/advThemes/WorkDir/7760015/Files/ActiveFormProj1.inf
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: hryeyz.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9112 bytes

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 01 March 2009 - 10:44 PM

Hello,

Run this tool for the Norton :

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008/2009 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Hmmmm........looking at the MBAM report, it says your system has been compromised. Do you have sensitive information, like banking and things? Nothing we do here can promise you a secure system. You have a worm still present also. The safest and surest solution would be for you to reformat the drive and reinstall your Operating System.

Please let me know what you would like to do.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 March 2009 - 10:47 PM

No I do not have any important info on this computer. Nothing but my video games at least, and I can back up my school essays. I could reformat the drive I think, but I cannot reinstall the OS because the CD has run out of uses and after that can no longer be validated. I guess what is being said here.....I need a new computer :'( or >:thumbup2:

Its bad because I cant afford one right now but good because it forces me to save my money I guess....

Edited by Stelmack, 01 March 2009 - 10:47 PM.


#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 01 March 2009 - 10:58 PM

You should be able to call Microsoft toll free and they'll give you a new key for it. :thumbup2: I've had to do that before. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 02 March 2009 - 03:51 AM

Really? I figured since they had the whole too many uses thing implemented they wouldn't do that. Good to hear! So I guess that's my only option until a new computer then?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 02 March 2009 - 04:38 AM

If you want a safe and secure computer, yes.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Stelmack

Stelmack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 03 March 2009 - 06:11 PM

Im not sure if compromised is the right term. You see, I can constantly hear clicking and movies streaming in the backround of my sound, and my ram took a nasty drop. Its more like....my computer is being used by someone to download things hehe. Well time to reboot windows! - Ps, Sorry for the late response, I could not connect to the internet.

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 04 March 2009 - 02:59 AM

Its more like....my computer is being used by someone to download things hehe.

That's the perfect description of compromised. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users