Lots of popups [RESOLVED]

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• A new folder will be extracted to your %systemdrive%, typically C:\SDFix
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.

NEXT


Please visit below webpage for instructions for downloading and running ComboFix. Make sure you download and save ComboFix DIRECTLY to your Desktop

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Post me these logs in your next reply.. Post each log in separate post..

1. SDFix
2. ComboFix
3. A fresh HijackThis log (after ComboFix step)

SDFix: Version 1.236
Run by Administrator on Thu 10/16/2008 at 10:24 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Resetting SecurityProviders Value

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\GetModule\dicik.gz - Deleted
C:\Program Files\GetModule\GetModule23.exe - Deleted
C:\Program Files\GetModule\kwdik.gz - Deleted
C:\WINDOWS\system32\wini10451631.exe - Deleted
C:\WINDOWS\system32\wpv073.cpx - Deleted
C:\WINDOWS\system32\wpv221.cpx - Deleted
C:\WINDOWS\system32\wpv263.cpx - Deleted
C:\WINDOWS\system32\wpv073.cpx - Deleted
C:\WINDOWS\system32\wpv221.cpx - Deleted
C:\WINDOWS\system32\wpv263.cpx - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\faceback.exe - Deleted
C:\WINDOWS\system32\brastk.exe - Deleted
C:\WINDOWS\system32\getsn32.dll - Deleted
C:\WINDOWS\system32\msansspc.dll - Deleted
C:\WINDOWS\system32\smwin32.dll - Deleted



Folder C:\Program Files\GetModule - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 22:33:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\default.htm 1961 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

C:\WINDOWS\default.htm Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 13 Jan 2007 211 A.SHR --- "C:\BOOT.BAK"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 13 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 5 Apr 2007 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Wed 18 Jun 2008 20,992 ...H. --- "C:\Documents and Settings\Compaq_Owner\My Documents\~WRL0713.tmp"
Mon 19 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Mon 19 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"

Finished!

ComboFix 08-10-16.08 - maintenance 2008-10-16 22:53:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.57.1033.18.133 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\maintenance\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\default.htm
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\msiebbar.dll
D:\Autorun.inf

.
(((((((((((((((((( Archivos creados desde 2008-09-17 - 2008-10-17 )))))))))))))))))))))))))))))))))
.

2008-10-16 22:21 . 2008-10-16 22:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-16 22:18 . 2006-08-09 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-10-16 22:18 . 2006-08-09 23:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-10-16 22:18 . 2008-10-16 22:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-16 22:12 . 2008-10-16 22:36 <DIR> d-------- C:\SDFix
2008-10-14 04:55 . 2008-10-14 04:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 04:55 . 2008-10-14 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-13 23:16 . 2008-10-13 23:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 22:57 . 2006-08-09 23:53 <DIR> d-------- C:\Documents and Settings\maintenance\WINDOWS
2008-10-13 22:57 . 2006-08-09 23:54 <DIR> d-------- C:\Documents and Settings\maintenance\Application Data\Intuit
2008-10-13 22:57 . 2008-10-13 22:57 <DIR> d-------- C:\Documents and Settings\maintenance
2008-10-13 22:19 . 2008-10-14 15:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 22:19 . 2008-10-14 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 22:07 . 2008-10-12 22:07 <DIR> d-------- C:\Program Files\fhuuifg
2008-10-12 22:07 . 2008-10-12 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gfgpepip
2008-10-12 22:07 . 2008-10-12 22:07 86,016 --a------ C:\WINDOWS\system32\doxilglk.exe
2008-10-12 22:05 . 2008-10-12 22:05 85,008 --a------ C:\WINDOWS\system32\uesiuqcr.exe
2008-10-11 14:54 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-09-23 22:04 . 2008-09-23 22:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-18 10:33 . 2008-10-11 14:41 <DIR> d-------- C:\Program Files\Total Video Converter

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 20:41 --------- d-----w C:\Program Files\Google
2008-10-14 09:56 --------- d-----w C:\Program Files\Lavasoft
2008-10-14 03:58 --------- d-----w C:\Program Files\Web Publish
2008-10-11 21:09 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-18 15:28 --------- d-----w C:\Program Files\MySpace
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-19 23:49 --------- d-----w C:\Program Files\Common
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 180,269 2006-08-10 04:41:00 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 579,072 2007-12-21 14:31:14 C:\Program Files\Grisoft\AVG7\bak\avgcc.exe

----a-w 49,152 2007-03-12 02:34:40 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 16,384 2007-01-21 03:11:01 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe

----a-w 69,632 2006-05-10 17:32:32 C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe

----a-w 962,560 2007-12-31 14:29:04 C:\RECYCLER\S-1-5-21-1565522326-3426250061-394851068-1008\Dc274\bak\Ares.exe

----a-w 237,568 2005-07-23 05:14:00 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 817,152 2001-09-06 09:07:20 C:\WINDOWS\system32\bak\LXSUPMON.EXE

----a-w 36,864 2001-09-06 08:45:08 C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe

.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [N/A]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [N/A]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-05-09 C:\WINDOWS\system32\nwiz.exe]
"PCDrProfiler"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 219136]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-09 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-09 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-01-20 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrGenDsc"= {5742926E-6A89-8968-78A3-0B24A6950632} - C:\Program Files\fhuuifg\StrGenDsc.dll [2008-10-12 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenido de carpeta 'Tareas Programadas'

2008-10-17 C:\WINDOWS\Tasks\AE0706AE9184B796.job
- c:\docume~1\compaq~1\applic~1\aboutb~1\4 scr wipe.exe []
.
.
------- Análisis Suplementario -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 23:01:33
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Otros procesos en ejecución ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Tiempo completado: 2008-10-16 23:07:45 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-10-17 04:07:42

Pre-Run: 95,982,731,264 bytes free
Post-Run: 96,954,421,248 bytes free

160 --- E O F --- 2008-10-15 11:03:17

Sorry about the Spanish above. The computer is looking much better already. Thank you for your help!!!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:54 PM, on 10/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: StrGenDsc - {5742926E-6A89-8968-78A3-0B24A6950632} - C:\Program Files\fhuuifg\StrGenDsc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5484 bytes

Please download CleanUp! by stevengould.org and save it to your Desktop.

• Double-click CleanUp452.exe and install CleanUp! to your computer
• Open CleanUp! and click on Options.. button.
• Under General tab, choose Standard CleanUp! and then click Ok
• Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes
• Let your Windows rebooted (or do it manually) and continue with the next step

NEXT


1. Please open Notepad

• Click Start, then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\default.htm
C:\WINDOWS\system32\doxilglk.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Tasks\AE0706AE9184B796.job

Folder::
C:\Program Files\fhuuifg
C:\Documents and Settings\All Users\Application Data\gfgpepip

AWF::
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Grisoft\AVG7\bak\avgcc.exe
C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe
C:\WINDOWS\SMINST\bak\RECGUARD.EXE
C:\WINDOWS\system32\bak\LXSUPMON.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

ComboFix 08-10-16.08 - maintenance 2008-10-17 4:51:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.57.1033.18.132 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\maintenance\Desktop\ComboFix.exe
Comando de interruptores utilizados :: C:\Documents and Settings\maintenance\Desktop\cfscript.txt
* Creado un nuevo punto de restauración

FILE ::
C:\WINDOWS\default.htm
C:\WINDOWS\system32\doxilglk.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Tasks\AE0706AE9184B796.job
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\gfgpepip
C:\Documents and Settings\All Users\Application Data\gfgpepip\ylurcxkl.exe
C:\Program Files\fhuuifg
C:\Program Files\fhuuifg\StrGenDsc.dll
C:\WINDOWS\system32\doxilglk.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Tasks\AE0706AE9184B796.job

.
(((((((((((((((((( Archivos creados desde 2008-09-17 - 2008-10-17 )))))))))))))))))))))))))))))))))
.

2008-10-17 04:41 . 2008-10-17 04:41 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-16 22:21 . 2008-10-16 22:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-16 22:18 . 2006-08-09 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-10-16 22:18 . 2006-08-09 23:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-10-16 22:18 . 2008-10-16 22:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-16 22:12 . 2008-10-16 22:36 <DIR> d-------- C:\SDFix
2008-10-14 04:55 . 2008-10-14 04:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 04:55 . 2008-10-14 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-13 23:16 . 2008-10-13 23:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 22:57 . 2006-08-09 23:53 <DIR> d-------- C:\Documents and Settings\maintenance\WINDOWS
2008-10-13 22:57 . 2006-08-09 23:54 <DIR> d-------- C:\Documents and Settings\maintenance\Application Data\Intuit
2008-10-13 22:57 . 2008-10-13 22:57 <DIR> d-------- C:\Documents and Settings\maintenance
2008-10-13 22:19 . 2008-10-14 15:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 22:19 . 2008-10-14 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 14:54 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-09-23 22:04 . 2008-09-23 22:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-18 10:33 . 2008-10-11 14:41 <DIR> d-------- C:\Program Files\Total Video Converter

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 20:41 --------- d-----w C:\Program Files\Google
2008-10-14 09:56 --------- d-----w C:\Program Files\Lavasoft
2008-10-14 03:58 --------- d-----w C:\Program Files\Web Publish
2008-10-11 21:09 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-18 15:28 --------- d-----w C:\Program Files\MySpace
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-19 23:49 --------- d-----w C:\Program Files\Common
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-16_23.07.06.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-23 05:14:00 237,568 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
+ 2001-09-06 09:07:20 817,152 ----a-w C:\WINDOWS\system32\LXSUPMON.EXE
+ 2001-09-06 08:45:08 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-20 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-05-09 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 219136]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-09 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-09 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-01-20 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - HUÉRFANOS ELIMINADOS - - - -

HKLM-Run-HPBootOp - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
HKLM-Run-LogitechVideoRepair - C:\Program Files\Logitech\Video\ISStart.exe
HKLM-Run-PCDrProfiler - (no file)
SSODL-StrGenDsc-{5742926E-6A89-8968-78A3-0B24A6950632} - C:\Program Files\fhuuifg\StrGenDsc.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 04:58:19
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Otros procesos en ejecución ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Tiempo completado: 2008-10-17 5:02:51 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-10-17 10:02:47
ComboFix2.txt 2008-10-17 04:07:47

Pre-Run: 96,988,622,848 bytes free
Post-Run: 96,971,395,072 bytes free

155 --- E O F --- 2008-10-15 11:03:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:24 AM, on 10/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5369 bytes

Hello.. your AVG7 is outdated and no longer support by Grisoft. It has been replaced by AVG8.. More info below:

http://free.avg.com/


I strongly suggest you to uninstall AVG7 and replace it with ONLY ONE of these free antivirus below..

• Avira AntiVir Personal
• Avast! 4 Home Edition
• PC Tools Antivirus
• AVG Anti-Virus Free Edition 8.0

NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

Then, please download and install the latest Java from HERE

If you use Windows 64-bit, please download latest Java from HERE

GO HERE for more information




NEXT


Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
• Click Accept.
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. Kaspersky Online result
3. Tell me, how is your computer now?

Malwarebytes' Anti-Malware 1.29
Database version: 1280
Windows 5.1.2600 Service Pack 2

10/17/2008 7:41:48 PM
mbam-log-2008-10-17 (19-41-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 141217
Time elapsed: 2 hour(s), 12 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Add-on Setup (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\errclean (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\errclean\Data (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\errclean (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\errclean\Logs (Rogue.Errclean) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\uesiuqcr.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP566\A0044210.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP570\A0044256.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP570\A0044268.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045656.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045946.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045884.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045885.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045937.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045938.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045945.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045953.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP579\A0045955.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP581\A0046016.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP581\A0046017.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP583\A0046106.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP585\A0046233.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP585\A0046234.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046255.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046243.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046244.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046256.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046257.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046259.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046261.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046266.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046267.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046269.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046271.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP586\A0046272.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP587\A0046350.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP588\A0046584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\errclean\Data\ac (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\errclean\Data\em (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\errclean\Data\oid (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\errclean\Logs\update.log (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Waiting for your Kaspersky result

Sorry it took so long. The report took a long time compared to my other computers. I gave up and went to bed. The computer is running much better. I think it is still not quite there though. All of these scans seem to go slow.
I sure do thank you for all of your help.




KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 18, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 18, 2008 02:33:57
Records in database: 1320107
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 86257
Threat name: 10
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 02:09:38


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\gfgpepip\ylurcxkl.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.duy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\doxilglk.exe.vir Infected: Trojan.Win32.Obfuscated.vhz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiebbar.dll.vir Infected: Trojan-Downloader.Win32.Agent.wis 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.ajiq 1
C:\SDFix\backups\backups.zip Infected: not-a-virus:AdWare.Win32.Agent.fyz 3
C:\SDFix\backups\backups.zip Infected: not-a-virus:AdWare.Win32.BHO.dim 1
C:\SDFix\backups\backups.zip Infected: not-a-virus:AdWare.Win32.BHO.din 1
C:\SDFix\backups\backups.zip Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.az 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.ajmq 1
D:\I386\APPS\APP13206\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP13206\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.

All the Kaspersky find is only in quarantine folder.. Otherwise, looks good to me.. How is your computer now?

Run ComboFix once again and post the log here.. Then tell me about your computer behaviour

ComboFix 08-10-18.02 - maintenance 2008-10-18 16:37:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.57.1033.18.131 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\maintenance\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((( Archivos creados desde 2008-09-18 - 2008-10-18 )))))))))))))))))))))))))))))))))
.

2008-10-17 19:53 . 2008-10-17 19:52 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-17 19:53 . 2008-10-17 19:52 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-17 19:52 . 2008-10-17 19:52 <DIR> d-------- C:\Program Files\Java
2008-10-17 17:50 . 2008-10-18 00:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-17 17:26 . 2008-10-17 17:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 17:26 . 2008-10-17 17:26 <DIR> d-------- C:\Documents and Settings\maintenance\Application Data\Malwarebytes
2008-10-17 17:26 . 2008-10-17 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-17 17:26 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-17 17:26 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-17 17:20 . 2008-10-17 17:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-17 17:20 . 2008-10-17 17:23 <DIR> d-------- C:\Documents and Settings\maintenance\Application Data\AVGTOOLBAR
2008-10-17 17:20 . 2008-10-17 17:20 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-17 17:20 . 2008-10-17 17:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-17 17:19 . 2008-10-17 17:19 <DIR> d-------- C:\Program Files\AVG
2008-10-17 17:19 . 2008-10-17 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-17 04:41 . 2008-10-17 04:41 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-16 22:21 . 2008-10-16 22:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-16 22:18 . 2006-08-09 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-10-16 22:18 . 2006-08-09 23:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-10-16 22:18 . 2008-10-17 17:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-16 22:12 . 2008-10-16 22:36 <DIR> d-------- C:\SDFix
2008-10-14 04:55 . 2008-10-14 04:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 04:55 . 2008-10-14 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-13 23:16 . 2008-10-13 23:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 22:57 . 2006-08-09 23:53 <DIR> d-------- C:\Documents and Settings\maintenance\WINDOWS
2008-10-13 22:57 . 2006-08-09 23:54 <DIR> d-------- C:\Documents and Settings\maintenance\Application Data\Intuit
2008-10-13 22:57 . 2008-10-13 22:57 <DIR> d-------- C:\Documents and Settings\maintenance
2008-10-13 22:19 . 2008-10-14 15:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 22:19 . 2008-10-14 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 14:54 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-09-23 22:04 . 2008-09-23 22:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-18 10:33 . 2008-10-11 14:41 <DIR> d-------- C:\Program Files\Total Video Converter

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 00:41 --------- d-----w C:\Program Files\Common
2008-10-14 20:41 --------- d-----w C:\Program Files\Google
2008-10-14 09:56 --------- d-----w C:\Program Files\Lavasoft
2008-10-14 03:58 --------- d-----w C:\Program Files\Web Publish
2008-10-11 21:09 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-18 15:28 --------- d-----w C:\Program Files\MySpace
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-16_23.07.06.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-12 21:42:02 158,040 ----a-w C:\WINDOWS\hpoins15.dat
+ 2008-10-18 14:12:54 158,040 ----a-w C:\WINDOWS\hpoins15.dat
- 2008-06-15 03:42:16 167,936 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-10-18 14:18:10 167,936 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-06-15 03:42:16 2,560 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-10-18 14:18:10 2,560 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-06-15 03:42:16 34,304 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-10-18 14:18:09 34,304 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-06-15 03:42:16 8,192 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-10-18 14:18:10 8,192 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-06-15 03:42:16 3,584 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-10-18 14:18:10 3,584 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-06-15 03:42:17 114,688 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-10-18 14:18:10 114,688 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-06-15 03:42:16 16,384 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-10-18 14:18:09 16,384 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-06-15 03:42:16 30,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-10-18 14:18:09 30,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-06-15 03:42:17 22,528 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-10-18 14:18:10 22,528 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-06-15 03:42:16 45,056 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-10-18 14:18:09 45,056 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-06-15 03:42:16 90,112 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-10-18 14:18:09 90,112 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2005-07-23 05:14:00 237,568 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
- 2007-12-21 14:30:50 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-10-17 22:20:19 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-10-18 00:52:40 144,792 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-10-18 00:52:40 144,792 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-10-18 00:52:40 148,888 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2001-09-06 09:07:20 817,152 ----a-w C:\WINDOWS\system32\LXSUPMON.EXE
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 17:19:42 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2001-09-06 08:45:08 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
+ 2008-10-18 02:33:12 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f4.dat
.
-- Restablecer a la fecha actual de Snapshot --
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-01-20 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-17 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-17 136600]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-05-09 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-09 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-08-09 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-01-20 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-17 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-17 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-17 152984]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [ ]
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Análisis Suplementario -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 16:41:31
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-10-18 16:44:59
ComboFix-quarantined-files.txt 2008-10-18 21:44:54
ComboFix2.txt 2008-10-17 10:02:52
ComboFix3.txt 2008-10-17 04:07:47

Pre-Run: 96,607,535,104 bytes free
Post-Run: 96,747,954,176 bytes free

203 --- E O F --- 2008-10-18 02:40:54

The computer is running pretty good. It is a little slower than I like on the internet and opening programs. It belongs to my daughter and there are a lot of processes running. I really prefer to keep mine stripped down with mimimal overhead.
It is much better though. We aren't getting popups and stuff any more.

I should probably post a log from my computer. It has been about a year and the genuises at this hijackthis sites always find things. Is it better to post it as a new thread or just add it to this one?

Thanks again. I could never keep a computer running with all these web junkies in the house if it wasn't for folks like you. We really apreciate your time and effort.