[lostsoul77]

Thanx a lot,you've saved me a lot of headache. When i ran renv the program showed that the files could not be found. Your advice also saved my printer. With the infected files gone,i downloaded and reinstalled the printer software. Now it prints. Can u tell me of any free anti-spyware software that a resident shield and scanner like Avast anti-virus.
Thanks again. I'll run combofix again this afternoon and reply.

[Advertisements]

http://www.spywareterminator.com/
As far as I am aware, that is free with resident memory protection.
There is a list of others here, some are paid however.

[sarahw]

http://www.spywareterminator.com/
As far as I am aware, that is free with resident memory protection.
There is a list of others here, some are paid however.

[lostsoul77]

I'll try it.Here's the combofix log.
ComboFix 08-05-01.3 - Mr.Joe L 2008-05-08 15:18:29.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.845 [GMT -4:00]
Running from: C:\Documents and Settings\Mr.Joe L\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-08 14:04 . 2008-05-08 14:04 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-07 09:04 . 2008-05-07 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-07 08:52 . 2008-05-07 09:07 104,549 --a------ C:\WINDOWS\hpoins04.dat
2008-05-07 08:52 . 2004-06-22 08:04 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-05-06 20:07 . 2008-05-06 20:07 <DIR> d-------- C:\Documents and Settings\Mr.Joe L\Application Data\Ahead
2008-05-06 15:13 . 2007-12-23 09:54 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-05-06 15:13 . 2007-12-23 09:54 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-05-04 13:14 . 2008-05-04 13:14 <DIR> d-------- C:\_OTMoveIt
2008-05-01 17:26 . 2007-11-28 11:49 104,217 --------- C:\WINDOWS\hpoins04.dat.temp
2008-05-01 17:26 . 2004-06-22 09:04 17,176 --------- C:\WINDOWS\hpomdl04.dat.temp
2008-05-01 14:32 . 2008-05-01 14:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 14:32 . 2008-05-01 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 13:19 . 2008-05-01 13:19 <DIR> d-------- C:\Documents and Settings\Mr.Joe L\Application Data\Malwarebytes
2008-05-01 13:19 . 2008-05-01 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 13:18 . 2008-05-01 14:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 20:57 . 2008-04-30 20:57 <DIR> d-------- C:\Documents and Settings\Mr.Joe L\Application Data\Ulead Systems
2008-04-30 20:28 . 2008-04-30 20:29 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-30 20:28 . 2008-04-30 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-30 19:58 . 2008-04-30 19:58 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-30 19:58 . 2008-04-30 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-25 04:58 . 2008-04-25 21:17 385 --a------ C:\WINDOWS\BeatBox.INI
2008-04-25 04:58 . 2008-04-25 21:16 376 --a------ C:\WINDOWS\Sampler.INI
2008-04-25 04:58 . 2008-04-25 21:16 28 --a------ C:\WINDOWS\Robota.INI
2008-04-25 04:36 . 2006-07-18 00:03 49,152 --a------ C:\WINDOWS\system32\mgxasio2.dll
2008-04-21 19:37 . 2008-04-21 20:01 <DIR> d-------- C:\Program Files\EPSON
2008-04-21 19:37 . 2001-03-05 11:15 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
2008-04-21 19:37 . 2000-06-07 10:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-04-21 19:37 . 2000-06-26 11:20 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-04-21 19:37 . 2000-09-14 11:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2008-04-20 00:33 . 2008-04-26 01:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-20 00:33 . 2008-05-08 14:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-18 13:36 . 2008-04-21 09:43 1,704 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 09:53 . 2008-04-20 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cbwvufqb
2008-04-10 13:56 . 2005-09-20 10:31 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-10 13:49 . 2007-12-23 09:53 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-04-10 13:49 . 2007-12-23 09:53 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-04-10 13:49 . 2005-09-20 10:32 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-04-08 22:19 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-08 22:19 . 2006-03-30 18:39 368,640 --a------ C:\WINDOWS\system32\ReWire.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 18:04 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-08 18:04 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\uTorrent
2008-05-07 13:04 --------- d-----w C:\Program Files\HP
2008-05-07 01:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-07 00:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-06 23:14 --------- d-----w C:\Program Files\DesignPro
2008-05-06 21:19 --------- d-----w C:\Program Files\Unlocker
2008-05-06 19:13 --------- d-----w C:\Program Files\QuickTime
2008-05-06 16:41 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\Vso
2008-05-01 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 00:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-25 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-04-25 08:42 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-04-21 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 16:06 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\LimeWire
2008-04-21 14:19 --------- d-----w C:\Program Files\Java
2008-04-10 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 04:44 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\SprillBermudeEng
2008-04-01 18:43 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\Sahmon Games
2008-03-31 06:12 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\ViquaSoft
2008-03-22 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-21 04:54 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\GetRightToGo
2008-03-20 21:13 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-20 00:23 --------- d-----w C:\Program Files\MagicISO
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 03:45 --------- d-----w C:\Program Files\Easy Video Joiner
2008-03-13 18:31 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-02 17:17 47,360 -c--a-w C:\Documents and Settings\Mr.Joe L\Application Data\pcouffin.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 18:49 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-01-18 06:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-12-26 23:29 360576 87b872f35f67bd199e0a93812673ed5b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-18 00:35 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-18 00:34 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-23 09:54 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-23 09:53 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-23 09:53 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-09 12:14 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.fraunhoferacm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mr.Joe L^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Mr.Joe L\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-12-23 02:19 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-23 13:04 89024 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-12-23 09:54 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2007-09-14 15:15]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]
R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-22 01:00]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
S3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-22 01:00]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;F:\Program Files\Common\Database\bin\fbserver.exe [2005-11-17 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb40058-da94-11dc-b41e-89e9512d523d}]
\Shell\AutoRun\command - H:\Launch.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 15:22:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-08 15:25:31
ComboFix-quarantined-files.txt 2008-05-08 19:24:25
ComboFix2.txt 2008-05-04 17:21:12
ComboFix3.txt 2008-04-30 23:27:50
ComboFix4.txt 2008-04-18 18:12:02
ComboFix5.txt 2008-03-15 04:32:02

Pre-Run: 27,799,044,096 bytes free
Post-Run: 28,260,503,552 bytes free

178 --- E O F --- 2008-05-08 18:05:14
I didn't reinstall poweriso but i still see it in my program files. Also,how do iclean my registry w/a registry cleaner?
Thank U.

[sarahw]

1.
1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\All Users\Application Data\cbwvufqb

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, please post the Combofix.txt log in your reply


2.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


3.
Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.


4.
Click HERE and run an online scan with Kaspersky WebScanner

• Click on Kaspersky Online Scanner
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
• Scan Options:
  Scan Archives
  Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information into your next post.
[/list]

[sarahw]

I didn't reinstall poweriso but i still see it in my program files. Also,how do iclean my registry w/a registry cleaner?

I dont understand, do you want to remove PowerISO? or are you trying to reinstall it?

You dont need to clean your registry, the registry is ok as it is. The only thing that should be removed from the registry is Malicous Software like Virus's and Malware. An Anti Virus and Anti Spyware program will do this for you.
If you have a folder on your hard drive, it doesn't slow down your computer as it just sits there and does nothing. Empty registry keys are the same. Its not in use, so its fine if its left there.
I have alot of people who complain that there computer does not work after using a registry cleaner program. They often have to format their computer.
Did you have a specific error or problem with your registry (Other than the Malware infections)?

[lostsoul77]

Happy Mothers Day. I'll keep the poweriso program. Here is the combofix log:
ComboFix 08-05-01.3 - Mr.Joe L 2008-05-11 15:09:48.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.888 [GMT -4:00]
Running from: C:\Documents and Settings\Mr.Joe L\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mr.Joe L\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\cbwvufqb
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-08 21:19 . 2008-05-09 14:21 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-08 17:30 . 2008-05-08 17:30 <DIR> d-------- C:\Program Files\Gateway
2008-05-08 17:21 . 2008-05-08 17:21 <DIR> d-------- C:\cabs
2008-05-08 17:15 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-05-08 17:15 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-05-08 17:15 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-05-08 17:15 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-08 17:15 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-05-08 17:15 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-05-08 17:15 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-05-08 17:15 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-05-07 09:04 . 2008-05-07 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-07 08:52 . 2008-05-07 09:07 104,549 --a------ C:\WINDOWS\hpoins04.dat
2008-05-07 08:52 . 2004-06-22 08:04 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-05-06 20:07 . 2008-05-08 21:20 <DIR> d-------- C:\Documents and Settings\Mr.Joe L\Application Data\Ahead
2008-05-06 15:13 . 2007-12-23 09:54 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-05-06 15:13 . 2007-12-23 09:54 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-05-04 13:14 . 2008-05-04 13:14 <DIR> d-------- C:\_OTMoveIt
2008-05-01 17:26 . 2007-11-28 11:49 104,217 --------- C:\WINDOWS\hpoins04.dat.temp
2008-05-01 17:26 . 2004-06-22 09:04 17,176 --------- C:\WINDOWS\hpomdl04.dat.temp
2008-05-01 14:32 . 2008-05-01 14:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 14:32 . 2008-05-01 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 13:19 . 2008-05-01 13:19 <DIR> d-------- C:\Documents and Settings\Mr.Joe L\Application Data\Malwarebytes
2008-05-01 13:19 . 2008-05-01 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 13:18 . 2008-05-01 14:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 20:57 . 2008-04-30 20:57 <DIR> d-------- C:\Documents and Settings\Mr.Joe L\Application Data\Ulead Systems
2008-04-30 20:28 . 2008-04-30 20:29 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-30 20:28 . 2008-04-30 20:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-30 19:58 . 2008-04-30 19:58 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-30 19:58 . 2008-04-30 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-25 04:58 . 2008-04-25 21:17 385 --a------ C:\WINDOWS\BeatBox.INI
2008-04-25 04:58 . 2008-04-25 21:16 376 --a------ C:\WINDOWS\Sampler.INI
2008-04-25 04:58 . 2008-04-25 21:16 28 --a------ C:\WINDOWS\Robota.INI
2008-04-25 04:36 . 2006-07-18 00:03 49,152 --a------ C:\WINDOWS\system32\mgxasio2.dll
2008-04-21 19:37 . 2008-04-21 20:01 <DIR> d-------- C:\Program Files\EPSON
2008-04-21 19:37 . 2001-03-05 11:15 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
2008-04-21 19:37 . 2000-06-07 10:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-04-21 19:37 . 2000-06-26 11:20 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-04-21 19:37 . 2000-09-14 11:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2008-04-20 00:33 . 2008-04-26 01:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-20 00:33 . 2008-05-08 16:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-18 13:36 . 2008-04-21 09:43 1,704 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 09:53 . 2008-04-20 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cbwvufqb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 18:41 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-11 18:41 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\uTorrent
2008-05-09 21:37 --------- d-----w C:\Program Files\DesignPro
2008-05-09 15:14 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\Vso
2008-05-07 13:04 --------- d-----w C:\Program Files\HP
2008-05-07 01:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-07 00:05 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-06 21:19 --------- d-----w C:\Program Files\Unlocker
2008-05-06 19:13 --------- d-----w C:\Program Files\QuickTime
2008-05-01 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 00:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-25 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-04-25 08:42 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-04-21 16:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 16:06 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\LimeWire
2008-04-21 14:19 --------- d-----w C:\Program Files\Java
2008-04-10 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 04:44 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\SprillBermudeEng
2008-04-01 18:43 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\Sahmon Games
2008-03-31 06:12 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\ViquaSoft
2008-03-22 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-21 04:54 --------- d-----w C:\Documents and Settings\Mr.Joe L\Application Data\GetRightToGo
2008-03-20 21:13 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-20 00:23 --------- d-----w C:\Program Files\MagicISO
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 03:45 --------- d-----w C:\Program Files\Easy Video Joiner
2008-03-13 18:31 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-02 17:17 47,360 -c--a-w C:\Documents and Settings\Mr.Joe L\Application Data\pcouffin.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 18:49 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-01-18 06:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-12-26 23:29 360576 87b872f35f67bd199e0a93812673ed5b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-18 00:35 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-02-18 00:34 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-23 09:54 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-23 09:53 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-23 09:53 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-09 12:14 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= xl_yv12.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mr.Joe L^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Mr.Joe L\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-12-23 02:19 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-01-23 13:04 89024 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-12-23 09:54 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2007-09-14 15:15]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]
R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-22 01:00]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
S3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-22 01:00]
S3 XIRLINK;Gateway PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2001-08-01 07:49]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;F:\Program Files\Common\Database\bin\fbserver.exe [2005-11-17 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb40058-da94-11dc-b41e-89e9512d523d}]
\Shell\AutoRun\command - H:\Launch.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 15:13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 15:17:12
ComboFix-quarantined-files.txt 2008-05-11 19:16:10
ComboFix2.txt 2008-05-08 19:25:32
ComboFix3.txt 2008-05-04 17:21:12
ComboFix4.txt 2008-04-30 23:27:50
ComboFix5.txt 2008-04-18 18:12:02

Pre-Run: 28,004,151,296 bytes free
Post-Run: 28,040,450,048 bytes free

184 --- E O F --- 2008-05-08 18:05:14

[sarahw]

Hi,
Have you done the Mbam scan or the Kapersky scan?

[lostsoul77]

I'm sorry i have not. Thanks the reminder. I'm on it.

[lostsoul77]

Good Morning,here's the MBam scan log.
Malwarebytes' Anti-Malware 1.12
Database version: 744

Scan type: Full Scan (C:\|)
Objects scanned: 88014
Time elapsed: 25 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[lostsoul77]

Sorry about the double reply. Here is the online virus scan. Thanx again!!!
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-13 07:33:00 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 768228
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
H:\

Scan Statistics:
Total number of scanned objects: 55053
Number of viruses found: 5
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:06:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\Temp\~DF9C33.tmp Object is locked skipped
C:\Documents and Settings\Mr.Joe L\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mr.Joe L\My Documents\Misc\Anti-fiters\erica anti-fix\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mr.Joe L\My Documents\Misc\Anti-fiters\erica anti-fix\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Mr.Joe L\My Documents\Misc\Anti-fiters\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mr.Joe L\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mr.Joe L\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\info.exe Infected: Trojan-Spy.Win32.Zbot.aif skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\LimeWire\clean up man b gizzle.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EAC80183-2020-4DED-8958-14D3ECFBCA04}\RP24\change.log Object is locked skipped
C:\System Volume Information\_restore{EAC80183-2020-4DED-8958-14D3ECFBCA04}\RP8\A0001992.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
C:\System Volume Information\_restore{EAC80183-2020-4DED-8958-14D3ECFBCA04}\RP8\A0001992.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{EAC80183-2020-4DED-8958-14D3ECFBCA04}\RP8\A0001992.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{EAC80183-2020-4DED-8958-14D3ECFBCA04}\RP8\A0001992.exe RarSFX: infected - 3 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SAE7CF58B.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CDCEFD7F-6E6F-4624-B4CB-CC8A0B0961D8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_468.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[sarahw]

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Program Files\LimeWire\clean up man b gizzle.mp3
  C:\Documents and Settings\All Users\Application Data\cbwvufqb

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Updating Java and Clearing Cache

• Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
• It will say "Java Plug-in" under the icon.
  Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
• If you are unable to update you can manually update by going here:
  
  • http://www.java.com/en/download/manual.jsp
• After the reboot, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  Downloaded Applets
  Downloaded Applications
  Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

Tell me how the computer is running.

[lostsoul77]

C:\Program Files\LimeWire\clean up man b gizzle.mp3 moved successfully.
C:\Documents and Settings\All Users\Application Data\cbwvufqb moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05172008_021257

[sarahw]

Please download OTCleanIt from HERE to your desktop.
Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.


Congratulations, your log is now clean.

A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.
Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.


Free Online Scans:
Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.

• Kapersky online scan
• Panda Online Scan
• F-Secure Online Scan
• TrendMicro HouseCall online scan
• Bit Defender online scan

Free Temp Cleaners:
Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.

• CCleaner
• ATF Cleaner

Free Firewall Downloads:
You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.

• ZoneAlarm
• Kerio Firewall

Free Anti Spyware Downloads:
An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.

• AVG Antispyware
• A-Squared Antispyware
• SpywareGuard
• SpywareBlaster
• SpywareTerminator
• Spybot Search & Destroy
• Ad Aware

Free Anti Virus Downloads:
A must have for all computers. Avast! recommended.

• SpywareTerminator With ClamAV Enabled.
• AntiVir
• Avast!
• Grisoft AVG
• Bit Defender Free
• a² Free
• Comodo BOClean
• SuperAntiSpyware

Other:

• SpywareGuard
  Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
• IE-SpyAd
  This tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
• Memtest86
  Great memory testing software.
• CPU-Z
  This application gives detailed information about your system in a nice layout
• Speedfan
  Returns and monitors system temperatures.
• Windows Updates
  It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You can now Rehide your system files by using the reversal of these instructions HERE



To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read THIS article by Tony Klein.


If you have any other problems or questions be sure to ask.

[lostsoul77]

Thanks a million. I'm hoping this dos'nt happen again, but if so thanks to u i'm ready. I'll take a look at some of the programs that u suggested, as i already have a few of them now. Thanks again.

Edited by lostsoul77, 19 May 2008 - 05:27 AM.

[sarahw]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.