[Kristina]

Hi! My computer is running slow and I suspect there might be some virus on it. I scanned it with the online Panda antivirus and it found something bad, but now I see the program is no longer free and won't remove it.

Edit: I have installed NOD32 antivirus, I don't know how good that is. I have been running without antivirus for 1-2 weeks trying to change it, so I'm afraid it has got infected in the meantime.

Is there something bad in the log? And is there other online antivirus now like Panda was? Please help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:02, on 09.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots....art/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6674 bytes

Edited by Kristina, 10 May 2008 - 01:20 AM.

[Advertisements]

Hello Kristina, the log doesn't look SO bad. And I think all online scans only detect now, and don't remove. But don't worry - they're still valuable diagnostics

We're also sorry for letting you slip through the cracks - we're a busy forum, and always try our best not to let that happen!

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Fix Entries with HijackThis
------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots....art/client/RAND

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Clean Temporary Files
------------------------------------------------
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Scan with Kaspersky WebScanner
------------------------------------------------
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

4. Deckard's System Scanner
------------------------------------------------
Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

• On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
• The entire scanning process will take about five minutes, often less.
• During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
• Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
• Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.

On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.

In your next post
------------------------------------------------

• Kaspersky WebScanner log
• DSS main.txt and extra.txt

[Chopin]

Hello Kristina, the log doesn't look SO bad. And I think all online scans only detect now, and don't remove. But don't worry - they're still valuable diagnostics

We're also sorry for letting you slip through the cracks - we're a busy forum, and always try our best not to let that happen!

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Fix Entries with HijackThis
------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots....art/client/RAND

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Clean Temporary Files
------------------------------------------------
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Scan with Kaspersky WebScanner
------------------------------------------------
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

4. Deckard's System Scanner
------------------------------------------------
Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

• On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
• The entire scanning process will take about five minutes, often less.
• During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
• Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
• Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.

On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.

In your next post
------------------------------------------------

• Kaspersky WebScanner log
• DSS main.txt and extra.txt

[Kristina]

Hi! Thank you for the reply!

1.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 14, 2008 2:47:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/05/2008
Kaspersky Anti-Virus database records: 772203
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
M:\

Scan Statistics:
Total number of scanned objects: 60074
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 1
Duration of the scan process: 01:39:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruxandra\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temp\IH1865.tmp Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temp\IH1866.tmp Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temp\Perflib_Perfdata_50c.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temporary Internet Files\Content.IE5\6ODEMU4W\2[1].jpg Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temporary Internet Files\Content.IE5\6ODEMU4W\2[2].jpg Object is locked skipped
C:\Documents and Settings\Ruxandra\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ruxandra\ntuser.dat.LOG Object is locked skipped
C:\Program Files\All to All ( MP3, OGG, WMA 8, WAV) converter+crack\Audio_Conversion_Wizard_Crack\acw.exe Suspicious: Packed.Win32.PePatch.dk skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\MSNCS\data\dpnsvrm.exe Infected: not-a-virus:Monitor.Win32.PowerSpy.e skipped
C:\Program Files\MSNCS\data\vssvcm.exe Infected: not-a-virus:Monitor.Win32.PowerSpy.e skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Ruxandra.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Ruxandra.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Ruxandra.log Object is locked skipped
C:\System Volume Information\_restore{A6CC010F-8049-43C6-8749-9D9D06AEBF11}\RP37\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A6CC010F-8049-43C6-8749-9D9D06AEBF11}\RP37\change.log Object is locked skipped
D:\Strongdc++\Incomplete\21.The Best Man.avi.6F6EP7C6WBFGXHFA4XIO3ZHPHIE7P5JMJSIKTKY.dctmp Object is locked skipped
D:\Strongdc++\Incomplete\3.The Bobbi Flekman Story.avi.HV6SAHWKNHY2ZBR23OULPICWWZ3JYW7ZBOCIO2Y.dctmp Object is locked skipped
D:\Strongdc++\Incomplete\10.Having His Baby.avi.4QPWLVL33KEV73SROEX5GCFZVQJXV2L43UROXBA.dctmp Object is locked skipped
E:\System Volume Information\_restore{A6CC010F-8049-43C6-8749-9D9D06AEBF11}\RP37\change.log Object is locked skipped
F:\System Volume Information\_restore{A6CC010F-8049-43C6-8749-9D9D06AEBF11}\RP37\change.log Object is locked skipped
F:\RealVNC Enterprise v4.2.6\setup.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
F:\RealVNC Enterprise v4.2.6\setup.exe Inno: infected - 1 skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\_restore{A6CC010F-8049-43C6-8749-9D9D06AEBF11}\RP37\change.log Object is locked skipped

Scan process completed.







2. main.txt

Deckard's System Scanner v20071014.68
Run by Ruxandra on 2008-05-14 14:54:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 352 MiB (512 MiB recommended).


-- HijackThis (run as Ruxandra.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:42, on 14.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\Ruxandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruxandra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6741 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 12:15:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-14 07:35:42 0 d-------- C:\WINDOWS\LastGood
2008-05-10 21:58:40 0 d-------- C:\Program Files\MSECache
2008-05-06 12:36:16 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-06 12:36:16 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-04-22 18:15:08 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-05-13 22:32:35 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\SolidDocuments
2008-04-30 00:48:42 0 d-------- C:\Program Files\AV Music Morpher Gold
2008-04-23 09:52:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 09:48:36 0 d-a------ C:\Program Files\Common Files
2008-04-20 14:25:56 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-16 12:33:46 0 d-------- C:\Program Files\Winamp
2008-04-11 11:13:52 0 d-------- C:\Program Files\Webshots
2008-04-08 23:54:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:04:18 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-30 20:17:02 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\Winamp
2008-03-28 01:21:28 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-03-27 11:16:10 0 --a------ C:\Autoexec.bat
2008-03-26 23:26:18 0 d-------- C:\Program Files\SpywareBlaster
2008-03-26 18:34:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 18:32:10 0 d-------- C:\Program Files\MSN Messenger
2008-03-26 18:29:17 0 d-------- C:\Program Files\Google
2008-03-26 18:29:14 0 d-------- C:\Program Files\eSnips
2008-03-22 19:49:03 0 d-------- C:\Program Files\Trend Micro
2008-03-20 16:39:27 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 16:35:07 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06.06.2005 23:46]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29.01.2008 17:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [06.05.2008 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11.06.2007 18:16]

C:\Documents and Settings\Ruxandra\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [26.11.2007 14:27:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-05-14 14:55:04 ------------



I couldn't find the extra.txt though. There wasn't a minimized window and neither something in the deckard folder.

[Chopin]

Hello Kristina, thanks for that info However I did notice something in your logs

C:\Program Files\All to All ( MP3, OGG, WMA 8, WAV) converter+crack

Cracks are very dangerous. Not only are they illegal, they can be the distributors of some of the nastiest malware around. My suggestion would to be avoid them at all costs, since this one might have been what infected you. It's happened to others; it can happen to you too.

Also, I would recommend that you keep NOD32; it is one of the best antivirus programs around.

Also, do you have RealVNC, WinVNC, or MSN Spy Monitor installed?

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Remove Rogue Anti-Spyware
------------------------------------------------
You have a program called ScanSpyware on your computer. Although this program seems legitimate, it is actually not; it is a scam written by people who want nothing better than to gleam you of a few dollars while doing absolutely nothing in the process. It is recommended that you should uninstall ScanSpyware. For more information, visit Spyware Warrior.

Please go to Start > Run. In the box that appears, type appwiz.cpl and press Enter. When the list finishes loading, uninstall these programs:

ScanSpyware

Reboot your computer.

2. Re-scan with DSS
------------------------------------------------
DSS is supposed to produce a log on the first run, but for some weird reason it didn't. We can fix that though

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back

[Kristina]

Hi! Thank you for the feedback!

I don't have any of the RealVNC, WinVNC, or MSN Spy Monitor installed. And I will stick to NOD32 then.

Also, what should I do with that crack program?


I tried to remove ScanSpyware, but it didn't appear in the program list.

I followed the steps and got the extra.txt though.


Deckard's System Scanner v20071014.68
Run by Ruxandra on 2008-05-15 13:24:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-15 10:24:32 UTC - RP39 - Deckard's System Scanner Restore Point
2: 2008-05-14 21:00:32 UTC - RP38 - Software Distribution Service 3.0
1: 2008-05-13 22:37:26 UTC - RP37 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 352 MiB (512 MiB recommended).


-- HijackThis (run as Ruxandra.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:49, on 15.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ruxandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruxandra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6790 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080325-212720-981 O24 - Desktop Component 0: (no name) - http://www.interstud...ue_iglesias.jpg
backup-20080326-200549-149 O4 - S-1-5-21-220523388-1645522239-682003330-1003 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
backup-20080327-162739-858 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
backup-20080514-121147-567 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots....art/client/RAND

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>

S3 catchme - c:\docume~1\ruxandra\locals~1\temp\catchme.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe <Not Verified; VoyagerSoft, LLC; Solid Converter PDF>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 696)
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-19 14:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2007-04-10 11:30:46 200064 --a------ C:\WINDOWS\system32\WgaLogon.dll <Not Verified; Microsoft Corporation; Windows Genuine Advantage>

C:\WINDOWS\system32\svchost.exe (pid 900)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1012)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-06 12:35:43 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 1728)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-11 18:16:02 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Messenger>

C:\WINDOWS\system32\svchost.exe (pid 372)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-13 21:55:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-09 17:16:49 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-14 12:15:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 21:58:40 0 d-------- C:\Program Files\MSECache
2008-05-06 12:36:16 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-06 12:36:16 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-04-22 18:15:08 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-05-14 18:26:28 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\SolidDocuments
2008-04-30 00:48:42 0 d-------- C:\Program Files\AV Music Morpher Gold
2008-04-23 09:52:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 09:48:36 0 d-a------ C:\Program Files\Common Files
2008-04-20 14:25:56 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-16 12:33:46 0 d-------- C:\Program Files\Winamp
2008-04-11 11:13:52 0 d-------- C:\Program Files\Webshots
2008-04-08 23:54:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:04:18 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-30 20:17:02 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\Winamp
2008-03-28 01:21:28 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-03-27 11:16:10 0 --a------ C:\Autoexec.bat
2008-03-26 23:26:18 0 d-------- C:\Program Files\SpywareBlaster
2008-03-26 18:34:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 18:32:10 0 d-------- C:\Program Files\MSN Messenger
2008-03-26 18:29:17 0 d-------- C:\Program Files\Google
2008-03-26 18:29:14 0 d-------- C:\Program Files\eSnips
2008-03-22 19:49:03 0 d-------- C:\Program Files\Trend Micro
2008-03-20 16:39:27 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 16:35:07 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06.06.2005 23:46]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29.01.2008 17:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [06.05.2008 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11.06.2007 18:16]

C:\Documents and Settings\Ruxandra\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [26.11.2007 14:27:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7631 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-15 13:26:02 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Unknown CPU Typ
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 351.48 MiB / 97.66 MiB
Pagefile Memory (total/avail): 1237.38 MiB / 867.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 2.14 GiB free.
D: is Fixed (FAT32) - 13.66 GiB total, 7.29 GiB free.
E: is Fixed (FAT32) - 13.66 GiB total, 7.75 GiB free.
F: is Fixed (FAT32) - 1.17 GiB total, 0.27 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)
M: is Fixed (NTFS) - 232.88 GiB total, 141.94 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 28.52 GiB - D: - E: - F:

\\.\PHYSICALDRIVE1 - WDC WD2500AAJB-00WGA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - M:

\\.\PHYSICALDRIVE2 - Canon MP460Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"="C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"F:\\utorrent\\utorrent.exe"="F:\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe"="C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\Strongdc++\\StrongDC.exe"="D:\\Strongdc++\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ruxandra\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADINA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ruxandra
LOGONSERVER=\\ADINA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
USERDOMAIN=ADINA
USERNAME=Ruxandra
USERPROFILE=C:\Documents and Settings\Ruxandra
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ruxandra (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AV Music Morpher Gold --> C:\Program Files\AV Music Morpher Gold\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Free Video to JPG Converter version 1.2 --> "C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 1.3 --> "C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Ruxandra\uninst.exe
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21176 / Error
Event Submitted/Written: 05/13/2008 05:54:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application webshots.scr, version 3.0.0.7243, faulting module webshots.scr, version 3.0.0.7243, fault address 0x0009f7fc.
Processing media-specific event for [webshots.scr!ws!]

Event Record #/Type21170 / Error
Event Submitted/Written: 05/13/2008 00:19:35 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application winamp.exe, version 5.5.3.1938, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21127 / Error
Event Submitted/Written: 05/07/2008 00:28:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application nero.exe, version 6.6.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21115 / Warning
Event Submitted/Written: 05/06/2008 04:24:58 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{00300409-78E1-11D2-B60F-006097C998E7}', feature 'ProofingToolsFiles_ITA' failed during request for component '{E938403E-9432-11D2-900A-00805F9B1201}'

Event Record #/Type21092 / Warning
Event Submitted/Written: 05/06/2008 00:00:13 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3029 / Error
Event Submitted/Written: 05/15/2008 08:21:20 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3027 / Error
Event Submitted/Written: 05/15/2008 08:21:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3026 / Error
Event Submitted/Written: 05/15/2008 08:21:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3025 / Error
Event Submitted/Written: 05/15/2008 08:21:17 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3024 / Error
Event Submitted/Written: 05/15/2008 08:21:17 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}



-- End of Deckard's System Scanner: finished at 2008-05-15 13:26:02 ------------

[Chopin]

Hello Kristina, don't worry about ScanSpyware, I will get it Don't worry about the crack program either, I will get that too

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Run OTMoveIt2
------------------------------------------------
If you haven't already, please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Program Files\ScanSpyware v3.8
  C:\Program Files\All to All ( MP3, OGG, WMA 8, WAV) converter+crack

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2. Scan with ActiveScan
------------------------------------------------
Please go HERE to run Panda's ActiveScan.

Note:You must use Internet Explorer for this scan.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

In your next post
------------------------------------------------

• OTMoveIt2 log
• ActiveScan log
• How's your computer?

[Kristina]

Hi! The link for OTmoveIt2 doesn't seem to be working for me now. I had used the program some time ago, but now I removed it. I couldn't find a different link so if there isn't another I guess I'll wait..maybe it's a temporary problem with the site.

Edited by Kristina, 17 May 2008 - 02:03 PM.

[Chopin]

Hello Kristina, not to worry, we always have alternatives The site that OTMoveIt2 is hosted on is apparently down at the moment.

Can you follow the instructions in my previous post, but substitute this step one for that step one:

1. Run a ComboFix Script
------------------------------------------------
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open internet browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  

  -----------------------------------------------------------

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

1. Please open a blank Notepad document.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\ScanSpyware v3.8
C:\Program Files\All to All ( MP3, OGG, WMA 8, WAV) converter+crack

3. Go to File > Save As. Save the file name as CFScript and make sure "Text Documents (*.txt)" is selected in "Save as type". Save it to where you saved Combofix.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. If it asks you to reboot, let it reboot. Either way, a Combofix log will be made. Post that in your next reply.

[Kristina]

Hello! It seems I'm still in trouble...I don't know why but several links started not to work for me. Happened with other sites and also the combo links you posted. However I mananged to download it from bleepingcomputer forum. I disabled NOD antivirus and AVG antispyware and ran Combofix...then comp restarted but when waiting for the log same problem appeared as it also did at the beginning. 'Regt' not recognised or smth like this...and it doesn't give me the log.

Maybe I still need to disable a program, but I couldn't see the list because the link won't work...

Edit: also the antivirus and AVG load again at start-up. I stopped them before running combofix, but I don't know how to disable them from startup.

Edited by Kristina, 20 May 2008 - 08:52 AM.

[Chopin]

Hello Kristina, that does sound like trouble. Let's get a new scan to see what just happened.

1. Re-scan with DSS
------------------------------------------------
Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back

[Kristina]

Hi! The problem is still there...I can hardly access any links except from google or from favourites.


Deckard's System Scanner v20071014.68
Run by Ruxandra on 2008-05-22 10:46:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-05-22 07:46:12 UTC - RP47 - Deckard's System Scanner Restore Point
10: 2008-05-21 14:20:08 UTC - RP46 - System Checkpoint
9: 2008-05-20 14:10:03 UTC - RP45 - ComboFix created restore point
8: 2008-05-19 14:08:02 UTC - RP44 - System Checkpoint
7: 2008-05-18 13:20:20 UTC - RP43 - System Checkpoint


-- First Restore Point --
1: 2008-05-13 22:37:26 UTC - RP37 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 352 MiB (512 MiB recommended).


-- HijackThis (run as Ruxandra.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\Ruxandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruxandra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF18459.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9741D652-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd1.exe (file missing)
O9 - Extra 'Tools' menuitem: PCVoz. Extract page Text - {9741D652-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd1.exe (file missing)
O9 - Extra button: (no name) - {9741D65D-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd2.exe (file missing)
O9 - Extra 'Tools' menuitem: PCVoz. Read current frame - {9741D65D-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd2.exe (file missing)
O9 - Extra button: (no name) - {F7F22BAE-FA71-11D6-A72A-F9DDE093273B} - C:\Program Files\PCVoz8\pcviecmd3.exe (file missing)
O9 - Extra 'Tools' menuitem: PCVoz. Read document - {F7F22BAE-FA71-11D6-A72A-F9DDE093273B} - C:\Program Files\PCVoz8\pcviecmd3.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7537 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080325-212720-981 O24 - Desktop Component 0: (no name) - http://www.interstud...ue_iglesias.jpg
backup-20080326-200549-149 O4 - S-1-5-21-220523388-1645522239-682003330-1003 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
backup-20080327-162739-858 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
backup-20080514-121147-567 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots....art/client/RAND

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe <Not Verified; VoyagerSoft, LLC; Solid Converter PDF>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 692)
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-19 14:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2007-04-10 11:30:46 200064 --a------ C:\WINDOWS\system32\WgaLogon.dll <Not Verified; Microsoft Corporation; Windows Genuine Advantage>

C:\WINDOWS\system32\svchost.exe (pid 896)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1000)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-06 12:35:43 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1776)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 420)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-22 12:44:32 250368 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2005-03-22 11:49:38 466944 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PCSCM>
2007-06-11 18:16:02 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Messenger>
2007-02-27 13:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2006-09-14 01:20:24 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-01-04 15:41:58 110592 --a------ C:\Program Files\eSnips\SnipContextMenu.dll <Not Verified; eSnips Ltd.; SnipContextMenu>
2008-05-06 12:35:42 57344 --a------ C:\Program Files\ESET\nodshex.dll
2006-12-28 23:20:26 28160 --a------ C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll <Not Verified; ABBYY Software; ABBYY FineReader>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 21:55:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-09 17:16:49 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-20 17:14:04 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-20 17:09:34 68096 --a------ C:\WINDOWS\zip.exe
2008-05-20 17:09:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-20 17:09:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 17:09:34 98816 --a------ C:\WINDOWS\sed.exe
2008-05-20 17:09:34 80412 --a------ C:\WINDOWS\grep.exe
2008-05-20 17:09:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 17:09:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 17:09:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-18 14:56:44 0 d-------- C:\WINDOWS\Lhsp
2008-05-18 14:54:20 0 d-------- C:\WINDOWS\speech
2008-05-18 14:53:11 57856 --a------ C:\WINDOWS\system32\pcvsrtools.dll
2008-05-18 14:53:03 0 d-------- C:\Program Files\PCVoz8
2008-05-18 14:52:44 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-14 12:15:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 21:58:40 0 d-------- C:\Program Files\MSECache
2008-05-06 12:36:16 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-06 12:36:16 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-04-22 18:15:08 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-05-22 01:50:05 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\SolidDocuments
2008-04-30 00:48:42 0 d-------- C:\Program Files\AV Music Morpher Gold
2008-04-23 09:52:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 09:48:36 0 d-a------ C:\Program Files\Common Files
2008-04-20 14:25:56 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-16 12:33:46 0 d-------- C:\Program Files\Winamp
2008-04-11 11:13:52 0 d-------- C:\Program Files\Webshots
2008-04-08 23:54:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:04:18 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-30 20:17:02 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\Winamp
2008-03-28 01:21:28 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-03-27 11:16:10 0 --a------ C:\Autoexec.bat
2008-03-26 23:26:18 0 d-------- C:\Program Files\SpywareBlaster
2008-03-26 18:34:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 18:32:10 0 d-------- C:\Program Files\MSN Messenger
2008-03-26 18:29:17 0 d-------- C:\Program Files\Google
2008-03-26 18:29:14 0 d-------- C:\Program Files\eSnips
2008-03-22 19:49:03 0 d-------- C:\Program Files\Trend Micro
2008-03-20 16:39:27 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 16:35:07 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-06 12:35]
"combofix"="C:\WINDOWS\system32\CF18459.exe" [2004-08-04 05:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]

C:\Documents and Settings\Ruxandra\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-11-26 14:27:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-05-22 10:47:28 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Unknown CPU Typ
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 351.48 MiB / 96.26 MiB
Pagefile Memory (total/avail): 1237.38 MiB / 918.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 1.89 GiB free.
D: is Fixed (FAT32) - 13.66 GiB total, 10.91 GiB free.
E: is Fixed (FAT32) - 13.66 GiB total, 7.51 GiB free.
F: is Fixed (FAT32) - 1.17 GiB total, 0.27 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)
M: is Fixed (NTFS) - 232.88 GiB total, 138.04 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 28.52 GiB - D: - E: - F:

\\.\PHYSICALDRIVE1 - WDC WD2500AAJB-00WGA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - M:

\\.\PHYSICALDRIVE2 - Canon MP460Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"="C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"F:\\utorrent\\utorrent.exe"="F:\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe"="C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\Strongdc++\\StrongDC.exe"="D:\\Strongdc++\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ruxandra\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADINA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ruxandra
LOGONSERVER=\\ADINA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
USERDOMAIN=ADINA
USERNAME=Ruxandra
USERPROFILE=C:\Documents and Settings\Ruxandra
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ruxandra (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AV Music Morpher Gold --> C:\Program Files\AV Music Morpher Gold\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Free Video to JPG Converter version 1.2 --> "C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 1.3 --> "C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 Espańol --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Ruxandra\uninst.exe
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21449 / Error
Event Submitted/Written: 05/20/2008 11:08:16 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 251092335.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type21448 / Error
Event Submitted/Written: 05/20/2008 11:08:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pcvoz.exe, version 2.0.0.107, faulting module msvbvm50.dll, version 5.2.82.44, fault address 0x00058dc9.
Processing media-specific event for [pcvoz.exe!ws!]

Event Record #/Type21209 / Warning
Event Submitted/Written: 05/16/2008 11:47:36 PM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Event Record #/Type21208 / Error
Event Submitted/Written: 05/16/2008 11:47:36 PM
Event ID/Source: 3006 / LoadPerf
Event Description:
Unable to read the performance counter strings of the 018 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Event Record #/Type21194 / Error
Event Submitted/Written: 05/15/2008 01:50:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application YahooMessenger.exe, version 8.1.0.402, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3358 / Error
Event Submitted/Written: 05/22/2008 10:33:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3357 / Error
Event Submitted/Written: 05/22/2008 10:33:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3354 / Error
Event Submitted/Written: 05/22/2008 10:32:37 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3353 / Error
Event Submitted/Written: 05/22/2008 10:32:35 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3329 / Warning
Event Submitted/Written: 05/21/2008 10:36:47 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-05-22 10:47:28 ------------

Edited by Kristina, 22 May 2008 - 02:05 AM.

[Kristina]

Edit: I removed now the O9 entries with PCVoz using Hijackthis, I think it was a scam program which didn't uninstall right.

But links still don't really work.


The new logs:


Deckard's System Scanner v20071014.68
Run by Ruxandra on 2008-05-22 10:59:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
11: 2008-05-22 07:46:12 UTC - RP47 - Deckard's System Scanner Restore Point
10: 2008-05-21 14:20:08 UTC - RP46 - System Checkpoint
9: 2008-05-20 14:10:03 UTC - RP45 - ComboFix created restore point
8: 2008-05-19 14:08:02 UTC - RP44 - System Checkpoint
7: 2008-05-18 13:20:20 UTC - RP43 - System Checkpoint


-- First Restore Point --
1: 2008-05-13 22:37:26 UTC - RP37 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 352 MiB (512 MiB recommended).


-- HijackThis (run as Ruxandra.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\Ruxandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruxandra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF18459.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6640 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080325-212720-981 O24 - Desktop Component 0: (no name) - http://www.interstud...ue_iglesias.jpg
backup-20080326-200549-149 O4 - S-1-5-21-220523388-1645522239-682003330-1003 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
backup-20080327-162739-858 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
backup-20080514-121147-567 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots....art/client/RAND
backup-20080522-105430-201 O9 - Extra button: (no name) - {9741D652-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd1.exe (file missing)
backup-20080522-105430-363 O9 - Extra 'Tools' menuitem: PCVoz. Read current frame - {9741D65D-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd2.exe (file missing)
backup-20080522-105430-452 O9 - Extra 'Tools' menuitem: PCVoz. Read document - {F7F22BAE-FA71-11D6-A72A-F9DDE093273B} - C:\Program Files\PCVoz8\pcviecmd3.exe (file missing)
backup-20080522-105430-565 O9 - Extra button: (no name) - {F7F22BAE-FA71-11D6-A72A-F9DDE093273B} - C:\Program Files\PCVoz8\pcviecmd3.exe (file missing)
backup-20080522-105430-833 O9 - Extra 'Tools' menuitem: PCVoz. Extract page Text - {9741D652-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd1.exe (file missing)
backup-20080522-105430-852 O9 - Extra button: (no name) - {9741D65D-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd2.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe <Not Verified; VoyagerSoft, LLC; Solid Converter PDF>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 692)
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-19 14:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2007-04-10 11:30:46 200064 --a------ C:\WINDOWS\system32\WgaLogon.dll <Not Verified; Microsoft Corporation; Windows Genuine Advantage>

C:\WINDOWS\system32\svchost.exe (pid 896)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1000)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-06 12:35:43 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1776)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 420)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-22 12:44:32 250368 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2005-03-22 11:49:38 466944 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PCSCM>
2007-06-11 18:16:02 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Messenger>
2007-02-27 13:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2006-09-14 01:20:24 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-01-04 15:41:58 110592 --a------ C:\Program Files\eSnips\SnipContextMenu.dll <Not Verified; eSnips Ltd.; SnipContextMenu>
2008-05-06 12:35:42 57344 --a------ C:\Program Files\ESET\nodshex.dll
2006-12-28 23:20:26 28160 --a------ C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll <Not Verified; ABBYY Software; ABBYY FineReader>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-20 21:55:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-09 17:16:49 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-20 17:14:04 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-20 17:09:34 68096 --a------ C:\WINDOWS\zip.exe
2008-05-20 17:09:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-20 17:09:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 17:09:34 98816 --a------ C:\WINDOWS\sed.exe
2008-05-20 17:09:34 80412 --a------ C:\WINDOWS\grep.exe
2008-05-20 17:09:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 17:09:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 17:09:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-18 14:56:44 0 d-------- C:\WINDOWS\Lhsp
2008-05-18 14:54:20 0 d-------- C:\WINDOWS\speech
2008-05-18 14:53:11 57856 --a------ C:\WINDOWS\system32\pcvsrtools.dll
2008-05-18 14:53:03 0 d-------- C:\Program Files\PCVoz8
2008-05-18 14:52:44 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-14 12:15:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 21:58:40 0 d-------- C:\Program Files\MSECache
2008-05-06 12:36:16 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-06 12:36:16 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-04-22 18:15:08 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-05-22 01:50:05 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\SolidDocuments
2008-04-30 00:48:42 0 d-------- C:\Program Files\AV Music Morpher Gold
2008-04-23 09:52:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 09:48:36 0 d-a------ C:\Program Files\Common Files
2008-04-20 14:25:56 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-16 12:33:46 0 d-------- C:\Program Files\Winamp
2008-04-11 11:13:52 0 d-------- C:\Program Files\Webshots
2008-04-08 23:54:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:04:18 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-30 20:17:02 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\Winamp
2008-03-28 01:21:28 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-03-27 11:16:10 0 --a------ C:\Autoexec.bat
2008-03-26 23:26:18 0 d-------- C:\Program Files\SpywareBlaster
2008-03-26 18:34:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 18:32:10 0 d-------- C:\Program Files\MSN Messenger
2008-03-26 18:29:17 0 d-------- C:\Program Files\Google
2008-03-26 18:29:14 0 d-------- C:\Program Files\eSnips
2008-03-22 19:49:03 0 d-------- C:\Program Files\Trend Micro
2008-03-20 16:39:27 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 16:35:07 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-06 12:35]
"combofix"="C:\WINDOWS\system32\CF18459.exe" [2004-08-04 05:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]

C:\Documents and Settings\Ruxandra\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-11-26 14:27:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-05-22 11:00:43 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Unknown CPU Typ
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 351.48 MiB / 93.95 MiB
Pagefile Memory (total/avail): 1237.38 MiB / 916.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.01 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 1.89 GiB free.
D: is Fixed (FAT32) - 13.66 GiB total, 10.91 GiB free.
E: is Fixed (FAT32) - 13.66 GiB total, 7.51 GiB free.
F: is Fixed (FAT32) - 1.17 GiB total, 0.27 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)
M: is Fixed (NTFS) - 232.88 GiB total, 138.04 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 28.52 GiB - D: - E: - F:

\\.\PHYSICALDRIVE1 - WDC WD2500AAJB-00WGA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - M:

\\.\PHYSICALDRIVE2 - Canon MP460Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"="C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"F:\\utorrent\\utorrent.exe"="F:\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe"="C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\Strongdc++\\StrongDC.exe"="D:\\Strongdc++\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ruxandra\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADINA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ruxandra
LOGONSERVER=\\ADINA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
USERDOMAIN=ADINA
USERNAME=Ruxandra
USERPROFILE=C:\Documents and Settings\Ruxandra
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ruxandra (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AV Music Morpher Gold --> C:\Program Files\AV Music Morpher Gold\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Free Video to JPG Converter version 1.2 --> "C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 1.3 --> "C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 Espańol --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Ruxandra\uninst.exe
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21449 / Error
Event Submitted/Written: 05/20/2008 11:08:16 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 251092335.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type21448 / Error
Event Submitted/Written: 05/20/2008 11:08:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pcvoz.exe, version 2.0.0.107, faulting module msvbvm50.dll, version 5.2.82.44, fault address 0x00058dc9.
Processing media-specific event for [pcvoz.exe!ws!]

Event Record #/Type21209 / Warning
Event Submitted/Written: 05/16/2008 11:47:36 PM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Event Record #/Type21208 / Error
Event Submitted/Written: 05/16/2008 11:47:36 PM
Event ID/Source: 3006 / LoadPerf
Event Description:
Unable to read the performance counter strings of the 018 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Event Record #/Type21194 / Error
Event Submitted/Written: 05/15/2008 01:50:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application YahooMessenger.exe, version 8.1.0.402, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3358 / Error
Event Submitted/Written: 05/22/2008 10:33:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3357 / Error
Event Submitted/Written: 05/22/2008 10:33:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3354 / Error
Event Submitted/Written: 05/22/2008 10:32:37 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3353 / Error
Event Submitted/Written: 05/22/2008 10:32:35 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type3329 / Warning
Event Submitted/Written: 05/21/2008 10:36:47 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-05-22 11:00:43 ------------

Edited by Kristina, 22 May 2008 - 02:06 AM.

[Rorschach112]

Hello

Fredil is away

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log and tell me how your PC is running

[Kristina]

Malwarebytes' Anti-Malware 1.12
Database version: 779

Scan type: Quick Scan
Objects scanned: 35964
Time elapsed: 17 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12, on 2008-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF18459.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.photobucket.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6736 bytes




The RogueAntispyware seems to be gone now.
The computer seems a little faster now, but the problem with the links remains.

Edited by Kristina, 23 May 2008 - 04:14 AM.

[Rorschach112]

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.