[porcupine]

Spam is somehow being sent "from" my email address. I know this because:
a) I have had messages returned as undeliverable to addresses I hadn't sent email to.
b) I received a spam message from myself (!)

Email I'm sending is being blocked because ISP think I'm scum. I really need your help.

My OS is XP and I have service pack 2. I run AVG regularly and adaware and spybot every once in a while. BTW, I'm computer literate, but I don't speak geek, so don't get too technical with me please

I have changed my internet password and started scanning for threats. The norton online virus scan worked, (showing I had 2 problems, trojan.wimad and adware.memory meter) but the security scan wouldn't run. Also my adaware shut down mid scan.

My computer is functioning, but it has been slow for a long time.

I performed all the scans etc. that you ask for. Here are the logs. I just want to mention that when I got to the end of the panda scan, you say to click the Save Report button. There wasn't such a button, but I saved it another way.

Malwarebytes log:
Malwarebytes' Anti-Malware 1.19
Database version: 920
Windows 5.1.2600 Service Pack 2

10:55:34 AM 7/4/2008
mbam-log-7-4-2008 (10-55-34).txt

Scan type: Quick Scan
Objects scanned: 58637
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------

Super Anti-Spyware log:

SUPERAntiSpyware Scan Log
Generated 07/04/2008 at 01:11 PM

Application Version : 3.6.1000

Core Rules Database Version : 3497
Trace Rules Database Version: 1488

Scan type : Complete Scan
Total Scan Time : 02:07:35

Memory items scanned : 467
Memory threats detected : 0
Registry items scanned : 5837
Registry threats detected : 0
File items scanned : 122655
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\user@mediaonenetwork[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
---------------------------------------------------------------------------------------

PandaScan Results

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-04 14:20:30
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 Yes No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00018457 adware/purityscan Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B7D753B-1981-4bd2-91F3-6D055EE113A0}
00029007 adware/tvmedia Adware No 0 Yes No c:\program files\tv media
00035917 adware/ist.sidefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind
00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}
00110908 adware/localnrd Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD}
00122029 Dialer.OK Dialers No 0 Yes No C:\!KillBox\internazionale_ver3.INF
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Cookies\[email protected][2].txt
00194009 Dialer.BVG Dialers No 0 Yes No C:\!KillBox\VoiceCall.exe
00247251 Adware/MyDailyHoroscope Adware No 0 Yes No C:\WINDOWS\SYSTEM32\PATCH.EXE
00461206 Adware/TVMedia Adware Yes 1 Yes No C:\WINDOWS\System32\mad.dll
00975655 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{08B91451-9E1F-4C76-AF0C-42A26585C885}\RP321\A0048118.DLL
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location 2
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description 2
;===============================================================================
=================================================================================
===================
120815 HIGH MS06-022 2
;===============================================================================
=================================================================================
===================


-----------------------------------------------------------------------------------
Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:01 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.a.../ICSScanner.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mad.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

End of file - 8739 bytes

-----------------------------------------------------
Uninstall log

????? ???? Windows XP (KB898461)?
????? ???? Windows XP (KB900485)?
????? ???? Windows XP (KB904942)?
????? ???? Windows XP (KB908531)?
????? ???? Windows XP (KB910437)?
????? ???? Windows XP (KB911280)?
????? ???? Windows XP (KB916595)?
????? ???? Windows XP (KB920872)?
????? ???? Windows XP (KB922582)?
????? ???? Windows XP (KB927891)?
????? ???? Windows XP (KB930916)?
????? ???? Windows XP (KB931836)?
????? ???? Windows XP (KB932823-v3)?
????? ???? Windows XP (KB933360)?
????? ???? Windows XP (KB936357)?
????? ???? Windows XP (KB938828)?
????? ???? Windows XP (KB942763)?
????? ????? ???? Windows Internet Explorer 7 (KB937143)?
????? ????? ???? Windows Internet Explorer 7 (KB938127)?
????? ????? ???? Windows Internet Explorer 7 (KB939653)?
????? ????? ???? Windows Internet Explorer 7 (KB942615)?
????? ????? ???? Windows Internet Explorer 7 (KB944533)?
????? ????? ???? Windows Internet Explorer 7 (KB950759)?
????? ????? ???? Windows Media Player 10? (KB917734)
????? ????? ???? Windows Media Player 10? (KB936782)
????? ????? ???? Windows Media Player 6.4? (KB925398)
????? ????? ???? Windows Media Player? (KB911564)
????? ????? ???? Windows XP (KB890046)?
????? ????? ???? Windows XP (KB893756)?
????? ????? ???? Windows XP (KB896358)?
????? ????? ???? Windows XP (KB896423)?
????? ????? ???? Windows XP (KB896424)?
????? ????? ???? Windows XP (KB896428)?
????? ????? ???? Windows XP (KB899587)?
????? ????? ???? Windows XP (KB899591)?
????? ????? ???? Windows XP (KB900725)?
????? ????? ???? Windows XP (KB901017)?
????? ????? ???? Windows XP (KB901190)?
????? ????? ???? Windows XP (KB901214)?
????? ????? ???? Windows XP (KB902400)?
????? ????? ???? Windows XP (KB904706)?
????? ????? ???? Windows XP (KB905414)?
????? ????? ???? Windows XP (KB905749)?
????? ????? ???? Windows XP (KB908519)?
????? ????? ???? Windows XP (KB911562)?
????? ????? ???? Windows XP (KB911567)?
????? ????? ???? Windows XP (KB911927)?
????? ????? ???? Windows XP (KB912919)?
????? ????? ???? Windows XP (KB913580)?
????? ????? ???? Windows XP (KB914388)?
????? ????? ???? Windows XP (KB914389)?
????? ????? ???? Windows XP (KB917159)?
????? ????? ???? Windows XP (KB917344)?
????? ????? ???? Windows XP (KB917422)?
????? ????? ???? Windows XP (KB917953)?
????? ????? ???? Windows XP (KB918118)?
????? ????? ???? Windows XP (KB918899)?
????? ????? ???? Windows XP (KB919007)?
????? ????? ???? Windows XP (KB920213)?
????? ????? ???? Windows XP (KB920214)?
????? ????? ???? Windows XP (KB920670)?
????? ????? ???? Windows XP (KB920683)?
????? ????? ???? Windows XP (KB920685)?
????? ????? ???? Windows XP (KB921398)?
????? ????? ???? Windows XP (KB921503)?
????? ????? ???? Windows XP (KB921883)?
????? ????? ???? Windows XP (KB922616)?
????? ????? ???? Windows XP (KB922819)?
????? ????? ???? Windows XP (KB923191)?
????? ????? ???? Windows XP (KB923414)?
????? ????? ???? Windows XP (KB923980)?
????? ????? ???? Windows XP (KB924191)?
????? ????? ???? Windows XP (KB924270)?
????? ????? ???? Windows XP (KB924496)?
????? ????? ???? Windows XP (KB924667)?
????? ????? ???? Windows XP (KB925486)?
????? ????? ???? Windows XP (KB925902)?
????? ????? ???? Windows XP (KB926255)?
????? ????? ???? Windows XP (KB926436)?
????? ????? ???? Windows XP (KB927779)?
????? ????? ???? Windows XP (KB927802)?
????? ????? ???? Windows XP (KB928255)?
????? ????? ???? Windows XP (KB928843)?
????? ????? ???? Windows XP (KB929123)?
????? ????? ???? Windows XP (KB930178)?
????? ????? ???? Windows XP (KB931261)?
????? ????? ???? Windows XP (KB931784)?
????? ????? ???? Windows XP (KB932168)?
????? ????? ???? Windows XP (KB933566)?
????? ????? ???? Windows XP (KB933729)?
????? ????? ???? Windows XP (KB935839)?
????? ????? ???? Windows XP (KB935840)?
????? ????? ???? Windows XP (KB936021)?
????? ????? ???? Windows XP (KB938829)?
????? ????? ???? Windows XP (KB941202)?
????? ????? ???? Windows XP (KB941568)?
????? ????? ???? Windows XP (KB941644)?
????? ????? ???? Windows XP (KB941693)?
????? ????? ???? Windows XP (KB943055)?
????? ????? ???? Windows XP (KB943460)?
????? ????? ???? Windows XP (KB943485)?
????? ????? ???? Windows XP (KB944653)?
????? ????? ???? Windows XP (KB945553)?
????? ????? ???? Windows XP (KB946026)?
????? ????? ???? Windows XP (KB948590)?
????? ????? ???? Windows XP (KB948881)?
????? ????? ???? Windows XP (KB950749)?
????? ????? ???? Windows XP (KB950760)?
????? ????? ???? Windows XP (KB950762)?
????? ????? ???? Windows XP (KB951376)?
????? ????? ???? Windows XP (KB951376-v2)?
????? ????? ???? Windows XP (KB951698)?
????? ????? ???? Windows XP? (KB923689)
????? ????? ???? Windows XP? (KB941569)
??÷?? ?? ???? Windows Internet Explorer 7 (KB947864)?
??÷?? ?? ???? Windows XP (KB914440)?
Ad-Aware 2007
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Apple Mobile Device Support
Apple Software Update
AVG 7.5
Baldur's Gate™ II - Shadows of Amn™
CardRd81
CCHelp
CCScore
Check Point SSL Network Extender
CleanUp!
C-Media 3D Audio
Cortona® VRML Client
CR2
DesignPro 5.0 Limited Edition
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
FirstClass® Client
Google Earth
Google Toolbar for Internet Explorer
Google Updater
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows XP (KB915865)
ICQ6
InstallRTC
iTunes
iTunes Library Updater
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech SetPoint
Longman iBT
Macromedia Flash 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 English Language Pack
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Mini Calculator
Mozilla Firefox (2.0)
MP3 Player Utilities 3.68
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero - Burning Rom
Net MD Simple Burner
Neverwinter Nights
Notifier
NVIDIA Drivers
OfotoXMI
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Limited Patch 3.2-03-04-17-02
OpenMG Secure Module 3.2
OTtBP
OTtBPSDK
Panda ActiveScan 2.0
PCDLNCH
Picasa 2
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update ???? Microsoft .NET Framework 2.0 - KB928365
SFR
SFR2
Shareaza 2.3.1.0
SiS 900 PCI Fast Ethernet Adapter Driver
Skype™ 3.6
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
VCAMCEN
Vidlizard
VPRINTOL
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
Workrave 1.8.4
World of Warcraft
WOW
Xenofex 1.0
Xerox Phaser 3116



Thanks very much for your help. I really need it.

[Advertisements]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[loophole]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[porcupine]

Combofix report

ComboFix 08-07-04.1 - user 2008-07-04 20:47:47.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1255.1.1037.18.150 [GMT 3:00]
Running from: C:\Documents and Settings\user\שולחן העבודה\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-04 15:17 . 2008-07-04 15:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-04 13:27 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-04 10:58 . 2008-07-04 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-04 10:42 . 2008-07-04 10:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-04 10:42 . 2008-07-04 10:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-07-04 10:42 . 2008-07-04 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 09:44 . 2008-07-04 09:44 <DIR> d-------- C:\Program Files\ICQ6
2008-06-26 13:31 . 2008-06-26 13:32 <DIR> d-------- C:\Deckard
2008-06-26 13:09 . 2008-06-26 13:09 <DIR> d-------- C:\ie-spyad_zo
2008-06-26 12:58 . 2008-06-26 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 09:21 . 2008-06-26 09:21 <DIR> d-------- C:\Program Files\Panda Security
2008-06-12 07:18 . 2008-06-12 07:18 <DIR> d-------- C:\WINDOWS\system32\Cult3D
2008-06-11 07:33 . 2008-06-14 20:59 271,488 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 17:59 271,488 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-20 16:20 --------- d-----w C:\Program Files\iTunes
2008-05-20 16:20 --------- d-----w C:\Program Files\iPod
2008-05-20 16:13 --------- d-----w C:\Program Files\Apple Software Update
2008-05-19 05:23 --------- d-----w C:\Documents and Settings\user\Application Data\Move Networks
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,281,024 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,281,024 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-23 19:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-09 16:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-11 08:19 22 ----a-w C:\Documents and Settings\user\dd.bat
2007-07-11 08:19 22 ----a-w C:\Documents and Settings\user\dc.bat
2005-12-29 13:33 56 --sh--r C:\WINDOWS\system32\FFA4342F1A.sys
2007-06-29 16:55 8,544 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-16 08:33 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-16 08:33 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-25 00:47 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12 473928]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-21 07:07 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-21 07:07 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 05:25 579584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nwiz"="nwiz.exe" [2005-07-21 07:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 05:26 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPGL"= jpgl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^תפריט התחלה^תוכניות^הפעלה^Antivirus live update.lnk]
path=C:\Documents and Settings\user\תפריט התחלה\תוכניות\הפעלה\Antivirus live update.lnk
backup=C:\WINDOWS\pss\Antivirus live update.lnkStartup
=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-27 02:53 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-07-21 07:07 7110656 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-07-21 07:07 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-01 08:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-21 07:07 1519616 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"D:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\World of Warcraft\\WoW-2.3.0-enGB-downloader.exe"=
"C:\\Program Files\\WC3\\Warcraft III.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 cpextender;Check Point SSL Network Extender;C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2006-06-12 08:57]
R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2006-06-12 08:57]

.
Contents of the 'Scheduled Tasks' folder
"2004-10-13 21:59:04 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-07-03 07:03:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-zBrowser Launcher - C:\Program Files\Logitech\iTouch\iTouch.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
MSConfigStartUp-CSV7P88 - C:\Program Files\CSBB\CSV7P88.exe
MSConfigStartUp-EM_EXEC - C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
MSConfigStartUp-ICQ Lite - C:\Program Files\ICQLite\ICQLite.exe
MSConfigStartUp-IncrediMail - C:\PROGRA~1\INCRED~1\bin\IncMail.exe
MSConfigStartUp-LXSUPMON - C:\WINDOWS\System32\LXSUPMON.EXE
MSConfigStartUp-Media Access - C:\Program Files\Media Access\MediaAccK.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-TV Media - C:\Program Files\TV Media\Tvm.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 20:52:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\GCASDTSERV.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRAM FILES\WORKRAVE\LIB\WORKRAVE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2008-07-04 20:54:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 17:54:46

Pre-Run: 6,624,935,936 bytes free
Post-Run: 6,783,827,968 bytes free

202 --- E O F --- 2008-06-20 20:31:03
------------------------------------------------------------------------------
Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:34 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.a.../ICSScanner.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8128 bytes

Thanks!!!

[loophole]

I believe I see the culprit, it looks relatively new so lets run a quick check to make sure

Virscan File Submission:

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\drivers\pavboot.sys
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

[porcupine]

VirSCAN.org Scanned Report :
Scanner results: All Scanners reported not find malware!
File Name : pavboot.sys
File Size : 28544 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : 210a628a0d7b3f45257850efbff27538
SHA1 : 9220768745cd6b2e22554f41425aae1e889dd5a0
Online report : http://virscan.org/r...b187dfbbef.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.18 2008.07.02 2008-07-02 3.55 -
AhnLab V3 2008.07.05.00 2008.07.05 2008-07-05 2.07 -
AntiVir 7.8.0.64 7.0.5.52 2008-07-04 13.47 -
Arcavir 1.0.4 200807041351 2008-07-04 7.37 -
AVAST! 1.0.8 080704-2 2008-07-04 11.16 -
AVG 7.5.51.442 270.4.5/1535 2008-07-04 11.17 -
BitDefender 7.60825.1338894 7.19853 2008-07-05 15.05 -
CA (VET) 9.0.0.143 31.6.5927 2008-07-04 1.53 -
ClamAV 0.93 7554 2008-06-25 0.00 -
Comodo 2.11 2.0.0.575 2008-07-04 4.40 -
CP Secure 1.1.0.715 2008.07.05 2008-07-05 26.44 -
Dr.Web 4.44.0.9170 2008.07.04 2008-07-04 17.55 -
ewido 4.0.0.2 2008.07.04 2008-07-04 2.92 -
F-Prot 4.4.1.52 20080704 2008-07-04 5.44 -
F-Secure 5.51.6100 2008.07.04.05 2008-07-04 15.51 -
Fortinet 2.81-3.11 9.273 2008-07-05 2.03 -
ViRobot 20080704 2008.07.04 2008-07-04 1.36 -
Ikarus T3.1.01.26 2008.07.04.71033 2008-07-04 10.37 -
JiangMin 11.0.706 2008.07.04 2008-07-04 1.81 -
Kaspersky 5.5.10 2008.07.04 2008-07-04 0.04 -
KingSoft 2008.1.14.15 2008.7.4.17 2008-07-04 0.98 -
McAfee 5.2.00 5332 2008-07-04 6.06 -
Microsoft 1.3704 2008.07.02 2008-07-02 5.66 -
mks_vir 2.01 2008.07.02 2008-07-02 7.51 -
Norman 5.93.01 5.93.00 2008-07-04 19.94 -
Panda 9.04.03 2008.07.04 2008-07-04 1.95 -
Trend Micro 8.700-1004 5.384.11 2008-07-04 0.04 -
Quick Heal 9.50 2008.07.04 2008-07-04 0.93 -
Rising 20.0 20.51.42.00 2008-07-04 1.34 -
Sophos 2.74.1 4.30 2008-07-05 7.26 -
Sunbelt 3.1.1509.1 2120 2008-07-03 0.77 -
Symantec 1.3.0.24 20080704.003 2008-07-04 0.27 -
nProtect 2008-07-04.00 1629390 2008-07-04 3.35 -
The Hacker 6.2.96 v00371 2008-07-04 0.81 -
VBA32 3.12.6.8 20080704.1208 2008-07-04 3.11 -
VirusBuster 4.5.11.10 10.79.1/594378 2008-06-19 2.34 -

[loophole]

Hi

When did this problem start?

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit. Please post the log with a new Hijack log

[porcupine]

Hi Loophole

I did the express scan. No viruses were found.

I started the longer scan and walked away. When I came back, I saw that it wasn't running. I press ctrl +alt +del to see if it was not responding, and the application wasn't even listed in the applications tab. I'm going to close it and try again.

[porcupine]

I tried to close Dr. Web, but nothing worked. I couldn't close it from the application in ctrl +alt + del, because it didn't appear there. I deleted it from the processes but that didn't help. What do I do now?

Oh, and in answer to your question, I'm not really sure when the problem started. It's possible that my computer has been used to send email for a long time without my knowing it.

[porcupine]

Sorry for the multiple posts. I was able to close it in the end. Restarted the scan. I'll post the results if I get that far, or let you know if it freezes.

[loophole]

Is it still sending spam? or do you know?

[porcupine]

How would I know for sure if it is sending email?

The way I found out that it was sending spam was first because I received a spam email with my email address. This happened a few months ago. About a week ago, I forwarded a message to a group of friends and got back a message that the message couldn't be delivered to 2 of the addresses I wanted to send to, but also other messages I never wanted to send to. This had me worried.

It's also happened a number of times that messages that I send to people who use yahoo or hotmail get rejected. I contacted my ISP, they looked into the matter (this was a week ago). They were actually pretty useless, but they did tell me that hotmail has blocked all mail from my ISP. I don'tknow if the problem has been resolved or not.

I know that I've had TV media for ages. I tried to get rid of it in the past, but never succeeded.

My computer functions, but it runs slower that I think it should.

The scan is still running...

[porcupine]

Hi Loophole,

Here are the results of the scan, and hijack this below. Am I still infected?

patch.exe;C:\WINDOWS\system32;Adware.MDH.8;;
mad.dll;C:\WINDOWS\system32;Probably BACKDOOR.Trojan;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\user\שולחן העבודה\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\user\שולחן העבודה;Archive contains infected objects;Moved.;
A0051027.EXE;C:\System Volume Information\_restore{08B91451-9E1F-4C76-AF0C-42A26585C885}\RP334;Program.PsExec.170;;
A0052108.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{08B91451-9E1F-4C76-AF0C-42A26585C885}\RP334\A0052108.exe;Program.PsExec.171;;
A0052108.exe;C:\System Volume Information\_restore{08B91451-9E1F-4C76-AF0C-42A26585C885}\RP334;Archive contains infected objects;Moved.;
84558640.FIL;C:\$VAULT$.AVG;Trojan.Cipher.116;Deleted.;

---------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:10 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.a.../ICSScanner.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8025 bytes

THANKS!

[loophole]

Hi

Just do the following and all should be clean, let me know how it goes

Browse for and delete tehese two files:

C:\WINDOWS\system32\patch.exe
C:\WINDOWS\system32\mad.dll

Follow These directions for flushing system restore

[porcupine]

Ok, I did what you suggested. Is there some kind of scan that I should do to see if I got rid of all the nasties?

BTW, it's nighttime here. Hope to hear from you before I go to sleep.

Thanks for now.

[loophole]

Sure

Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Then the scan will begin
• When the scan completes, click the Save button on the right of Scan details
• Save it to a convenient location. Post the contents of the TotalScan report