[Mihaela]

Hello!
Please help me to fix my PC. I have this notice on my desktop: VIRUS ALERT. I can't see the partition C and D.
tKS

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-08 20:45:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-08 20:46:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\QuickInstallPack.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: QXK Olive - {73044EAD-C67A-4673-81E0-191EA6653B7B} - C:\WINDOWS\nfavxwdbsxo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: iercptbho - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\iercpt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: fdkowvbp - {CB43E6DF-F6E4-4464-8AE2-F680AD49185E} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickInstallPack] "C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\QuickInstallPack.exe" /autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Cursors" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\ime" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_15] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Cursors" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\ime" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_13] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_14] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_15] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RDS.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZKxdm022YYRO
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark...en/AMClient.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...etup1.0.1.0.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8B3D553-44C6-4825-8CE0-A7266DD648C3}: NameServer = 213.154.124.1 62.231.96.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: - http://www.ejobs.ro/user/

--
End of file - 13027 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 WFIOCTL - c:\program files\winfast\wfdtv\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-08 20:01:00 0 d-------- C:\Program Files\Lavasoft
2008-08-08 20:00:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-08 19:57:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 01:59:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-27 01:18:46 0 d-------- C:\WINDOWS\privacy_danger
2008-07-26 23:38:23 0 d-------- C:\My Downloads
2008-07-26 23:23:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-07-26 23:23:03 380928 --a------ C:\WINDOWS\nfavxwdbsxo.dll
2008-07-26 23:23:02 86016 --a------ C:\WINDOWS\grswptdl.exe
2008-07-26 23:23:02 200704 --a------ C:\WINDOWS\eqvwamkl.dll
2008-07-26 23:23:02 94208 --a------ C:\WINDOWS\edbo.exe
2008-07-26 23:23:01 188416 --a------ C:\WINDOWS\fdkowvbp.dll
2008-07-26 23:20:43 0 d--h----- C:\$AVG8.VAULT$
2008-07-26 22:13:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-25 23:56:52 98304 --a------ C:\WINDOWS\system32\qttask.exe <Not Verified; Apple Computer, Inc.; QuickTime>
2008-07-25 23:55:21 0 d-------- C:\WINDOWS\system32\QuickTime
2008-07-25 23:55:16 1581056 --a------ C:\WINDOWS\system32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-25 23:55:16 1122304 --a------ C:\WINDOWS\system32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-25 23:55:16 1552384 --a------ C:\WINDOWS\system32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-25 23:55:16 1650688 --a------ C:\WINDOWS\system32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2008-07-25 23:55:16 65536 --a------ C:\WINDOWS\system32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-25 23:55:16 65536 --a------ C:\WINDOWS\system32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-25 23:55:16 19968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-07-25 23:55:15 77824 --a------ C:\WINDOWS\system32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-25 23:55:15 77824 --a------ C:\WINDOWS\system32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2008-07-25 23:55:14 152064 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-25 23:55:13 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-25 23:55:10 0 d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-07-25 23:42:52 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-25 23:42:47 0 d-------- C:\Program Files\AVG
2008-07-25 23:42:47 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-25 23:34:26 0 d-------- C:\Program Files\Anark


-- Find3M Report ---------------------------------------------------------------

2008-08-08 19:57:35 0 d-------- C:\Program Files\Common Files
2008-08-08 19:41:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-07-27 01:25:17 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2008-07-25 23:05:36 0 d-------- C:\Program Files\Java
2008-07-05 11:01:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-07-02 17:11:57 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 17:11:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-27 19:37:51 0 d-------- C:\Program Files\BitComet
2008-06-27 19:35:12 0 d-------- C:\Program Files\DC++
2008-06-09 21:02:11 0 d-------- C:\Program Files\Google
2008-05-23 08:25:59 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
06/11/2008 22:33: VIRUS ALERT! 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73044EAD-C67A-4673-81E0-191EA6653B7B}]
07/26/2008 17:14: VIRUS ALERT! 380928 --a------ C:\WINDOWS\nfavxwdbsxo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4CDC21D-43BE-4101-A1EF-E379F134771E}]
08/08/2008 19:41: VIRUS ALERT! 110592 --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\iercpt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [03/16/2007 09:06: VIRUS ALERT!]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [02/12/2007 19:16: VIRUS ALERT!]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [02/12/2007 17:22: VIRUS ALERT!]
"M1000Mnt"="M1000Rmv.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27: VIRUS ALERT!]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [05/23/2008 08:25: VIRUS ALERT!]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [05/23/2008 08:25: VIRUS ALERT!]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [05/23/2008 08:25: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38: VIRUS ALERT!]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 23:42: VIRUS ALERT!]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [07/25/2008 23:56: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 18:43: VIRUS ALERT!]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [05/23/2008 08:25: VIRUS ALERT!]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/10/2008 22:02: VIRUS ALERT!]
"QuickInstallPack"="C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\QuickInstallPack.exe" [07/26/2008 23:38: VIRUS ALERT!]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)
"NoToolbarCustomize"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2008-08-08 20:46:44 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4000+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1022.42 MiB / 438.52 MiB
Pagefile Memory (total/avail): 2461.15 MiB / 2037.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.93 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 11.85 GiB free.
D: is Fixed (NTFS) - 54.99 GiB total, 46.22 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380815AS - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TEST-DC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\TEST-DC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=TEST-DC
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
ACE Mega CoDecS Pack --> "C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Anark Client 4 --> C:\Program Files\Anark\Anark Client 4\AMInstal.exe -uninstall
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DC++ 0.706 --> "C:\Program Files\DC++\uninstall.exe"
DD PlayCam --> C:\WINDOWS\unvise32.exe C:\Program Files\DD PlayCam\1.0\Thempty.log
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HD Tune 2.54 --> "C:\Program Files\HD Tune\unins000.exe"
Heroes of Might and Magic® III Complete --> C:\WINDOWS\IsUninst.exe -f"d:\jocuri\Heroes of Might and Magic® III.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IZArc 3.6 --> "C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
QuickInstallPack --> C:\Documents and Settings\Administrator\Local Settings\Application Data\qip\QuickInstallPack.exe /uninstall
Slim 320 --> C:\WINDOWS\System\M1000Rmv.exe
Slim 320 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BD0374C-CC12-4812-BBC5-69481A385E52}\Setup.exe" -l0x9
WebVideo Support --> C:\WINDOWS\grswptdl.exe
WinFast PVR2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\Setup.exe" -l0x18 -removeonly
WinFast TV2000 Expert / WinFast DV2000 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDD4371F-74B4-47AB-BB1C-AE94001B2826}\setup.exe" -l0x18 -removeonly
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1603 / Error
Event Submitted/Written: 08/08/2008 07:42:47 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1596 / Error
Event Submitted/Written: 08/08/2008 01:41:26 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1589 / Error
Event Submitted/Written: 08/06/2008 07:32:49 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1582 / Error
Event Submitted/Written: 08/05/2008 09:27:30 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type1572 / Error
Event Submitted/Written: 08/05/2008 10:48:43 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type63436 / Warning
Event Submitted/Written: 08/08/2008 01:41:16 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001E8C2C749D. The IP address being used is 169.254.107.148.

Event Record #/Type62998 / Warning
Event Submitted/Written: 08/06/2008 07:32:39 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001E8C2C749D. The IP address being used is 169.254.107.148.

Event Record #/Type61074 / Error
Event Submitted/Written: 08/05/2008 10:48:43 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type61073 / Error
Event Submitted/Written: 08/05/2008 10:48:43 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type61072 / Error
Event Submitted/Written: 08/05/2008 10:48:43 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-08-08 20:46:44 ------------

[Advertisements]

Hi,

First of all, uninstall My Web Search (Webfetti) via software > add & remove programs.
Reboot afterwards.

Then, read this page for your VirusAlert: http://miekiemoes.bl...to-restore.html

Then, after you have done above, to deal with the other malware, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[miekiemoes]

Hi,

First of all, uninstall My Web Search (Webfetti) via software > add & remove programs.
Reboot afterwards.

Then, read this page for your VirusAlert: http://miekiemoes.bl...to-restore.html

Then, after you have done above, to deal with the other malware, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[miekiemoes]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.