# Help!! Got lots of virus's on my PC



## cowley (Sep 4, 2008)

Can someone help me please, as I really am not very good with technical side of PC's.

I seem to have picked up lots of virus's and spyware software onto my PC. Can anyone recommend a fix for this, ideally a free download as I just don't know which one to know is genuine and I seem to have lots of messages coming up!

Thanks for any recommendations


----------



## Respital (Sep 4, 2008)

Hello, please download and post a log with *HiJackThis*.

*Click here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## cowley (Sep 4, 2008)

Respital said:


> Hello, please download and post a log with *HiJackThis*.
> 
> *Click here* to download *HJTsetup.exe*
> Save HJTsetup.exe to your desktop.
> ...





Not working, try saving it and then going into it and it says unable to display webpage??


----------



## Respital (Sep 4, 2008)

cowley said:


> Not working, try saving it and then going into it and it says unable to display webpage??



Try again, it works for me.


----------



## scooter (Sep 4, 2008)

Bah, don't waste your time with a log---forum is slow enough without pages of crap to wade through.

download free anti-virus with a cleaner tool...(avg, avast!..etc)

Your gonna have to do all the updates and scans and reboots but it will get you on the right track.

Once you get cleaned up and organized set the program to auto-scan daily at a time when you are at work, school, sleeping..etc


----------



## Respital (Sep 4, 2008)

scooter said:


> Bah, don't waste your time with a log---forum is slow enough without pages of crap to wade through.
> 
> download free anti-virus with a cleaner tool...(avg, avast!..etc)
> 
> ...



We have to diagnose the problem first... 
It's like a doctor treating a patient without looking at there medical history and stuff.


----------



## cowley (Sep 4, 2008)

Respital said:


> Try again, it works for me.




Ok, here its is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:56, on 04/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
C:\Program Files\SAV\sav.exe
C:\WINDOWS\system32\lphcvpnj0ej2t.exe
C:\Program Files\VirusRemover2008\VRM2008.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a..exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ehulypal.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\BT Broadband 205\Help\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.conferencefootball.tv/CTV_FAQ/1,14725,,00.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: mxlivemedia browser optimizer - {0da9164b-fd44-e40e-a2d2-019119262bc7} - C:\WINDOWS\system32\hammbefvxmfeysoon.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [lphcvpnj0ej2t] C:\WINDOWS\system32\lphcvpnj0ej2t.exe
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKLM\..\Run: [{8c4dc4b0-9e83-6958-8af5-afaa6e997a2d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\hammbefvxmfeysoon.dll" DllStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a..exe
O4 - HKCU\..\Run: [cmdsmartui] C:\WINDOWS\system32\ehulypal.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [2TKI4Ch6Ky] C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 205\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm079YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10959 bytes


----------



## scooter (Sep 4, 2008)

Respital said:


> We have to diagnose the problem first...
> It's like a doctor treating a patient without looking at there medical history and stuff.



ok..well you guys do your thing and if you need help after that..i will show an alternate method without all the reading of the processes and stuff....

cheers


----------



## Respital (Sep 4, 2008)

Hello:

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open *Task Manager* then *Processes* tab (press ctrl, alt and del at the same time) and end any processes of *findstr, find, sed or swreg*, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Found some suspicious files...

Please go to *Virus Total* or *Jotti* and upload *File HERE* 

*For Virus Total*


Please copy and paste 
*
C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe
C:\WINDOWS\system32\lphcvpnj0ej2t.exe
C:\Program Files\VirusRemover2008\VRM2008.exe
C:\WINDOWS\system32\ehulypal.exe
* 
in the text box next to the Browse button.
Click on *Send File*.

*For Jotti*


Please copy and paste 
*
C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe
C:\WINDOWS\system32\lphcvpnj0ej2t.exe
C:\Program Files\VirusRemover2008\VRM2008.exe
C:\WINDOWS\system32\ehulypal.exe
* 
and in the text box next to the Browse button.
Click on *Submit*.

Once those files have finished scanning please post the results here for a professional to look over them.

In your next reply i will need:

The ComboFix Log
A New HiJackThis Log
The results from the Virus Scanners


----------



## cowley (Sep 4, 2008)

Respital said:


> Hello:
> 
> *Download and Run ComboFix*
> *If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*
> ...





It says cannot rename combofix combofix(1)?????


----------



## Respital (Sep 4, 2008)

cowley said:


> It says cannot rename combofix combofix(1)?????



Try saving it to your desktop.


----------



## cowley (Sep 4, 2008)

Here's the combo log, will do the other thing now and post in a minute.

ComboFix 08-09-03.06 - Administrator 2008-09-04 19:51:45.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.111 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Jason.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hammbefvxmfeysoon.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Application Data\FunWebProducts
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data\Administrator\avatar.dat
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data\Administrator\register.dat
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-aig.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hits.gureport.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@peach.bskyb[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tsw0[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@uk.ebayrtm[1].txt
C:\Documents and Settings\All Users\Application Data\Secure Solutions
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080904184407237.log
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\00032ABA.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00107B3D.bin
C:\Program Files\MyWebSearch\bar\Cache\00108D0F.bin
C:\Program Files\MyWebSearch\bar\Cache\00108E48.bin
C:\Program Files\MyWebSearch\bar\Cache\0010906A.bin
C:\Program Files\MyWebSearch\bar\Cache\001093F5.bin
C:\Program Files\MyWebSearch\bar\Cache\002400DB
C:\Program Files\MyWebSearch\bar\Cache\002AA617
C:\Program Files\MyWebSearch\bar\Cache\00584B64
C:\Program Files\MyWebSearch\bar\Cache\00584FE9.bin
C:\Program Files\MyWebSearch\bar\Cache\00585315.bin
C:\Program Files\MyWebSearch\bar\Cache\005862D4.bin
C:\Program Files\MyWebSearch\bar\Cache\00586610.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
C:\Program Files\VirusRemover2008
C:\Program Files\VirusRemover2008\diagnosis.dat
C:\Program Files\VirusRemover2008\Viruses.bdt
C:\Program Files\VirusRemover2008\VRM2008.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\blphcvpnj0ej2t.scr
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\lphcvpnj0ej2t.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\phcvpnj0ej2t.bmp
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
(((((((((((((((((((((((((   Files Created from 2008-08-04 to 2008-09-04  )))))))))))))))))))))))))))))))
.

2008-09-04 19:09 . 2008-09-04 19:09	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-04 18:44 . 2008-09-04 18:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\services
2008-09-04 18:44 . 2008-09-04 18:44	64,362	--a------	C:\WINDOWS\system32\aoregullryymyhia.exe
2008-09-04 17:59 . 2008-09-04 17:59	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\VirusRemover2008
2008-09-04 07:16 . 2008-09-04 07:16	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ufilkjkt
2008-09-04 07:16 . 2008-09-04 07:16	94,208	--a------	C:\WINDOWS\system32\ehulypal.exe
2008-09-04 07:15 . 2008-09-04 07:15	<DIR>	d--------	C:\Program Files\SAV
2008-09-04 07:15 . 2008-08-13 19:10	168,448	--a------	C:\WINDOWS\system32\sav.cpl
2008-09-04 07:15 . 2008-09-04 07:15	116,740	--a------	C:\WINDOWS\system32\msxml71.dll
2008-08-29 07:05 . 2008-08-29 07:05	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-08-29 07:05 . 2008-08-29 07:05	1,409	--a------	C:\WINDOWS\QTFont.for
2008-08-17 07:37 . 2008-08-17 12:06	<DIR>	d--------	C:\WINDOWS\system32\CatRoot_bak

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 06:18	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-04 06:18	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-08-02 05:36	---------	d-----w	C:\Program Files\Sun
2008-08-02 05:36	---------	d-----w	C:\Program Files\Java
2008-07-28 18:52	---------	d-----w	C:\Documents and Settings\All Users\Application Data\yahoo!
2008-07-25 14:00	---------	d-----w	C:\Program Files\Norton Security Scan
2008-07-18 21:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 21:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-06-24 16:23	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"cmdsmartui"="C:\WINDOWS\system32\ehulypal.exe" [2008-09-04 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 118784]
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 417792]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-08-31 448040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 282624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"Antivirus"="C:\Program Files\SAV\sav.exe" [2008-08-15 401408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"2TKI4Ch6Ky"="C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe" [2008-09-04 69632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Broadband Desktop Help.lnk - C:\Program Files\BT Broadband 205\Help\bin\matcli.exe [2006-09-19 217088]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"C:\\Program Files\\3D Groove\\Nothing But Net\\NBN.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

*Newly Created Service* - CATCHME
*Newly Created Service* - NMSCFG
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
HKLM-Run-lphcvpnj0ej2t - C:\WINDOWS\system32\lphcvpnj0ej2t.exe
HKLM-Run-VirusRemover2008 - C:\Program Files\VirusRemover2008\VRM2008.exe
HKLM-Run-{8c4dc4b0-9e83-6958-8af5-afaa6e997a2d} - C:\WINDOWS\system32\hammbefvxmfeysoon.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h2uisy9j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uk.yahoo.com
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 19:56:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  VirusRemover2008 = C:\Program Files\VirusRemover2008\VRM2008.exe?Settings\Temporary Internet Files\Content.IE5\HSIOQT5S\VirusRemover2008_Setup_Free_en[1].exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-04 20:00:12
ComboFix-quarantined-files.txt  2008-09-04 18:59:51

Pre-Run: 4,646,768,640 bytes free
Post-Run: 5,226,196,992 bytes free

334	--- E O F ---	2008-08-14 17:53:25


----------



## Respital (Sep 4, 2008)

I still need a new HiJackThis log and the results from the Online Virus Scans please.


----------



## cowley (Sep 4, 2008)

*And now the Virus Total Log:*

[/B]File wdizqpsl.exe received on 09.04.2008 21:04:26 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 


Result: 2/36 (5.56%)
Loading server information... 
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete. 
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file. 
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated. 
 Compact Print results  
Your file has expired or does not exists. 
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. 
 Email:  


Antivirus Version Last Update Result 
AhnLab-V3 2008.9.4.2 2008.09.04 - 
AntiVir 7.8.1.28 2008.09.04 - 
Authentium 5.1.0.4 2008.09.03 - 
Avast 4.8.1195.0 2008.09.04 - 
AVG 8.0.0.161 2008.09.04 - 
BitDefender 7.2 2008.09.04 - 
CAT-QuickHeal 9.50 2008.09.02 - 
ClamAV 0.93.1 2008.09.04 - 
DrWeb 4.44.0.09170 2008.09.04 - 
eSafe 7.0.17.0 2008.09.03 - 
eTrust-Vet 31.6.6069 2008.09.04 - 
Ewido 4.0 2008.09.04 - 
F-Prot 4.4.4.56 2008.09.03 - 
F-Secure 8.0.14332.0 2008.09.04 - 
Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr 
GData 19 2008.09.04 - 
Ikarus T3.1.1.34.0 2008.09.04 - 
K7AntiVirus 7.10.441 2008.09.04 - 
Kaspersky 7.0.0.125 2008.09.04 - 
McAfee 5377 2008.09.04 - 
Microsoft 1.3903 2008.09.04 - 
NOD32v2 3415 2008.09.04 - 
Norman 5.80.02 2008.09.04 - 
Panda 9.0.0.4 2008.09.04 - 
PCTools 4.4.2.0 2008.09.04 - 
Prevx1 V2 2008.09.04 Suspicious 
Rising 20.60.31.00 2008.09.04 - 
Sophos 4.33.0 2008.09.04 - 
Sunbelt 3.1.1606.1 2008.09.04 - 
Symantec 10 2008.09.04 - 
TheHacker 6.3.0.8.072 2008.09.04 - 
TrendMicro 8.700.0.1004 2008.09.04 - 
VBA32 3.12.8.5 2008.09.04 - 
ViRobot 2008.9.4.1363 2008.09.04 - 
VirusBuster 4.5.11.0 2008.09.04 - 
Webwasher-Gateway 6.6.2 2008.09.04 - 
Additional information 
File size: 69632 bytes 
MD5...: 4658d79cd520fb5db145b5fe1af61b07 
SHA1..: 4688f9085ae9e803662e0531380bd89e4381746a 
SHA256: 42fa04be49715535fd6345ceb2efcf319b7c049ed7b8ab69ddeb96a3169b5387 
SHA512: 5e19cab997250ee5f34c5fa2d737d12fb49f839e4083309901424a90f45ed993
a4c35bdb2d6eee9459fe884d3e1be3cbc96a97d66bf7dde21937bccafef540fd 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x404824
timedatestamp.....: 0x48bf5dbb (Thu Sep 04 04:02:03 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd656 0xe000 6.71 dd960c442535d3a9ed27f199d7819474
.rdata 0xf000 0x7d4 0x1000 3.05 f8b16821184738a774e81bafca4ef66e
.data 0x10000 0x468 0x1000 0.35 0fef606822a3f71eec1643479324ce90

( 4 imports ) 
> KERNEL32.dll: GetCurrentProcessId, GetTickCount, SetCurrentDirectoryW, GetSystemTime, WideCharToMultiByte, DeleteFileW, LockResource, TerminateThread, CreateThread, LoadLibraryA, FreeLibrary, ReadProcessMemory, InterlockedIncrement, ResetEvent, QueryDosDeviceW, WritePrivateProfileStringW, MulDiv, GetLastError, MoveFileW, GetFileAttributesW, lstrcpyW, ReadFile, GlobalAddAtomW, SetEvent, GlobalUnlock, FindNextFileW, CreateWaitableTimerW, ResumeThread, GetProcAddress, InterlockedDecrement, GetLocalTime, GetFileSize, WaitForSingleObject, GetCurrentProcess
> USER32.dll: SendDlgItemMessageW, GetWindowTextW, DestroyMenu, EndDialog, TrackPopupMenu, GetWindowDC, UpdateWindow, PostThreadMessageW, ReleaseCapture, WindowFromPoint, wsprintfW, SetLayeredWindowAttributes, RegisterClassExW, GetKeyState, DialogBoxParamW, GetParent, PostQuitMessage, SetCursor, SetWindowTextW, SystemParametersInfoW, IsDlgButtonChecked, GetWindowRect, SendMessageW
> GDI32.dll: DeleteObject, SetMapMode, DPtoLP, StretchBlt, SetBkColor, GetMapMode, SetDIBits, CreatePen, CreateCompatibleDC, CreateCompatibleBitmap, GetDeviceCaps, CreateBitmap
> ADVAPI32.dll: RegQueryValueExW, LookupAccountSidW, GetUserNameW

( 0 exports ) 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=01D484030084414410A001439E6AAE00C4BBB49A


----------



## cowley (Sep 4, 2008)

And the new HIJACK LOG:

File wdizqpsl.exe received on 09.04.2008 21:04:26 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED 


Result: 2/36 (5.56%)
Loading server information... 
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete. 
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file. 
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated. 
 Compact Print results  
Your file has expired or does not exists. 
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. 
 Email:  


Antivirus Version Last Update Result 
AhnLab-V3 2008.9.4.2 2008.09.04 - 
AntiVir 7.8.1.28 2008.09.04 - 
Authentium 5.1.0.4 2008.09.03 - 
Avast 4.8.1195.0 2008.09.04 - 
AVG 8.0.0.161 2008.09.04 - 
BitDefender 7.2 2008.09.04 - 
CAT-QuickHeal 9.50 2008.09.02 - 
ClamAV 0.93.1 2008.09.04 - 
DrWeb 4.44.0.09170 2008.09.04 - 
eSafe 7.0.17.0 2008.09.03 - 
eTrust-Vet 31.6.6069 2008.09.04 - 
Ewido 4.0 2008.09.04 - 
F-Prot 4.4.4.56 2008.09.03 - 
F-Secure 8.0.14332.0 2008.09.04 - 
Fortinet 3.14.0.0 2008.09.03 W32/PolySmall.BP!tr 
GData 19 2008.09.04 - 
Ikarus T3.1.1.34.0 2008.09.04 - 
K7AntiVirus 7.10.441 2008.09.04 - 
Kaspersky 7.0.0.125 2008.09.04 - 
McAfee 5377 2008.09.04 - 
Microsoft 1.3903 2008.09.04 - 
NOD32v2 3415 2008.09.04 - 
Norman 5.80.02 2008.09.04 - 
Panda 9.0.0.4 2008.09.04 - 
PCTools 4.4.2.0 2008.09.04 - 
Prevx1 V2 2008.09.04 Suspicious 
Rising 20.60.31.00 2008.09.04 - 
Sophos 4.33.0 2008.09.04 - 
Sunbelt 3.1.1606.1 2008.09.04 - 
Symantec 10 2008.09.04 - 
TheHacker 6.3.0.8.072 2008.09.04 - 
TrendMicro 8.700.0.1004 2008.09.04 - 
VBA32 3.12.8.5 2008.09.04 - 
ViRobot 2008.9.4.1363 2008.09.04 - 
VirusBuster 4.5.11.0 2008.09.04 - 
Webwasher-Gateway 6.6.2 2008.09.04 - 
Additional information 
File size: 69632 bytes 
MD5...: 4658d79cd520fb5db145b5fe1af61b07 
SHA1..: 4688f9085ae9e803662e0531380bd89e4381746a 
SHA256: 42fa04be49715535fd6345ceb2efcf319b7c049ed7b8ab69ddeb96a3169b5387 
SHA512: 5e19cab997250ee5f34c5fa2d737d12fb49f839e4083309901424a90f45ed993
a4c35bdb2d6eee9459fe884d3e1be3cbc96a97d66bf7dde21937bccafef540fd 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x404824
timedatestamp.....: 0x48bf5dbb (Thu Sep 04 04:02:03 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd656 0xe000 6.71 dd960c442535d3a9ed27f199d7819474
.rdata 0xf000 0x7d4 0x1000 3.05 f8b16821184738a774e81bafca4ef66e
.data 0x10000 0x468 0x1000 0.35 0fef606822a3f71eec1643479324ce90

( 4 imports ) 
> KERNEL32.dll: GetCurrentProcessId, GetTickCount, SetCurrentDirectoryW, GetSystemTime, WideCharToMultiByte, DeleteFileW, LockResource, TerminateThread, CreateThread, LoadLibraryA, FreeLibrary, ReadProcessMemory, InterlockedIncrement, ResetEvent, QueryDosDeviceW, WritePrivateProfileStringW, MulDiv, GetLastError, MoveFileW, GetFileAttributesW, lstrcpyW, ReadFile, GlobalAddAtomW, SetEvent, GlobalUnlock, FindNextFileW, CreateWaitableTimerW, ResumeThread, GetProcAddress, InterlockedDecrement, GetLocalTime, GetFileSize, WaitForSingleObject, GetCurrentProcess
> USER32.dll: SendDlgItemMessageW, GetWindowTextW, DestroyMenu, EndDialog, TrackPopupMenu, GetWindowDC, UpdateWindow, PostThreadMessageW, ReleaseCapture, WindowFromPoint, wsprintfW, SetLayeredWindowAttributes, RegisterClassExW, GetKeyState, DialogBoxParamW, GetParent, PostQuitMessage, SetCursor, SetWindowTextW, SystemParametersInfoW, IsDlgButtonChecked, GetWindowRect, SendMessageW
> GDI32.dll: DeleteObject, SetMapMode, DPtoLP, StretchBlt, SetBkColor, GetMapMode, SetDIBits, CreatePen, CreateCompatibleDC, CreateCompatibleBitmap, GetDeviceCaps, CreateBitmap
> ADVAPI32.dll: RegQueryValueExW, LookupAccountSidW, GetUserNameW

( 0 exports ) 

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=01D484030084414410A001439E6AAE00C4BBB49A 

Is that all you need so far????


----------



## Respital (Sep 4, 2008)

Please post a new log with HiJackThis, you just pasted the Virus Scan log again.


----------



## cowley (Sep 4, 2008)

Respital said:


> Please post a new log with HiJackThis, you just pasted the Virus Scan log again.



Sorry! Just remind me how I do this again?


----------



## Respital (Sep 4, 2008)

cowley said:


> Sorry! Just remind me how I do this again?



No problem, we all make mistakes. 

Hello, please download and post a *new* log with *HiJackThis*.

*Click here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## cowley (Sep 4, 2008)

Is this it???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:23, on 04/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ehulypal.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Broadband 205\Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.conferencefootball.tv/CTV_FAQ/1,14725,,00.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cmdsmartui] C:\WINDOWS\system32\ehulypal.exe
O4 - HKLM\..\Policies\Explorer\Run: [2TKI4Ch6Ky] C:\Documents and Settings\All Users\Application Data\ufilkjkt\wdizqpsl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 205\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm079YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7926 bytes


----------



## Respital (Sep 4, 2008)

Yes that's it. 
There are a few more steps i would like you to complete before i hand this off to a more professional user.

Please Run A *Full Scan* With Malwarebytes' Anti-Malware

*How to run a scan with Malwarebytes' Anti-Malware*

Download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
_If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately._

Please complete a Scan With Kaspersky Online AV Scanner.

*Run Kaspersky Online AV Scanner*
Using *Internet Explorer* Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the *Accept* button at the end of the page.

_Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%._

 Read the *Requirements and limitations* before you click *Accept*.
 Allow the ActiveX download if necessary.
 Once the database has downloaded, click *Next*.
 Click *Scan Settings* and change the "*Scan using the following antivirus database*" from *standard* to *extended* and then click *OK*.
 Click on "*My Computer*" and then put the kettle on!
When the scan has completed, click *Save Report As...*
 Enter a name for the file in the *Filename:* text box and then click the down arrow to the right of *Save as type:* and select *text file (*.txt)*
 Click *Save* - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.


----------



## cowley (Sep 4, 2008)

Respital said:


> Yes that's it.
> There are a few more steps i would like you to complete before i hand this off to a more professional user.
> 
> Please Run A *Full Scan* With Malwarebytes' Anti-Malware
> ...




Done everything upto Kaspersky Run, it says must update to Java 1.5 or higher. Also doesn't show the accept button as option to select (Grey)???


----------



## Respital (Sep 4, 2008)

cowley said:


> Done everything upto Kaspersky Run, it says must update to Java 1.5 or higher. Also doesn't show the accept button as option to select (Grey)???



This is because your Java is out of Date, older versions have vulnerability's...
If you know how to update your java please do so.

Otherwise please run a scan With Panda Online. 

*Run Panda Online Scan*
Run *Panda's ActiveScan* from *here* and perform a full system scan.
- Once you are on the Panda site click the "*Scan your PC*" button
- A new window will open...click the big "*Check Now*" button
- Enter your *Country*
- Enter your *State/Province*
- Enter your *e-mail address* and click *send*
- Select either *Home User* or *Company*
- Click the big *Scan Now* button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan *(Note: It will take a couple minutes)*
- Click on "*Local Disks*" to start the scan
- Save the log file to your desktop


----------



## cowley (Sep 4, 2008)

Respital said:


> This is because your Java is out of Date, older versions have vulnerability's...
> If you know how to update your java please do so.
> 
> Otherwise please run a scan With Panda Online.
> ...



Its just running now, it asked me to install ActiveX which I did and now its just scanning.Really appreciate all your help with this, PC seems to be running more stable now.


----------



## Respital (Sep 4, 2008)

cowley said:


> Its just running now, it asked me to install ActiveX which I did and now its just scanning.Really appreciate all your help with this, PC seems to be running more stable now.



No problem at all. 
Glad to hear your computer is running better. 
After this completes i will likely lack the privilege of running a script, if anything is showed in this log of course. That means that i will have to hand you off to a professional at this moment we only have around 4 so please be patient as on other forums it can take up to a week. One of the most helpfully professionals Ceewi1 stated that he was recently working 14 hour days so it mite take a while. Also please don't start this topic in any other forum as getting advice from 2 different forums could confuse you and damage your system if you follow both forums advice.


----------



## cowley (Sep 4, 2008)

Respital said:


> No problem at all.
> Glad to hear your computer is running better.
> After this completes i will likely lack the privilege of running a script, if anything is showed in this log of course. That means that i will have to hand you off to a professional at this moment we only have around 4 so please be patient as on other forums it can take up to a week. One of the most helpfully professionals Ceewi1 stated that he was recently working 14 hour days so it mite take a while. Also please don't start this topic in any other forum as getting advice from 2 different forums could confuse you and damage your system if you follow both forums advice.



Its 70% complete but its asking me for a profile, it shows OUTLOOK. Do i click OK????


----------



## cowley (Sep 4, 2008)

This is what Panda has shown:

Threats with free disinfection (1)
Low danger level (1) Trj/WmaDownloa... Virus Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Share... Of The Worlds, Original, Uncut.wma


Only available for registered users.
Register free - I'm registered 
 Threats disinfected with the paid version (44)
Low danger level (44) Cookie/Bluestr... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt

 Cookie/Apmebf Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt

 Cookie/Questio... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...administrator@questionmarket[1].txt

 Cookie/Hitbox Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@phg.hitbox[2].txt

 Cookie/DriveCl... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...s\administrator@drivecleaner[1].txt

 Cookie/did-it Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt

 Cookie/adultfr... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...inistrator@adultfriendfinder[2].txt

 Cookie/Adserve... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...dministrator@adserver.easyad[1].txt

 Cookie/PointRo... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...\administrator@ads.pointroll[1].txt

 Cookie/YieldMa... Tracking Cookie Latent Show + Info   
 1. C:\QooBox\Quarantine\C\Documents and Settings...istrator@ad.yieldmanager[2].txt.vir
2. C:\Documents and Settings\Administrator\Cooki...dministrator@ad.yieldmanager[2].txt

 Cookie/Adtech Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt

 Cookie/Atlas D... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt

 Cookie/Doublec... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt

 Cookie/Casalem... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt

 Cookie/Mediapl... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt

 Cookie/Atwola Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt

 Cookie/Adrevol... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt

 Cookie/Advance... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...dministrator@advancedcleaner[1].txt

 Cookie/WUpd Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt

 Cookie/Tribalf... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...s\administrator@tribalfusion[1].txt

 Cookie/Serving... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...administrator@bs.serving-sys[1].txt

 Cookie/Ccbill Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@ccbill[1].txt

 Cookie/Serving... Tracking Cookie Latent Show + Info   
 1. C:\QooBox\Quarantine\C\Documents and Settings...dministrator@serving-sys[1].txt.vir

 Cookie/NewMedi... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@anm.co[1].txt

 Cookie/FastCli... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt

 Cookie/Zedo Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt

 Application/My... Tracking Application Latent Show + Info   
 1. C:\System Volume Information\_restore{1173920...7D-12BDAEAD65EA}\RP339\A0042478.DLL
2. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir

 Cookie/Adviva Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@adviva[1].txt

 Cookie/Searchp... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...tor@searchportal.information[1].txt

 Cookie/Webtren... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...strator@statse.webtrendslive[2].txt

 Cookie/Tradedo... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...s\administrator@tradedoubler[1].txt

 Cookie/Adverti... Tracking Cookie Latent Show + Info   
 1. C:\QooBox\Quarantine\C\Documents and Settings...dministrator@advertising[1].txt.vir

 Adware/VapSup Adware Latent Show + Info   
 1. C:\QooBox\Quarantine\C\WINDOWS\system32\hammbefvxmfeysoon.dll.vir
2. C:\System Volume Information\_restore{1173920...7D-12BDAEAD65EA}\RP339\A0043504.dll

 Adware/RogueAn... Adware Latent Show + Info   
 1. C:\System Volume Information\_restore{1173920...7D-12BDAEAD65EA}\RP339\A0042575.exe
2. C:\QooBox\Quarantine\C\WINDOWS\system32\lphcvpnj0ej2t.exe.vir

 Cookie/bravene... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[1].txt

 Cookie/Yadro Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt

 Cookie/Statcou... Tracking Cookie Latent Show + Info   
 1. C:\QooBox\Quarantine\C\Documents and Settings...dministrator@statcounter[2].txt.vir

 Cookie/Cgi-bin Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...inistrator@www6.addfreestats[1].txt

 Cookie/Adrevol... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...ministrator@media.adrevolver[3].txt

 Cookie/Com.com Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt

 Cookie/AdDynam... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...\administrator@ads.addynamix[1].txt

 Adware/Trymedi... Adware Latent Show + Info   
 1. C:\Downloads\InternationalCueClubSetup-dm[1].exe
2. C:\Downloads\WinterChallengeSetup-dm[1].exe
3. C:\Downloads\StartersOrdersSetup-dm[1].exe
4. C:\Downloads\MiniGolfMaster2-dm[1].exe
5. C:\Downloads\LottoTennisChallenge_ENSetup-dm[1].exe
6. C:\Downloads\PerfectAce-dm[1].exe
7. C:\Downloads\BilliardsChamp3DSetup-dm[1].exe

 Cookie/Overtur... Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt

 Cookie/Cgi-bin Tracking Cookie Latent Show + Info   
 1. C:\Documents and Settings\Administrator\Cooki...inistrator@www2.addfreestats[1].txt


Only available in paid version.
Buy - I am a client 
 Suspicious files (1)
 C:\QooBox\Quarantine\C\WINDOWS\system32\blphcvpnj0ej2t.scr.vir   


 Vulnerabilities (0)


----------

