pyagcore problem

[lorraine112]

Hello

Everytime i try to get on msn/yahoo the pyagcore null message comes up.

I am running xp service pack 3.

i had kiwee toolbar but used revo installer to remove it.The problem started when a friend used my pc to access his email....he thought his account may of been hacked!

i used atf....superanti spyware malwarbyte but could not use eset...so used another online scanner. but still have pyagore. I also have avg and have run a scan with this too.

thankyou

[chiaz]

Hey there. :)

 

Launch MalwareBytes' Anti-Malware and check for definition updates.

 

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

* You'll be required to post the contents of this log later.

 

Please Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

 

 

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

 

Go here ======> A guide and tutorial on using ComboFix <====== Go here

 

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should get a prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

 

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

(2) Click Yes to allow ComboFix to continue scanning for malware.

 

When the tool is finished, it will produce a report for you.

 

 

Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system.

 

 

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

[lorraine112]

Hi Chiaz

thanks for trying to help this is the first log

cheers

 

Malwarebytes' Anti-Malware 1.41

Database version: 3081

Windows 5.1.2600 Service Pack 3

01/11/2009 22:31:29

mbam-log-2009-11-01 (22-31-29).txt

Scan type: Quick Scan

Objects scanned: 111674

Time elapsed: 18 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 40

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

F:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

F:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.

[lorraine112]

Hi again this is the second log....thanks

 

ComboFix 09-11-07.02 - User 08/11/2009 12:31.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.114 [GMT 0:00]

Running from: f:\documents and settings\User\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))

.

2009-11-06 09:16 . 2009-10-21 08:04 2064152 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

2009-11-04 21:10 . 2009-11-04 23:39 -------- d-----w- f:\windows\BDOSCAN8

2009-11-04 19:45 . 2009-11-04 19:45 152576 ----a-w- f:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-04 19:00 . 2009-09-10 14:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys

2009-11-04 19:00 . 2009-09-10 14:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys

2009-11-04 19:00 . 2009-11-04 19:01 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware

2009-11-03 20:01 . 2009-11-03 20:01 -------- d-----w- f:\program files\VS Revo Group

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\Common Files\ParetoLogic

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\ParetoLogic

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic

2009-11-03 19:51 . 2009-11-03 19:51 -------- d-----w- f:\documents and settings\User\Local Settings\Application Data\Downloaded Installations

2009-11-02 22:05 . 2009-11-02 22:05 117760 ----a-w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-02 22:03 . 2009-11-02 22:03 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-11-02 22:01 . 2009-11-02 22:01 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2009-11-02 21:10 . 2009-11-02 21:10 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard

2009-11-02 19:20 . 2009-11-02 19:20 -------- d-----w- f:\windows\system32\wbem\Repository

2009-11-02 19:19 . 2009-11-02 19:19 -------- d-----w- f:\documents and settings\User\Application Data\WildTangent

2009-11-02 19:19 . 2009-11-02 19:19 -------- d-----w- f:\program files\WildGames

2009-11-02 18:59 . 2009-11-02 19:59 -------- d-----w- f:\program files\Unlocker

2009-11-02 18:30 . 2009-11-02 18:35 99142 ----a-w- F:\MGlogs.zip

2009-11-02 18:30 . 2009-11-02 19:18 -------- d-----w- F:\MGtools

2009-11-02 10:23 . 2009-11-02 19:18 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware(2)

2009-11-02 10:01 . 2009-11-02 19:18 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware(2).com

2009-11-02 00:10 . 2009-11-02 09:22 29216 --sha-w- f:\windows\system32\drivers\fidbox2.dat

2009-11-02 00:10 . 2009-11-02 09:22 1818912 --sha-w- f:\windows\system32\drivers\fidbox.dat

2009-11-01 23:07 . 2009-11-02 22:01 -------- d-----w- f:\program files\SUPERAntiSpyware

2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\User\Application Data\Malwarebytes

2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-23 18:26 . 2009-10-23 18:26 -------- d-----w- f:\program files\iPod

2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\program files\iTunes

2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-23 18:19 . 2009-10-23 18:20 -------- d-----w- f:\program files\QuickTime

2009-10-23 18:10 . 2009-10-23 18:10 79144 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

2009-10-17 07:38 . 2009-10-17 07:37 2025752 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-08 08:02 . 2009-04-05 00:58 -------- d-----w- f:\documents and settings\User\Application Data\Spotify

2009-11-04 19:57 . 2009-01-19 19:22 -------- d-----w- f:\program files\Java

2009-11-04 19:13 . 2009-09-16 19:40 -------- d-----w- f:\program files\GamesBar

2009-11-03 21:52 . 2009-05-21 20:22 -------- d-----w- f:\documents and settings\User\Application Data\Skype

2009-11-03 21:40 . 2009-02-08 12:52 -------- d-----w- f:\documents and settings\User\Application Data\skypePM

2009-11-03 20:10 . 2009-10-06 20:40 -------- d-----w- f:\documents and settings\All Users\Application Data\Kiwee Toolbar

2009-11-02 09:22 . 2009-11-02 00:10 3788 --sha-w- f:\windows\system32\drivers\fidbox2.idx

2009-11-02 09:22 . 2009-11-02 00:10 25436 --sha-w- f:\windows\system32\drivers\fidbox.idx

2009-11-02 09:01 . 2009-06-24 19:20 -------- d-----w- f:\documents and settings\All Users\Application Data\WildTangent

2009-11-02 08:43 . 2009-09-16 19:40 -------- d-----w- f:\program files\Gamenext

2009-10-23 18:26 . 2009-06-12 19:58 -------- d-----w- f:\program files\Common Files\Apple

2009-10-11 04:17 . 2009-06-07 09:15 411368 ----a-w- f:\windows\system32\deploytk.dll

2009-10-06 20:57 . 2009-01-28 19:51 -------- d-----w- f:\program files\Windows Live

2009-10-06 20:40 . 2009-10-06 20:39 -------- d-----w- f:\documents and settings\User\Application Data\agi

2009-10-06 20:40 . 2009-10-06 20:40 -------- d-----w- f:\program files\Kiwee Toolbar

2009-10-06 20:39 . 2009-06-12 22:04 -------- d-----w- f:\documents and settings\All Users\Application Data\agi

2009-10-06 20:39 . 2009-04-23 21:29 339968 ----a-w- f:\windows\system32\pythoncom25.dll

2009-10-06 20:39 . 2009-04-23 21:29 2117632 ----a-w- f:\windows\system32\python25.dll

2009-10-06 20:39 . 2009-04-23 21:29 114688 ----a-w- f:\windows\system32\pywintypes25.dll

2009-10-06 20:39 . 2009-10-06 20:39 -------- d-----w- f:\program files\AGI

2009-10-03 23:20 . 2009-10-03 23:20 1614400 ----a-w- f:\documents and settings\All Users\Application Data\WildTangent\Game Console - WildGames\Downloads\en\Installers\SetupGamesClient.exe

2009-09-28 22:57 . 2009-09-28 22:57 -------- d-----w- f:\documents and settings\User\Application Data\Serif

2009-09-28 22:54 . 2009-09-28 22:54 -------- d-----w- f:\program files\Serif

2009-09-25 06:30 . 2009-01-21 17:55 1 ----a-w- f:\documents and settings\User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-09-24 11:28 . 2009-09-24 11:28 -------- d-----w- f:\documents and settings\User\Application Data\Windows Live Writer

2009-09-17 16:09 . 2009-01-22 19:43 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP

2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\User\Application Data\PlayFirst

2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\All Users\Application Data\PlayFirst

2009-09-16 21:16 . 2009-03-06 20:20 -------- d-----w- f:\program files\Oberon Media

2009-09-16 19:41 . 2009-09-16 19:41 -------- d-----w- f:\documents and settings\All Users\Application Data\GamesBar

2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- f:\windows\system32\msv1_0.dll

2009-09-09 17:03 . 2009-02-20 10:50 -------- d-----w- f:\program files\Microsoft Silverlight

2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll

2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- f:\windows\system32\wininet.dll

2009-08-26 08:26 . 2009-01-21 19:06 11952 ----a-w- f:\windows\system32\avgrsstx.dll

2009-08-26 08:26 . 2009-01-21 19:06 27784 ----a-w- f:\windows\system32\drivers\avgmfx86.sys

2009-08-26 08:26 . 2009-01-21 19:06 335240 ----a-w- f:\windows\system32\drivers\avgldx86.sys

2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll

2009-08-11 18:51 . 2009-01-21 17:51 17864 ----a-w- f:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

2009-10-06 20:40 277648 ----a-w- f:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 10:58 1107200 ----a-w- f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "f:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll" [2009-10-06 277648]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]

[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="f:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]

"AVFX Engine"="f:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"snp2std"="f:\windows\vsnp2std.exe" [2005-08-13 348160]

"Creative Software Update"="f:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [bU]

"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 185896]

"KiweeHook"="f:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe" [2009-10-06 56456]

"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

"ParetoLogic Anti-Virus PLUS"="f:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-11-08 2355]

"Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"VTTimer"="VTTimer.exe" - f:\windows\system32\VTTimer.exe [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" - f:\windows\system32\VTTrayp.exe [2005-03-11 147456]

"SoundMan"="SOUNDMAN.EXE" - f:\windows\SOUNDMAN.EXE [2005-09-22 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\User\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 15:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-26 08:26 11952 ----a-w- f:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"f:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"f:\\WINDOWS\\system32\\dxdiag.exe"=

"f:\\Program Files\\Messenger\\msmsgs.exe"=

"f:\\Program Files\\Spotify\\spotify.exe"=

"f:\\WINDOWS\\system32\\dpvsetup.exe"=

"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"f:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [21/01/2009 19:06 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [21/01/2009 19:06 108552]

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]

R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]

R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [21/01/2009 19:06 908056]

R2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [21/01/2009 19:06 297752]

R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [20/02/2009 10:49 54752]

R2 ZeppelinService;plasservice;f:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14:40 587216]

R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]

S3 fsssvc;Windows Live Family Safety Service;f:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Contents of the 'Scheduled Tasks' folder

2009-11-06 f:\windows\Tasks\AppleSoftwareUpdate.job

- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-07 f:\windows\Tasks\ParetoLogic Registration.job

- f:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]

2009-11-08 f:\windows\Tasks\User_Feed_Synchronization-{641EEE1C-5145-4864-B1AD-6DDBA7CC4D33}.job

- f:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} - http://file:///F:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-11-08 12:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)

f:\program files\SUPERAntiSpyware\SASWINLO.dll

f:\windows\system32\WININET.dll

.

Completion time: 2009-11-08 12:49

ComboFix-quarantined-files.txt 2009-11-08 12:49

ComboFix2.txt 2009-11-02 18:01

Pre-Run: 61,899,411,456 bytes free

Post-Run: 61,985,157,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5849850D07F62457A5A6E8261412FC9C

[lorraine112]

Hi sorry but i posted the wrong log this is the latest thanks

 

Malwarebytes' Anti-Malware 1.41

Database version: 3123

Windows 5.1.2600 Service Pack 3

08/11/2009 11:58:19

mbam-log-2009-11-08 (11-58-19).txt

Scan type: Quick Scan

Objects scanned: 102811

Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected

[chiaz]

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

 

 

First, please close any open browsers. Go to Control Panel > Add/Remove Programs and uninstall the following programs if found:

WildTangent

WildGames

GamesBar

Kiwee Toolbar

Reboot your computer if you did manage to uninstall any applications.

 

 

Next,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Open *notepad* and copy/paste the text in the quotebox below into it:

 

Folder::
f:\program files\WildGames
f:\program files\GamesBar
f:\documents and settings\User\Application Data\WildTangent
f:\documents and settings\All Users\Application Data\Kiwee Toolbar
f:\program files\Kiwee Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[-HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

 

 

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

 

When finished, it shall produce a log for you at C:\ComboFix.txt

 

Please copy and paste the ComboFix.txt in your new reply.

 

*Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

[lorraine112]

Hi chiraz

This is the latest log...thanks

 

ComboFix 09-11-07.02 - User 09/11/2009 19:34.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.222 [GMT 0:00]

Running from: f:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: f:\documents and settings\User\Desktop\CFScript.txt.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

f:\documents and settings\All Users\Application Data\Kiwee Toolbar

f:\program files\Kiwee Toolbar

f:\program files\Kiwee Toolbar\2.9.201\AGTBCore.dll

f:\program files\Kiwee Toolbar\2.9.201\AolIMToolbar.dll

f:\program files\Kiwee Toolbar\2.9.201\firefox\chrome.manifest

f:\program files\Kiwee Toolbar\2.9.201\firefox\chrome\kiweetoolbar.jar

f:\program files\Kiwee Toolbar\2.9.201\firefox\components\AGCore.js

f:\program files\Kiwee Toolbar\2.9.201\firefox\components\AGCore.xpt

f:\program files\Kiwee Toolbar\2.9.201\firefox\components\KiweeSearchHistory.js

f:\program files\Kiwee Toolbar\2.9.201\firefox\components\SearchProtection.js

f:\program files\Kiwee Toolbar\2.9.201\firefox\components\SearchProtection.xpt

f:\program files\Kiwee Toolbar\2.9.201\firefox\defaults\preferences\defaults.js

f:\program files\Kiwee Toolbar\2.9.201\firefox\firefox.xpi

f:\program files\Kiwee Toolbar\2.9.201\firefox\install.rdf

f:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\manifest.mf

f:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\zigbert.rsa

f:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\zigbert.sf

f:\program files\Kiwee Toolbar\2.9.201\FlashCOM.dll

f:\program files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll

f:\program files\Kiwee Toolbar\2.9.201\KiweeContentHost.dll

f:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll

f:\program files\Kiwee Toolbar\2.9.201\KiweeIMToolbar.dll

f:\program files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll

f:\program files\Kiwee Toolbar\2.9.201\KiweeTBCore.tlb

f:\program files\Kiwee Toolbar\2.9.201\kiweetoolbar.zip

f:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe

f:\program files\Kiwee Toolbar\2.9.201\mfc80u.dll

f:\program files\Kiwee Toolbar\2.9.201\Microsoft.VC80.CRT.manifest

f:\program files\Kiwee Toolbar\2.9.201\Microsoft.VC80.MFC.manifest

f:\program files\Kiwee Toolbar\2.9.201\msimg32.dll

f:\program files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll

f:\program files\Kiwee Toolbar\2.9.201\msvcp80.dll

f:\program files\Kiwee Toolbar\2.9.201\msvcr80.dll

f:\program files\Kiwee Toolbar\2.9.201\RemoteLib.dll

f:\program files\Kiwee Toolbar\2.9.201\Riched20.dll

.

((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))

.

2009-11-06 09:16 . 2009-10-21 08:04 2064152 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

2009-11-04 21:10 . 2009-11-04 23:39 -------- d-----w- f:\windows\BDOSCAN8

2009-11-04 19:45 . 2009-11-04 19:45 152576 ----a-w- f:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-04 19:00 . 2009-09-10 14:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys

2009-11-04 19:00 . 2009-09-10 14:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys

2009-11-04 19:00 . 2009-11-04 19:01 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware

2009-11-03 20:01 . 2009-11-03 20:01 -------- d-----w- f:\program files\VS Revo Group

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\Common Files\ParetoLogic

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\ParetoLogic

2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic

2009-11-03 19:51 . 2009-11-03 19:51 -------- d-----w- f:\documents and settings\User\Local Settings\Application Data\Downloaded Installations

2009-11-02 22:05 . 2009-11-02 22:05 117760 ----a-w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-02 22:03 . 2009-11-02 22:03 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-11-02 22:01 . 2009-11-02 22:01 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2009-11-02 21:10 . 2009-11-02 21:10 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard

2009-11-02 19:20 . 2009-11-02 19:20 -------- d-----w- f:\windows\system32\wbem\Repository

2009-11-02 18:59 . 2009-11-02 19:59 -------- d-----w- f:\program files\Unlocker

2009-11-02 18:30 . 2009-11-02 18:35 99142 ----a-w- F:\MGlogs.zip

2009-11-02 18:30 . 2009-11-02 19:18 -------- d-----w- F:\MGtools

2009-11-02 10:23 . 2009-11-02 19:18 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware(2)

2009-11-02 10:01 . 2009-11-02 19:18 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware(2).com

2009-11-02 00:10 . 2009-11-02 09:22 29216 --sha-w- f:\windows\system32\drivers\fidbox2.dat

2009-11-02 00:10 . 2009-11-02 09:22 1818912 --sha-w- f:\windows\system32\drivers\fidbox.dat

2009-11-01 23:07 . 2009-11-02 22:01 -------- d-----w- f:\program files\SUPERAntiSpyware

2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\User\Application Data\Malwarebytes

2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-23 18:26 . 2009-10-23 18:26 -------- d-----w- f:\program files\iPod

2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\program files\iTunes

2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-23 18:19 . 2009-10-23 18:20 -------- d-----w- f:\program files\QuickTime

2009-10-23 18:10 . 2009-10-23 18:10 79144 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

2009-10-17 07:38 . 2009-10-17 07:37 2025752 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-09 18:28 . 2009-06-24 19:20 -------- d-----w- f:\documents and settings\All Users\Application Data\WildTangent

2009-11-09 10:46 . 2009-04-05 00:58 -------- d-----w- f:\documents and settings\User\Application Data\Spotify

2009-11-04 19:57 . 2009-01-19 19:22 -------- d-----w- f:\program files\Java

2009-11-03 21:52 . 2009-05-21 20:22 -------- d-----w- f:\documents and settings\User\Application Data\Skype

2009-11-03 21:40 . 2009-02-08 12:52 -------- d-----w- f:\documents and settings\User\Application Data\skypePM

2009-11-02 09:22 . 2009-11-02 00:10 3788 --sha-w- f:\windows\system32\drivers\fidbox2.idx

2009-11-02 09:22 . 2009-11-02 00:10 25436 --sha-w- f:\windows\system32\drivers\fidbox.idx

2009-11-02 08:43 . 2009-09-16 19:40 -------- d-----w- f:\program files\Gamenext

2009-10-23 18:26 . 2009-06-12 19:58 -------- d-----w- f:\program files\Common Files\Apple

2009-10-11 04:17 . 2009-06-07 09:15 411368 ----a-w- f:\windows\system32\deploytk.dll

2009-10-06 20:57 . 2009-01-28 19:51 -------- d-----w- f:\program files\Windows Live

2009-10-06 20:40 . 2009-10-06 20:39 -------- d-----w- f:\documents and settings\User\Application Data\agi

2009-10-06 20:39 . 2009-06-12 22:04 -------- d-----w- f:\documents and settings\All Users\Application Data\agi

2009-10-06 20:39 . 2009-04-23 21:29 339968 ----a-w- f:\windows\system32\pythoncom25.dll

2009-10-06 20:39 . 2009-04-23 21:29 2117632 ----a-w- f:\windows\system32\python25.dll

2009-10-06 20:39 . 2009-04-23 21:29 114688 ----a-w- f:\windows\system32\pywintypes25.dll

2009-10-06 20:39 . 2009-10-06 20:39 -------- d-----w- f:\program files\AGI

2009-09-28 22:57 . 2009-09-28 22:57 -------- d-----w- f:\documents and settings\User\Application Data\Serif

2009-09-28 22:54 . 2009-09-28 22:54 -------- d-----w- f:\program files\Serif

2009-09-25 06:30 . 2009-01-21 17:55 1 ----a-w- f:\documents and settings\User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-09-24 11:28 . 2009-09-24 11:28 -------- d-----w- f:\documents and settings\User\Application Data\Windows Live Writer

2009-09-17 16:09 . 2009-01-22 19:43 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP

2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\User\Application Data\PlayFirst

2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\All Users\Application Data\PlayFirst

2009-09-16 21:16 . 2009-03-06 20:20 -------- d-----w- f:\program files\Oberon Media

2009-09-16 19:41 . 2009-09-16 19:41 -------- d-----w- f:\documents and settings\All Users\Application Data\GamesBar

2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- f:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll

2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- f:\windows\system32\wininet.dll

2009-08-26 08:26 . 2009-01-21 19:06 11952 ----a-w- f:\windows\system32\avgrsstx.dll

2009-08-26 08:26 . 2009-01-21 19:06 27784 ----a-w- f:\windows\system32\drivers\avgmfx86.sys

2009-08-26 08:26 . 2009-01-21 19:06 335240 ----a-w- f:\windows\system32\drivers\avgldx86.sys

2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_12.44.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-09 19:49 . 2009-11-09 19:49 16384 f:\windows\temp\Perflib_Perfdata_cc8.dat

+ 2009-11-09 19:48 . 2009-11-09 19:48 16384 f:\windows\temp\Perflib_Perfdata_728.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 10:58 1107200 ----a-w- f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="f:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]

"AVFX Engine"="f:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"snp2std"="f:\windows\vsnp2std.exe" [2005-08-13 348160]

"Creative Software Update"="f:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [bU]

"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 185896]

"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

"ParetoLogic Anti-Virus PLUS"="f:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-11-09 2355]

"Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"VTTimer"="VTTimer.exe" - f:\windows\system32\VTTimer.exe [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" - f:\windows\system32\VTTrayp.exe [2005-03-11 147456]

"SoundMan"="SOUNDMAN.EXE" - f:\windows\SOUNDMAN.EXE [2005-09-22 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\User\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 15:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-26 08:26 11952 ----a-w- f:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"f:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"f:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"f:\\WINDOWS\\system32\\dxdiag.exe"=

"f:\\Program Files\\Messenger\\msmsgs.exe"=

"f:\\Program Files\\Spotify\\spotify.exe"=

"f:\\WINDOWS\\system32\\dpvsetup.exe"=

"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"f:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [21/01/2009 19:06 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [21/01/2009 19:06 108552]

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]

R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]

R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [21/01/2009 19:06 908056]

R2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [21/01/2009 19:06 297752]

R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [20/02/2009 10:49 54752]

R2 ZeppelinService;plasservice;f:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14:40 587216]

R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]

S3 fsssvc;Windows Live Family Safety Service;f:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-11-06 f:\windows\Tasks\AppleSoftwareUpdate.job

- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-09 f:\windows\Tasks\ParetoLogic Registration.job

- f:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]

2009-11-09 f:\windows\Tasks\User_Feed_Synchronization-{641EEE1C-5145-4864-B1AD-6DDBA7CC4D33}.job

- f:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} - http://file:///F:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-KiweeHook - f:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-11-09 19:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)

f:\program files\SUPERAntiSpyware\SASWINLO.dll

f:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2720)

f:\windows\system32\WININET.dll

f:\program files\Unlocker\UnlockerHook.dll

f:\windows\system32\ieframe.dll

f:\windows\system32\webcheck.dll

f:\windows\system32\WPDShServiceObj.dll

f:\windows\system32\PortableDeviceTypes.dll

f:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

f:\program files\Bonjour\mDNSResponder.exe

f:\program files\Java\jre6\bin\jqs.exe

f:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

f:\progra~1\AVG\AVG8\avgrsx.exe

f:\progra~1\AVG\AVG8\avgnsx.exe

f:\program files\AVG\AVG8\avgcsrvx.exe

f:\windows\system32\wscntfy.exe

f:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe

f:\program files\OpenOffice.org 3\program\soffice.exe

f:\program files\OpenOffice.org 3\program\soffice.bin

f:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-11-09 19:57 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-09 19:57

ComboFix2.txt 2009-11-08 12:49

ComboFix3.txt 2009-11-02 18:01

Pre-Run: 62,053,519,360 bytes free

Post-Run: 62,050,816,000 bytes free

- - End Of File - - C0C0879FEE20C19AD68F3A5A497CD249

[lorraine112]

Hi Chiaz

Thankyou for your help msn and yahoo messanger are now working. i will wait for any further instructions, thankyou

[chiaz]

I missed out this...can you navigate to and delete this folder:

f:\documents and settings\All Users\Application Data\WildTangent

 

I think our work is done here - your PC should be clean now.

 

It's time to remove ComboFix.

 

Go to to Start > Run

Type in box

 

combofix /u

 

Note: the space between the X and the /u

 

Press Enter.

 

This command will:

 

Delete the following:

ComboFix and its associated files and folders.

VundoFix backups, if present

The C:\Deckard folder, if present

The C:_OtMoveIt folder, if present

 

Reset the clock settings.

Hide file extensions, if required.

Hide System/Hidden files, if required.

Reset System Restore.

 

 

Even if you have no more queries, I would appreciate if you can reply once more to this thread so that I will be able to have this archived. Thanks. :)