Hjt Log Help Please!

[lana105]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:50 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\inf\winsys32.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CallControl 4.5] "C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe" /autoload
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [Anti Trojan Elite] "C:\Program Files\Anti Trojan Elite\TJEnder.exe" :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] "C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" min
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" /S
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: YU-MP3.COM Account Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &YU-MP3.COM User Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161429338140
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BA2D9665-D672-446F-98F4-E3E41FA12A01} (PCAObj Class) - http://www.mypccenter.com/CAB/PCA.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/o...abs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBAB252-AE98-4860-A218-72B4FF621C49}: NameServer = 217.23.192.9 217.23.192.14
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 10879 bytes

[lana105]

3:55 PM: ApplicationMinimized - EXIT
3:55 PM: ApplicationMinimized - ENTER
3:54 PM: File System Shield: found: Trojan Horse: trojan looksy, version 1.0.0.0 -- File System Read/Write allowed
3:54 PM: File System Shield: found: Trojan Horse: trojan looksy, version 1.0.0.0 -- File System Read/Write allowed
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN6.EXE
2:26 PM: Tamper Detection
2:13 PM: ApplicationMinimized - EXIT
2:13 PM: ApplicationMinimized - ENTER
1:50 PM: BHO Shield: found: -- BHO installation allowed at user request
1:50 PM: Warning: no filename sent to VerifyFileSignature
1:39 PM: ApplicationMinimized - EXIT
1:39 PM: ApplicationMinimized - ENTER
1:39 PM: Startup Shield: Entry Allowed: Anti Trojan Elite
1:38 PM: ApplicationMinimized - EXIT
1:38 PM: ApplicationMinimized - ENTER
1:23 PM: ApplicationMinimized - EXIT
1:23 PM: ApplicationMinimized - ENTER
1:17 PM: ApplicationMinimized - EXIT
1:17 PM: ApplicationMinimized - ENTER
1:16 PM: ApplicationMinimized - EXIT
1:16 PM: ApplicationMinimized - ENTER
1:15 PM: License Check Status (0): Success
1:13 PM: ApplicationMinimized - EXIT
1:13 PM: ApplicationMinimized - EXIT
1:13 PM: ApplicationMinimized - ENTER
1:13 PM: ApplicationMinimized - ENTER
1:13 PM: Startup Shield: Entry Allowed: Anti Trojan Elite
1:12 PM: ApplicationMinimized - EXIT
1:12 PM: ApplicationMinimized - ENTER
1:12 PM: Startup Shield: Entry Allowed: Anti Trojan Elite
1:12 PM: Startup Shield: Entry Allowed: Anti Trojan Elite
1:11 PM: ApplicationMinimized - EXIT
1:11 PM: ApplicationMinimized - ENTER
1:01 PM: Sent error log: C:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
1:01 PM: Sent error log: C:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
12:58 PM: ApplicationMinimized - EXIT
12:58 PM: ApplicationMinimized - ENTER
6:57 AM: Traces Found: 15
6:57 AM: Full Sweep has completed. Elapsed time 01:44:38
6:57 AM: File Sweep Complete, Elapsed Time: 00:16:44
Not enough storage is available to process this command
6:56 AM: Warning: Unable to sweep compressed file: System Error. Code: 8.
6:53 AM: Warning: TCompressedFile.GetStreams(2): Stream read error
6:52 AM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
6:50 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsdc14dbbd-d188-4aba-8e14-b104a7056906.tmp". The operation completed successfully
6:50 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsd4609694-2783-46f0-88b5-00641d437d17.tmp". The operation completed successfully
6:50 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmscc25b843-a5bf-4307-a9f9-64b1e41302c7.tmp". The operation completed successfully
6:50 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms9fa4eae2-be4a-4e98-80fb-5b47872599f0.tmp". The operation completed successfully
6:50 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsbb685c49-1270-4186-a77c-f45a46fb3f2d.tmp". The operation completed successfully
6:50 AM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms4a42a908-5868-431a-aef9-fe0ac91963e0.tmp". The operation completed successfully
6:45 AM: C:\WINDOWS\system32\qhcripkfeh.dll (ID = 1324599)
6:45 AM: Found Trojan Horse: trojan looksy
6:41 AM: c:\windows\system32\koos.exe (ID = 526035)
6:41 AM: c:\windows\system32\kprof (ID = 526055)
6:41 AM: c:\windows\system32\poof (ID = 526056)
6:40 AM: Starting File Sweep
6:40 AM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
6:40 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:40 AM: Starting Cookie Sweep
6:40 AM: Registry Sweep Complete, Elapsed Time:01:21:46
6:39 AM: HKU\S-1-5-21-1960408961-1767777339-725345543-500\software\microsoft\windows\currentversion\ext\ stats\{ba2325ed-f9eb-4830-8fce-0bc35b16969b}\ (ID = 1887336)
6:39 AM: Found Adware: whenu searchbar/pricebandit
6:39 AM: HKLM\software\microsoft\removerp\ (ID = 3160720)
6:39 AM: HKLM\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}\ (ID = 3105536)
6:39 AM: Found Adware: onestep search
6:39 AM: HKLM\system\currentcontrolset\services\poof\ (ID = 2136492)
6:39 AM: HKLM\system\currentcontrolset\services\kprof\ (ID = 2136484)
6:39 AM: HKLM\system\controlset001\enum\root\legacy_poof\ (ID = 2135588)
6:39 AM: HKLM\system\controlset001\services\poof\ (ID = 2108973)
6:39 AM: HKLM\system\controlset001\services\kprof\ (ID = 2108965)
6:39 AM: Found Trojan Horse: trojan wopla
6:29 AM: Error: LogError w/o exception.
5:40 AM: ApplicationMinimized - EXIT
5:40 AM: ApplicationMinimized - ENTER
5:40 AM: ApplicationMinimized - EXIT
5:40 AM: ApplicationMinimized - ENTER
5:40 AM: ApplicationMinimized - EXIT
5:40 AM: ApplicationMinimized - ENTER
5:39 AM: ApplicationMinimized - EXIT
5:39 AM: ApplicationMinimized - ENTER
5:36 AM: ApplicationMinimized - EXIT
5:36 AM: ApplicationMinimized - ENTER
5:36 AM: ApplicationMinimized - EXIT
5:36 AM: ApplicationMinimized - ENTER
5:34 AM: ApplicationMinimized - EXIT
5:34 AM: ApplicationMinimized - ENTER
5:33 AM: ApplicationMinimized - EXIT
5:33 AM: ApplicationMinimized - ENTER
5:32 AM: ApplicationMinimized - EXIT
5:32 AM: ApplicationMinimized - ENTER
5:31 AM: ApplicationMinimized - EXIT
5:31 AM: ApplicationMinimized - ENTER
5:31 AM: ApplicationMinimized - EXIT
5:31 AM: ApplicationMinimized - ENTER
5:30 AM: ApplicationMinimized - EXIT
5:30 AM: ApplicationMinimized - ENTER
5:27 AM: ApplicationMinimized - EXIT
5:27 AM: ApplicationMinimized - ENTER
5:23 AM: ApplicationMinimized - EXIT
5:23 AM: ApplicationMinimized - ENTER
5:21 AM: ApplicationMinimized - EXIT
5:21 AM: ApplicationMinimized - ENTER
5:19 AM: ApplicationMinimized - EXIT
5:19 AM: ApplicationMinimized - ENTER
5:18 AM: Starting Registry Sweep
5:18 AM: Memory Sweep Complete, Elapsed Time: 00:05:50
5:17 AM: ApplicationMinimized - EXIT
5:17 AM: ApplicationMinimized - ENTER
5:15 AM: ApplicationMinimized - EXIT
5:15 AM: ApplicationMinimized - ENTER
5:14 AM: Detected running threat: C:\WINDOWS\system32\jkkjk.dll (ID = 676)
5:14 AM: Detected running threat: C:\WINDOWS\system32\tuvtsrp.dll (ID = 676)
5:14 AM: Found Adware: virtumonde
5:12 AM: Starting Memory Sweep
5:12 AM: HKLM\software\microsoft\windows\currentversion\run \ || runner1 (ID = 2191081)
5:12 AM: Found Trojan Horse: trojan-downloader-waverevenue
5:12 AM: Start Full Sweep
5:12 AM: Sweep initiated using definitions version 1113
5:12 AM: Your spyware definitions have been updated.
5:10 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
Keylogger: Off
5:10 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:10 AM: Shield States
5:10 AM: License Check Status (0): Success
5:10 AM: Spyware Definitions: 1036
5:09 AM: Spy Sweeper 5.5.7.124 started
5:09 AM: Spy Sweeper 5.5.7.124 started
5:09 AM: | Start of Session, Friday, March 21, 2008 |
***************

[jholland1964]

Lana, you shouldn't run multiple threads on the same topic. We don't know what the logs are referring to unless they go into the original thread. I have no idea what the second log is from that you have posted, though it looks like spysweeper. If you have this program on your computer then you should have it configured to clean. If this is just the free trial then I don't believe it will clean. Uninstall this if it is the free trial. Then follow steps in the link below.
I have placed both of your threads into one.
Please go to this link
Follow all the steps given there and then post back right here in this thread with all the requested logs.

[jholland1964]

Your HJT log shows at least two trojans on the system. I urge you to complete ALL the steps in the link I gave you and allow ALL programs to fix whatever is found. Then post back here with new logs requested.

[lana105]

I had some problems with my internet connection so I wasn't able to post this earlier.
In the attachment are HijackThis log, Uninstall List and MalwareBytes’ Anti-Malware log.

ESET Online Scanner log - NO THREATS FOUND.

In add/remove programs I have program that I can't remove, it's ASK TOOLBAR!!

And AntiVir still shows that I have virus - TR/Trash.GEN

Was't able to attach Hijackthis.log, so here it is.



Logfile of HijackThis v1.99.1
Scan saved at 7:58:42 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\analyzer.exe
C:\Program Files\HijackThis\analyzer.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O20 - Winlogon Notify: qhcripkfeh - C:\WINDOWS\SYSTEM32\qhcripkfeh.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[lana105]

AntiVir shows that I have virus - WORM/Locksky.CC

[jholland1964]

Was HJT run in normal mode? It appears to be incomplete. It is showing only one item in your startup, no R entries, no 16 entries. There is something wrong with the way the scan was done. Was this run AFTER all the fixes were applied? It must be run in normal mode unless directed otherwise.

When Antivir finds these infections do you tell it to quarantine them? If so, then get rid of the quarantine files.
The Malwarebyte program DID remove several infections. Did you reboot following the running of all these programs?

[lana105]

Here is the new Hijackthis.log


Logfile of HijackThis v1.99.1
Scan saved at 6:39:34 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\analyzer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FBAB252-AE98-4860-A218-72B4FF621C49}: NameServer = 217.23.192.9 217.23.192.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: qhcripkfeh - qhcripkfeh.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

PersonalEdition Classic\avguard.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe





I have few more problems. My IE doesn't work, MSN Explorer too and my other programs often just freeze and I have to use Task manager to close it. Is that because of the viruses I had, or because I cleaned with all those programs and maybe I cleaned some files I wasn't suppose to?

[jholland1964]

lana, the log is still very odd...according to the HJT log the only programs set to run at start up are;
Antivir, a google updater, a file which monitors language input, and files related to your video driver. That is it. This really isn't normal. Are you ABSOLUTELY certain that the computer is booting to NORMAL mode? It doesn't show this in your last two HJT logs, as it showed in the first log. Which also looked much more normal than these last ones. Also, your original log was HJT version 2.02, these last two are with the older version 1.99

In running processes your printer spool server, Adobe Reader, MSN Messenger though I don't see those settings as auto starts in your log.
Have you disabled a lot of items using msconfig?
I don't believe running any of the removal programs in the sticky would have caused any of these problems...unless you did some manual uninstall of some programs....did you? How long have you had the problems with IE7, MSN Explorer?
Part of the problem for me is I don't know what other programs you ran before you posted here.

[lana105]

IE7, MSN Explorer don't work since yesterday. I didn't manually uninstall anything.
I think it's booting in NORMAL mode. How can I check that?

Thank you very much for your help!