Need help with virus

ballooba · 05-01-2010 11:49pm #1

My sister has infected her laptop after an unfortunate dalliance with bit torrent. I've followed the steps in the sticky but I don't reckon it will be 100% gone.

Malwarebyte's logs:
====================================================

Malwarebytes' Anti-Malware 1.43
Database version: 3497
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05/01/2010 21:22:22
mbam-log-2010-01-05 (21-22-22).txt

Scan type: Quick Scan
Objects scanned: 120189
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 37
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\put2vidqlg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Me\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Me\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Super AntiSpyware
============================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/05/2010 at 11:12 PM

Application Version : 4.32.1000

Core Rules Database Version : 4449
Trace Rules Database Version: 2271

Scan type       : Complete Scan
Total Scan Time : 01:13:16

Memory items scanned      : 590
Memory threats detected   : 0
Registry items scanned    : 6960
Registry threats detected : 39
File items scanned        : 49584
File threats detected     : 294

Adware.HBHelper
	HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
	HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
	HKCR\URLSearchHook.ToolbarURLSearchHook.1
	HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
	HKCR\URLSearchHook.ToolbarURLSearchHook
	HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
	HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
	HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
	HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
	HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
	HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
	HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
	C:\PROGRAM FILES\FAST BROWSER SEARCH\IE\TBHELPER.DLL

Adware.Tracking Cookie
	C:\Documents and Settings\Me\Cookies\me@imrworldwide[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.as4x.tmcs[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.widgetbucks[1].txt
	C:\Documents and Settings\Me\Cookies\me@112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@collective-media[1].txt
	C:\Documents and Settings\Me\Cookies\me@yourmedia[1].txt
	C:\Documents and Settings\Me\Cookies\me@clickshift[2].txt
	C:\Documents and Settings\Me\Cookies\me@xiti[1].txt
	C:\Documents and Settings\Me\Cookies\me@ad.uk.tangozebra[2].txt
	C:\Documents and Settings\Me\Cookies\me@atdmt[1].txt
	C:\Documents and Settings\Me\Cookies\me@statse.webtrendslive[1].txt
	C:\Documents and Settings\Me\Cookies\me@aerlingus.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@metacafe.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.fashionriot[1].txt
	C:\Documents and Settings\Me\Cookies\me@specificclick[1].txt
	C:\Documents and Settings\Me\Cookies\me@ad.uk.tangozebra[1].txt
	C:\Documents and Settings\Me\Cookies\me@adrevolver[2].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[1].txt
	C:\Documents and Settings\Me\Cookies\me@doubleclick[1].txt
	C:\Documents and Settings\Me\Cookies\me@adinterax[2].txt
	C:\Documents and Settings\Me\Cookies\me@adserver.mediarun[1].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-nexusmedia.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@adtech[2].txt
	C:\Documents and Settings\Me\Cookies\me@skyscanner[1].txt
	C:\Documents and Settings\Me\Cookies\me@focalex[1].txt
	C:\Documents and Settings\Me\Cookies\me@dmtracker[1].txt
	C:\Documents and Settings\Me\Cookies\me@server.iad.liveperson[3].txt
	C:\Documents and Settings\Me\Cookies\me@www.3dstats[1].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-reed.hitbox[2].txt
	C:\Documents and Settings\Me\Cookies\me@ads.pointroll[1].txt
	C:\Documents and Settings\Me\Cookies\me@advertising[2].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-autotrader.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@ie-stat.bmmetrix[1].txt
	C:\Documents and Settings\Me\Cookies\me@stats.channel4[1].txt
	C:\Documents and Settings\Me\Cookies\me@opodo.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@media.adrevolver[2].txt
	C:\Documents and Settings\Me\Cookies\me@videoegg.adbureau[2].txt
	C:\Documents and Settings\Me\Cookies\me@eusexads[2].txt
	C:\Documents and Settings\Me\Cookies\me@bluestreak[1].txt
	C:\Documents and Settings\Me\Cookies\me@casalemedia[2].txt
	C:\Documents and Settings\Me\Cookies\me@msnportal.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@serving-sys[1].txt
	C:\Documents and Settings\Me\Cookies\me@channel4.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\Me\Cookies\me@media.adrevolver[1].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[1].txt
	C:\Documents and Settings\Me\Cookies\me@hotelscom.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@bizrate[1].txt
	C:\Documents and Settings\Me\Cookies\me@revsci[1].txt
	C:\Documents and Settings\Me\Cookies\me@de.sitestat[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.boards[1].txt
	C:\Documents and Settings\Me\Cookies\me@ad.yieldmanager[1].txt
	C:\Documents and Settings\Me\Cookies\me@hitbox[2].txt
	C:\Documents and Settings\Me\Cookies\me@ads.us.e-planning[1].txt
	C:\Documents and Settings\Me\Cookies\me@adviva[2].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-greendot.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@data.coremetrics[1].txt
	C:\Documents and Settings\Me\Cookies\me@eyewonder[2].txt
	C:\Documents and Settings\Me\Cookies\me@adverts2.propertynews[2].txt
	C:\Documents and Settings\Me\Cookies\me@azjmp[2].txt
	C:\Documents and Settings\Me\Cookies\me@track.bestbuy[2].txt
	C:\Documents and Settings\Me\Cookies\me@anad.tacoda[2].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-upcchellomedia.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@interclick[1].txt
	C:\Documents and Settings\Me\Cookies\me@statcounter[1].txt
	C:\Documents and Settings\Me\Cookies\me@adbrite[2].txt
	C:\Documents and Settings\Me\Cookies\me@mediaplex[2].txt
	C:\Documents and Settings\Me\Cookies\me@rocku.adbureau[2].txt
	C:\Documents and Settings\Me\Cookies\me@atwola[1].txt
	C:\Documents and Settings\Me\Cookies\me@perf.overture[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.nebuadserving[2].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-hibernian.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@findarticles[2].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[4].txt
	C:\Documents and Settings\Me\Cookies\me@myroitracking[2].txt
	C:\Documents and Settings\Me\Cookies\me@irishtimesgroup.112.2o7[2].txt
	C:\Documents and Settings\Me\Cookies\me@kontera[2].txt
	C:\Documents and Settings\Me\Cookies\me@optimize.indieclick[2].txt
	C:\Documents and Settings\Me\Cookies\me@clickandinsure[2].txt
	C:\Documents and Settings\Me\Cookies\me@oddcast[1].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-nokiafin.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[2].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[5].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[6].txt
	C:\Documents and Settings\Me\Cookies\me@ads.clicksor[2].txt
	C:\Documents and Settings\Me\Cookies\me@server.iad.liveperson[6].txt
	C:\Documents and Settings\Me\Cookies\me@warnerbros.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[2].txt
	C:\Documents and Settings\Me\Cookies\me@stats.idb.raboplus[2].txt
	C:\Documents and Settings\Me\Cookies\me@tripod[2].txt
	C:\Documents and Settings\Me\Cookies\me@ads.addynamix[2].txt
	C:\Documents and Settings\Me\Cookies\me@adcentriconline[2].txt
	C:\Documents and Settings\Me\Cookies\me@clicktorrent[1].txt
	C:\Documents and Settings\Me\Cookies\me@adultfriendfinder[1].txt
	C:\Documents and Settings\Me\Cookies\me@e-2dj6wfl4upcpcep.stats.esomniture[2].txt
	C:\Documents and Settings\Me\Cookies\me@revenue[2].txt
	C:\Documents and Settings\Me\Cookies\me@richmedia.yahoo[1].txt
	C:\Documents and Settings\Me\Cookies\me@e-2dj6wjkowjajobo.stats.esomniture[2].txt
	C:\Documents and Settings\Me\Cookies\me@timeinc.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@server.lon.liveperson[3].txt
	C:\Documents and Settings\Me\Cookies\me@casinolasvegas[1].txt
	C:\Documents and Settings\Me\Cookies\me@sonyelectronicssupportus.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@tracking.summitmedia.co[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.intelli-tracker[1].txt
	C:\Documents and Settings\Me\Cookies\me@sonyeurope.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.techguy[2].txt
	C:\Documents and Settings\Me\Cookies\me@apmebf[1].txt
	C:\Documents and Settings\Me\Cookies\me@adserver.aol[2].txt
	C:\Documents and Settings\Me\Cookies\me@phg.hitbox[2].txt
	C:\Documents and Settings\Me\Cookies\me@skyscanner[3].txt
	C:\Documents and Settings\Me\Cookies\me@iacas.adbureau[1].txt
	C:\Documents and Settings\Me\Cookies\me@adverts.campus[2].txt
	C:\Documents and Settings\Me\Cookies\me@stats.idb.raboplus[1].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[3].txt
	C:\Documents and Settings\Me\Cookies\me@adverts[2].txt
	C:\Documents and Settings\Me\Cookies\me@trafficmp[1].txt
	C:\Documents and Settings\Me\Cookies\me@tribalfusion[1].txt
	C:\Documents and Settings\Me\Cookies\me@dga.specificclick[1].txt
	C:\Documents and Settings\Me\Cookies\me@a.findarticles[2].txt
	C:\Documents and Settings\Me\Cookies\me@3mobile.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@adecn[1].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[4].txt
	C:\Documents and Settings\Me\Cookies\me@highbeam.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@largus.solution.weborama[2].txt
	C:\Documents and Settings\Me\Cookies\me@banner.casinolasvegas[2].txt
	C:\Documents and Settings\Me\Cookies\me@indextools[1].txt
	C:\Documents and Settings\Me\Cookies\me@socialmedia[1].txt
	C:\Documents and Settings\Me\Cookies\me@tradedoubler[2].txt
	C:\Documents and Settings\Me\Cookies\me@122.2o7[2].txt
	C:\Documents and Settings\Me\Cookies\me@thirteenforhalloween[1].txt
	C:\Documents and Settings\Me\Cookies\me@stats2.clicktracks[2].txt
	C:\Documents and Settings\Me\Cookies\me@account.live[2].txt
	C:\Documents and Settings\Me\Cookies\me@www.usenext[3].txt
	C:\Documents and Settings\Me\Cookies\me@burstbeacon[1].txt
	C:\Documents and Settings\Me\Cookies\me@test.coremetrics[1].txt
	C:\Documents and Settings\Me\Cookies\me@westsussex.gov[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.hotpress[2].txt
	C:\Documents and Settings\Me\Cookies\me@fr.at.atwola[1].txt
	C:\Documents and Settings\Me\Cookies\me@trinitymirror.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@premiumtv.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads5.associatedcontent[2].txt
	C:\Documents and Settings\Me\Cookies\me@media6degrees[2].txt
	C:\Documents and Settings\Me\Cookies\me@server.iad.liveperson[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.etracker[1].txt
	C:\Documents and Settings\Me\Cookies\me@paypal.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@hearstugo.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@kaboose.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@jibjab.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@trackmon.itor[2].txt
	C:\Documents and Settings\Me\Cookies\me@bravenet[2].txt
	C:\Documents and Settings\Me\Cookies\me@tracking.keywordmax[1].txt
	C:\Documents and Settings\Me\Cookies\me@partypoker[1].txt
	C:\Documents and Settings\Me\Cookies\me@rainbowmedia.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.as4x.tmcs.ticketmaster[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.react2media[2].txt
	C:\Documents and Settings\Me\Cookies\me@sales.liveperson[2].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-warnerbrothers.hitbox[2].txt
	C:\Documents and Settings\Me\Cookies\me@partygaming.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@wsgfl.westsussex.gov[2].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[3].txt
	C:\Documents and Settings\Me\Cookies\me@counter.hitslink[1].txt
	C:\Documents and Settings\Me\Cookies\me@realmedia[2].txt
	C:\Documents and Settings\Me\Cookies\me@avivauk.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@aib.112.2o7[2].txt
	C:\Documents and Settings\Me\Cookies\me@parship.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@counter2.hitslink[1].txt
	C:\Documents and Settings\Me\Cookies\me@cts.metricsdirect[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.insight-intermark[2].txt
	C:\Documents and Settings\Me\Cookies\me@ad.associatedcontent[1].txt
	C:\Documents and Settings\Me\Cookies\me@estat[1].txt
	C:\Documents and Settings\Me\Cookies\me@roiservice[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.associatedcontent[2].txt
	C:\Documents and Settings\Me\Cookies\me@e-2dj6wjlysiazkao.stats.esomniture[2].txt
	C:\Documents and Settings\Me\Cookies\me@content.yieldmanager[2].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[5].txt
	C:\Documents and Settings\Me\Cookies\me@traffic.tcmagnet[2].txt
	C:\Documents and Settings\Me\Cookies\me@insightexpressai[1].txt
	C:\Documents and Settings\Me\Cookies\me@tracking.lsfinteractive[1].txt
	C:\Documents and Settings\Me\Cookies\me@burberry.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@chitika[1].txt
	C:\Documents and Settings\Me\Cookies\me@clickbank[1].txt
	C:\Documents and Settings\Me\Cookies\me@server.cpmstar[2].txt
	C:\Documents and Settings\Me\Cookies\me@burstnet[2].txt
	C:\Documents and Settings\Me\Cookies\me@tacoda[1].txt
	C:\Documents and Settings\Me\Cookies\me@stat.onestat[2].txt
	C:\Documents and Settings\Me\Cookies\me@rezidor.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@hotels.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@questionmarket[1].txt
	C:\Documents and Settings\Me\Cookies\me@adserver.adtechus[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.torrentreactor[1].txt
	C:\Documents and Settings\Me\Cookies\me@stats.paypal[2].txt
	C:\Documents and Settings\Me\Cookies\me@adfarm1.adition[1].txt
	C:\Documents and Settings\Me\Cookies\me@e-2dj6wmkismazghp.stats.esomniture[2].txt
	C:\Documents and Settings\Me\Cookies\me@ads.audxch[1].txt
	C:\Documents and Settings\Me\Cookies\me@ad.dragonstar.dmoglobal[2].txt
	C:\Documents and Settings\Me\Cookies\me@photobox.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@sourcetracker.co[1].txt
	C:\Documents and Settings\Me\Cookies\me@ecnext.advertserve[1].txt
	C:\Documents and Settings\Me\Cookies\me@77tracking[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.mail[2].txt
	C:\Documents and Settings\Me\Cookies\me@server.iad.liveperson[7].txt
	C:\Documents and Settings\Me\Cookies\me@bardondirect.directtrack[2].txt
	C:\Documents and Settings\Me\Cookies\me@pro-market[1].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[7].txt
	C:\Documents and Settings\Me\Cookies\me@bre.directtrack[2].txt
	C:\Documents and Settings\Me\Cookies\me@hotels-and-discounts[1].txt
	C:\Documents and Settings\Me\Cookies\me@freefind[1].txt
	C:\Documents and Settings\Me\Cookies\me@server.iad.liveperson[9].txt
	C:\Documents and Settings\Me\Cookies\me@ads.irishjobs[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.jackpotmadness[1].txt
	C:\Documents and Settings\Me\Cookies\me@nextstat[1].txt
	C:\Documents and Settings\Me\Cookies\me@frenchconnection.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@us.sitestat[1].txt
	C:\Documents and Settings\Me\Cookies\me@msnaccountservices.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.burstbeacon[2].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[7].txt
	C:\Documents and Settings\Me\Cookies\me@trader.adbureau[2].txt
	C:\Documents and Settings\Me\Cookies\me@chicagosuntimes.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@at.atwola[2].txt
	C:\Documents and Settings\Me\Cookies\me@uk.findstuff[1].txt
	C:\Documents and Settings\Me\Cookies\me@viacomedycentralrl.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@tracking.the7thchamber[2].txt
	C:\Documents and Settings\Me\Cookies\me@www.irishsexmatch[2].txt
	C:\Documents and Settings\Me\Cookies\me@cdn5.specificclick[1].txt
	C:\Documents and Settings\Me\Cookies\me@adserver.easyad[2].txt
	C:\Documents and Settings\Me\Cookies\me@pacificpoker[1].txt
	C:\Documents and Settings\Me\Cookies\me@lfstmedia[2].txt
	C:\Documents and Settings\Me\Cookies\me@www.skyscanner[2].txt
	C:\Documents and Settings\Me\Cookies\me@mediaonenetwork[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.usenext[1].txt
	C:\Documents and Settings\Me\Cookies\me@sales.liveperson[1].txt
	C:\Documents and Settings\Me\Cookies\me@webcount.feratel[2].txt
	C:\Documents and Settings\Me\Cookies\me@ads.telegraph.co[1].txt
	C:\Documents and Settings\Me\Cookies\me@buzznet.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@pernodricardgroupe.solution.weborama[2].txt
	C:\Documents and Settings\Me\Cookies\me@overture[2].txt
	C:\Documents and Settings\Me\Cookies\me@uk.at.atwola[1].txt
	C:\Documents and Settings\Me\Cookies\me@eb.adbureau[2].txt
	C:\Documents and Settings\Me\Cookies\me@bouyguestelecom.solution.weborama[2].txt
	C:\Documents and Settings\Me\Cookies\me@hc2.humanclick[2].txt
	C:\Documents and Settings\Me\Cookies\me@ads.fleshbot[1].txt
	C:\Documents and Settings\Me\Cookies\me@trvlnet.adbureau[2].txt
	C:\Documents and Settings\Me\Cookies\me@surveymonkey.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@avgtechnologies.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.skyscanner[1].txt
	C:\Documents and Settings\Me\Cookies\me@cts.zroitracker[1].txt
	C:\Documents and Settings\Me\Cookies\me@adwarealert[2].txt
	C:\Documents and Settings\Me\Cookies\me@www.googleadservices[5].txt
	C:\Documents and Settings\Me\Cookies\me@tourismqld.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@malaysiaairlines.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.googleadservices[2].txt
	C:\Documents and Settings\Me\Cookies\me@tns-counter[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.monster[1].txt
	C:\Documents and Settings\Me\Cookies\me@server.lon.liveperson[2].txt
	C:\Documents and Settings\Me\Cookies\me@toplist[1].txt
	C:\Documents and Settings\Me\Cookies\me@rm.yieldmanager[1].txt
	C:\Documents and Settings\Me\Cookies\me@web4.realtracker[1].txt
	C:\Documents and Settings\Me\Cookies\me@bloomberg.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@cadburyschweppesplc.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@ad.zanox[2].txt
	C:\Documents and Settings\Me\Cookies\me@int.sitestat[8].txt
	C:\Documents and Settings\Me\Cookies\me@track.webtrekk[1].txt
	C:\Documents and Settings\Me\Cookies\me@www5.addfreestats[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.lycos[1].txt
	C:\Documents and Settings\Me\Cookies\me@dynamic.media.adrevolver[1].txt
	C:\Documents and Settings\Me\Cookies\me@weborama[1].txt
	C:\Documents and Settings\Me\Cookies\me@tracker.adjump[1].txt
	C:\Documents and Settings\Me\Cookies\me@content.yieldmanager[3].txt
	C:\Documents and Settings\Me\Cookies\me@adserver.clashmusic[2].txt
	C:\Documents and Settings\Me\Cookies\me@skype.122.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[6].txt
	C:\Documents and Settings\Me\Cookies\me@microsoftwga.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@www.smartadserver[2].txt
	C:\Documents and Settings\Me\Cookies\me@www.googleadservices[1].txt
	C:\Documents and Settings\Me\Cookies\me@dc.tremormedia[2].txt
	C:\Documents and Settings\Me\Cookies\me@server.iad.liveperson[8].txt
	C:\Documents and Settings\Me\Cookies\me@pointroll[2].txt
	C:\Documents and Settings\Me\Cookies\me@ehg-bskyb.hitbox[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.elfster[1].txt
	C:\Documents and Settings\Me\Cookies\me@f.blogads[1].txt
	C:\Documents and Settings\Me\Cookies\me@ads.vuze[2].txt
	C:\Documents and Settings\Me\Cookies\me@yadro[1].txt
	C:\Documents and Settings\Me\Cookies\me@travel.hotels-and-discounts[2].txt
	C:\Documents and Settings\Me\Cookies\me@us.sitestat[2].txt
	C:\Documents and Settings\Me\Cookies\me@click.tvprocessing[2].txt
	C:\Documents and Settings\Me\Cookies\me@fastclick[2].txt
	C:\Documents and Settings\Me\Cookies\me@www.googleadservices[7].txt
	C:\Documents and Settings\Me\Cookies\me@ice.112.2o7[1].txt
	C:\Documents and Settings\Me\Cookies\me@boursoramabanque.solution.weborama[2].txt
	C:\Documents and Settings\Me\Cookies\me@eas.apm.emediate[1].txt
	C:\Documents and Settings\Me\Cookies\me@uk.sitestat[8].txt

Browser Hijacker.Deskbar
	HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
	HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
	HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
	HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
	HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
	HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
	HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
	HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
	HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
	HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
	HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
	HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
	HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
	HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
	HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
	HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version

Trojan.Agent/Gen-Nullo[Short]
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{4488DE73-09D1-43E5-A8F7-F1EDDB4EB85D}\RP395\A0037616.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{4488DE73-09D1-43E5-A8F7-F1EDDB4EB85D}\RP395\A0037617.EXE

HiJack This
==========================================

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:45:15, on 05/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{ca4eedb3-5719-4e27-a478-8d13f761c28d} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: SparkleBox Toolbar - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpa1.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: SparkleBox Toolbar - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpa1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 14112 bytes

Rooter
=========================================

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
C:\  [Fixed-NTFS] .. ( Total:74 Go - Free:17 Go )
D:\  [CD_Rom]
.
Scan : 23:46.23
Path : C:\Documents and Settings\name surname\Desktop\Rooter.exe
User : name surname ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (864)
______ \??\C:\WINDOWS\system32\csrss.exe (928)
______ \??\C:\WINDOWS\system32\winlogon.exe (952)
______ C:\WINDOWS\system32\services.exe (996)
______ C:\WINDOWS\system32\lsass.exe (1008)
______ C:\WINDOWS\system32\svchost.exe (1172)
______ C:\WINDOWS\system32\svchost.exe (1240)
______ C:\WINDOWS\System32\svchost.exe (1280)
______ C:\WINDOWS\system32\svchost.exe (1436)
______ C:\WINDOWS\system32\svchost.exe (1480)
______ C:\WINDOWS\system32\spoolsv.exe (1776)
______ C:\WINDOWS\Explorer.EXE (280)
______ C:\WINDOWS\system32\hkcmd.exe (644)
______ C:\WINDOWS\system32\igfxpers.exe (680)
______ C:\WINDOWS\system32\igfxsrvc.exe (688)
______ C:\WINDOWS\RTHDCPL.EXE (760)
______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (784)
______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (812)
______ C:\WINDOWS\system32\TCtrlIOHook.exe (792)
______ C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (872)
______ C:\WINDOWS\system32\TDispVol.exe (880)
______ C:\WINDOWS\system32\TPSMain.exe (884)
______ C:\WINDOWS\system32\ZoomingHook.exe (896)
______ C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (916)
______ C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (140)
______ C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe (1196)
______ C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (1180)
______ C:\Program Files\Apoint2K\Apoint.exe (1304)
______ C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (1336)
______ C:\WINDOWS\system32\TPSBattM.exe (1348)
______ C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (1356)
______ C:\Program Files\Kontiki\KHost.exe (1380)
______ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (1312)
______ C:\Program Files\Apoint2K\Apntex.exe (1460)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1560)
______ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (1580)
______ C:\WINDOWS\system32\hphmon06.exe (1592)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (1628)
______ C:\Program Files\iTunes\iTunesHelper.exe (1924)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1936)
______ C:\Program Files\Search Guard Plus\SearchGuardPlus.exe (2024)
______ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (156)
______ C:\WINDOWS\system32\ctfmon.exe (216)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1916)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (228)
______ C:\Program Files\Skype\Phone\Skype.exe (504)
______ C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (592)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (160)
______ C:\WINDOWS\system32\svchost.exe (1640)
______ C:\WINDOWS\system32\agrsmsvc.exe (2140)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2184)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (2280)
______ C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (2536)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2592)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (2600)
______ C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (2636)
______ C:\Program Files\Kontiki\KService.exe (2888)
______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (3016)
______ C:\WINDOWS\system32\svchost.exe (3052)
______ C:\WINDOWS\system32\TODDSrv.exe (3076)
______ C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (3140)
______ C:\WINDOWS\system32\wdfmgr.exe (3188)
______ C:\Program Files\Xobni\XobniService.exe (3248)
______ C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (3996)
______ C:\Program Files\iPod\bin\iPodService.exe (180)
______ C:\WINDOWS\System32\alg.exe (2364)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (2376)
______ C:\WINDOWS\system32\wuauclt.exe (276)
______ C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2912)
______ C:\WINDOWS\system32\HPZipm12.exe (2792)
______ C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2272)
______ C:\Documents and Settings\name surname\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (772)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (1744)
______ C:\WINDOWS\system32\NOTEPAD.EXE (2648)
______ C:\WINDOWS\system32\notepad.exe (1868)
______ C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe (536)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (1416)
______ C:\WINDOWS\system32\NOTEPAD.EXE (800)
______ C:\Documents and Settings\name surname\Desktop\Rooter.exe (2468)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80023716864)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-661283408-1976617044-435523580-1008Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-661283408-1976617044-435523580-1008UA.job
C:\WINDOWS\Tasks\HP Usg Daily.job
C:\WINDOWS\Tasks\OGALogon.job
C:\WINDOWS\Tasks\Registration reminder 1.job
C:\WINDOWS\Tasks\Registration reminder 2.job
C:\WINDOWS\Tasks\Registration reminder 3.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:47.07
.
C:\Rooter$\Rooter_1.txt - (05/01/2010 | 23:47.07)

Any help greatly appreciated. Thank god Linux isn't that popular or I'd have to worry about viruses myself.

ActorSeeksJob · 06-01-2010 2:35pm

don't put the logs in code boxes

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Need help with virus

Comments