System Was Infected By Antivirus2009 Bug

Hi 4 days ago my sister my was surfing the net when she went on a site and the computer began to say some crazy stuff about she is infected with a virus and that she needs to use Antivirus 2009, well with her not being computer Literate she said ok, and Bam thus starting all this mess, Browsers were hijacked and she could not surf to where she needed to go, the screen kept going black then Blue Screening, and then it would act like its booting and then go back to the regular windows screen. After she saw this she called me. I came over to see what I could do, and so far I have been able to remove the Antivirus 2009 bug along with alot of other Trojans and Viruses that have taken over her system. she is using BitDefender, and Spyzooka Antispy/malware remover and they have claimed to have gotten rid of the viruses but her system is going really slow still and its a pretty decent system so it should not be going this slow. I have sent a log to Spyzooka for them to analyze of its Scan, and now I am doing the same for you because I am lost and out of ideas and I have been working on this system since Saturday Night. Please Help me... Enclosed with this is a scan from Hijack This, Malwarebyte's and BD last Scan Hopefully you can find what I can't... :wacko:


Malwarebytes' Anti-Malware 1.30


Database version: 1389


Windows 5.1.2600 Service Pack 2


11/12/2008 12:57:13 PM


mbam-log-2008-11-12 (12-57-13).txt


Scan type: Full Scan (C:\|)


Objects scanned: 143898


Time elapsed: 3 hour(s), 8 minute(s), 37 second(s)


Memory Processes Infected: 0


Memory Modules Infected: 0


Registry Keys Infected: 80


Registry Values Infected: 2


Registry Data Items Infected: 0


Folders Infected: 2


Files Infected: 5


Memory Processes Infected:


(No malicious items detected)


Memory Modules Infected:


(No malicious items detected)


Registry Keys Infected:


HKEY_CLASSES_ROOT\sbcoresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbcoresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbhostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbhostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbhostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbhostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbinstie.sbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbinstie.sbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbsrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbsrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbwallpaper.wallpapermanager (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\sbwallpaper.wallpapermanager.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\spamblockerconfig.application (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\spamblockerutility.commband (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\spamblockerutility.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\spamblockerutility.sbmain (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\spamblockerutility.sbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{175816a5-219e-4079-b2f9-53c501c409ba} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{27c4569f-8728-4958-a920-a607cae8153c} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{397a208b-3d09-4b3e-93e8-ca171886612e} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{421745e9-16df-4ee4-a758-d51f939c49cb} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{4331ec56-0aab-499e-8757-dd2ee44ad671} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{54286c3a-e044-4e65-bd44-528d6ae28a18} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{8a61a950-c325-4f44-ba64-273180ff3464} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{8e98faf8-794f-47f9-af90-15305564ed81} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{af15975b-1498-4740-8e6c-90af78e4198c} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{0ab71193-ec19-4d70-85c2-e46e2ff02755} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{420c35c9-e4f2-49f9-bf67-2be1ecf86989} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{a14c0d8d-e753-4e73-9e2b-4070791d8940} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\CLSID\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{45397063-d7d0-47c2-9508-26487608a298} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{793af621-5cd0-4b92-b765-6712f6aaf48e} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{9967a873-40f3-4c7e-9239-6c8760f19f61} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{9fe6e4aa-800c-46a6-943d-dd83d90c25f0} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CLASSES_ROOT\Typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\SbHostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.


Registry Values Infected:


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13117366338535928815498762695473 (Rogue.Antivirus) -> Quarantined and deleted successfully.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.


Registry Data Items Infected:


(No malicious items detected)


Folders Infected:


C:\Documents and Settings\Shernetra\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.


C:\Documents and Settings\Shernetra\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.


Files Infected:


C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.


C:\WINDOWS\system32\winsrc.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


C:\Documents and Settings\Shernetra\Application Data\SpamBlockerUtility_Icons\3bSoftware_icon_1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.


C:\Documents and Settings\Shernetra\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.


C:\Documents and Settings\Shernetra\Local Settings\Temp\dat60.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


Here is the Hijackthis Scan REsults...


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 12:59:36 PM, on 11/12/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe


C:\windows\system\hpsysdrv.exe


C:\WINDOWS\AGRSMMSG.exe


C:\Program Files\HP\hpcoretech\hpcmpmgr.exe


C:\Program Files\QuickTime\QTTask.exe


C:\WINDOWS\ALCXMNTR.EXE


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


C:\Program Files\iTunes\iTunesHelper.exe


C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


C:\Program Files\Unlocker\UnlockerAssistant.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe


C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


C:\Program Files\iPod\bin\iPodService.exe


C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe


C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe


C:\Program Files\SpyZooka\spyzooka.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


C:\WINDOWS\system32\notepad.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll


O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe


O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE


O4 - HKLM\..\Run: [VTTimer] VTTimer.exe


O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe


O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe


O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime


O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC


O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


O4 - HKLM\..\Run: [hoqeqhwm] C:\WINDOWS\system32\kxlyvric.exe


O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"


O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background


O4 - HKCU\..\Run: [spyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe


O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe


O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe


O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL


O20 - AppInit_DLLs: avgrsstx.dll


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)


O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)


O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgfws8.exe (file missing)


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--


End of file - 7542 bytes

Comments

  • Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.


    Open Notepad and copy/paste the text in the quotebox below into it:


    File::


    C:\WINDOWS\system32\kxlyvric.exe


    Save this as:


    CFScript.txt


    Drag CFScript.txt into ComboFix.exe


    CFScript.gif


    Then post the resultant log here.

  • Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.


    Open Notepad and copy/paste the text in the quotebox below into it:


    Save this as:


    CFScript.txt


    Drag CFScript.txt into ComboFix.exe


    CFScript.gif


    Then post the resultant log here.


    Hi Crysty2k5, thanx for replying really quick, I ran the Combofix like you said and this is what the log file looks like.


    ComboFix 08-11-11.01 - Shernetra 2008-11-12 17:25:48.1 - NTFSx86


    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT -6:00]


    Running from: c:\documents and settings\Shernetra\Desktop\ComboFix.exe


    Command switches used :: c:\documents and settings\Shernetra\Desktop\CFScript.txt


    * Created a new restore point


    * Resident AV is active


    FILE ::


    c:\windows\system32\kxlyvric.exe


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    c:\windows\IE4 Error Log.txt


    c:\windows\system32\_004380_.tmp.dll


    c:\windows\system32\_004381_.tmp.dll


    c:\windows\system32\_004382_.tmp.dll


    c:\windows\system32\_004383_.tmp.dll


    c:\windows\system32\_004390_.tmp.dll


    c:\windows\system32\_004391_.tmp.dll


    c:\windows\system32\_004392_.tmp.dll


    c:\windows\system32\_004393_.tmp.dll


    c:\windows\system32\_004395_.tmp.dll


    c:\windows\system32\_004396_.tmp.dll


    c:\windows\system32\_004399_.tmp.dll


    c:\windows\system32\_004400_.tmp.dll


    c:\windows\system32\_004402_.tmp.dll


    c:\windows\system32\_004403_.tmp.dll


    c:\windows\system32\_004404_.tmp.dll


    c:\windows\system32\_004406_.tmp.dll


    c:\windows\system32\_004409_.tmp.dll


    c:\windows\system32\_004410_.tmp.dll


    c:\windows\system32\_004414_.tmp.dll


    c:\windows\system32\_004415_.tmp.dll


    c:\windows\system32\_004417_.tmp.dll


    c:\windows\system32\_004420_.tmp.dll


    c:\windows\system32\_004422_.tmp.dll


    c:\windows\system32\_004423_.tmp.dll


    c:\windows\system32\_004424_.tmp.dll


    c:\windows\system32\_004425_.tmp.dll


    c:\windows\system32\_004426_.tmp.dll


    c:\windows\system32\_004429_.tmp.dll


    c:\windows\system32\_004430_.tmp.dll


    c:\windows\system32\_004431_.tmp.dll


    c:\windows\system32\_004432_.tmp.dll


    c:\windows\system32\_004433_.tmp.dll


    c:\windows\system32\_004438_.tmp.dll


    c:\windows\system32\_004440_.tmp.dll


    c:\windows\system32\_004441_.tmp.dll


    c:\windows\system32\winsrc.dll.tmp


    D:\Autorun.inf


    .


    ((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))


    .


    2008-11-12 13:21 . 2008-11-12 13:21 3,338 --a------ c:\windows\system32\tmp.reg


    2008-11-12 13:20 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe


    2008-11-12 13:20 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe


    2008-11-12 13:20 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe


    2008-11-12 13:20 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe


    2008-11-12 13:20 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe


    2008-11-12 13:20 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe


    2008-11-12 13:20 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe


    2008-11-12 13:20 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe


    2008-11-12 13:20 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe


    2008-11-12 13:20 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe


    2008-11-12 08:54 . 2008-11-12 08:54 <DIR> d-------- c:\documents and settings\Shernetra\Application Data\Malwarebytes


    2008-11-12 08:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys


    2008-11-12 08:52 . 2008-11-12 08:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware


    2008-11-12 08:52 . 2008-11-12 08:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes


    2008-11-12 08:52 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys


    2008-11-12 08:51 . 2008-11-12 08:51 <DIR> d-------- c:\program files\Trend Micro


    2008-11-12 01:50 . 2008-11-12 17:52 81,984 --a------ c:\windows\system32\bdod.bin


    2008-11-11 21:20 . 2008-11-11 23:56 <DIR> d-------- c:\windows\system32\scripting


    2008-11-11 21:20 . 2008-11-11 23:56 <DIR> d-------- c:\windows\system32\en


    2008-11-11 21:20 . 2008-11-11 23:56 <DIR> d-------- c:\windows\system32\bits


    2008-11-11 21:20 . 2008-11-11 23:53 <DIR> d-------- c:\windows\l2schemas


    2008-11-11 21:02 . 2004-08-03 15:00 4,190,352 --a------ c:\windows\system32\dllcache\luna.mst


    2008-11-11 21:01 . 2007-06-13 04:23 1,033,216 --a------ c:\windows\system32\dllcache\explorer.exe


    2008-11-11 21:00 . 2005-09-09 19:53 2,067,968 --a------ c:\windows\system32\dllcache\cdosys.dll


    2008-11-11 20:59 . 2004-08-03 15:00 1,298,432 --a------ c:\windows\system32\dllcache\dxdiag.exe


    2008-11-11 20:58 . 2008-08-19 23:38 3,060,224 --a------ c:\windows\system32\dllcache\mshtml.dll


    2008-11-11 20:57 . 2007-10-25 21:36 8,454,656 --a------ c:\windows\system32\dllcache\shell32.dll


    2008-11-11 20:55 . 2008-11-11 20:55 <DIR> d-------- c:\windows\EHome


    2008-11-11 11:57 . 2008-11-11 12:02 <DIR> d-------- c:\program files\Unlocker


    2008-11-11 11:05 . 2008-11-12 10:54 <DIR> d-------- c:\documents and settings\Shernetra\Application Data\Spyzooka


    2008-11-11 11:05 . 2007-08-19 15:49 8,168 --a------ c:\windows\system32\spyzknt.exe


    2008-11-11 06:46 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys


    2008-11-11 06:46 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys


    2008-11-08 16:03 . 2008-11-12 17:45 121 --a------ c:\windows\bdagent.INI


    2008-11-07 21:00 . 2008-11-07 21:00 <DIR> d-------- c:\documents and settings\Shernetra\Application Data\BitDefender


    2008-11-07 20:56 . 2008-11-07 20:56 <DIR> d-------- c:\program files\BitDefender


    2008-11-07 20:56 . 2008-11-07 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender


    2008-11-07 20:52 . 2008-11-07 20:57 <DIR> d-------- c:\program files\Common Files\BitDefender


    2008-11-07 20:34 . 2008-11-12 17:47 <DIR> d-------- c:\program files\SpyZooka


    2008-10-25 09:44 . 2008-10-25 09:50 <DIR> d-------- c:\documents and settings\Guest\Application Data\AVGTOOLBAR


    2008-10-25 07:53 . 2008-10-28 11:13 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\AVGTOOLBAR


    2008-10-24 21:21 . 2008-11-07 20:59 <DIR> d-------- c:\documents and settings\Shernetra\Application Data\AVGTOOLBAR


    2008-10-24 21:21 . 2008-10-24 21:21 10,520 --a------ c:\windows\system32\avgrsstx.dll


    2008-10-24 21:19 . 2008-11-11 11:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-11-12 02:20 4,119 -c--a-w c:\windows\viassary-hp.reg


    2008-11-11 21:56 86,792 ----a-w c:\windows\system32\drivers\bdfndisf.sys


    2008-11-11 13:31 --------- d-----w c:\documents and settings\Shernetra\Application Data\Flood Light Games


    2008-11-08 02:29 --------- d-----w c:\documents and settings\Shernetra\Application Data\LimeWire


    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys


    2008-10-04 03:12 --------- d-----w c:\documents and settings\Nitendo\Application Data\Yahoo!


    2008-04-23 16:01 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]


    "SpyZooka"="c:\program files\SpyZooka\SpyZookaLdr.exe" [2008-08-15 60408]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]


    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]


    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-10 180269]


    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]


    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]


    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]


    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]


    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]


    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]


    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]


    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-11-11 368640]


    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]


    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]


    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]


    c:\documents and settings\All Users\Start Menu\Programs\Startup\


    Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-08-10 16423]


    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]


    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]


    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]


    "{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~1\SpyZooka\spyguard.dll" [2005-05-07 173568]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]


    "AppInit_DLLs"=avgrsstx.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\security center]


    "AntiVirusOverride"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=


    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=


    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=


    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=


    "c:\\Program Files\\Messenger\\msmsgs.exe"=


    "c:\\WINDOWS\\system32\\fxsclnt.exe"=


    "c:\\Program Files\\iTunes\\iTunes.exe"=


    "c:\\Documents and Settings\\Compaq_Owner\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=


    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=


    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-11-11 86792]


    S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [ ]


    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [ ]


    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [ ]


    S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [ ]


    S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [ ]


    S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [ ]


    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [ ]


    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [ ]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5e5ff0a-d9dd-11da-8cea-0011d81b1e72}]


    \Shell\AutoRun\command - J:\Installer.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5f3bae4-bb83-11db-8d47-0011d81b1e72}]


    \Shell\AutoRun\command - J:\AutoRun.exe


    .


    Contents of the 'Scheduled Tasks' folder


    2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job


    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]


    2008-11-13 c:\windows\Tasks\Symantec NetDetect.job


    - c:\program files\Symantec\LiveUpdate\NDetect.exe []


    .


    - - - - ORPHANS REMOVED - - - -


    HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe


    HKLM-Run-PS2 - c:\windows\system32\ps2.exe


    HKLM-Run-hoqeqhwm - c:\windows\system32\kxlyvric.exe


    HKLM-Run-VTTimer - VTTimer.exe


    Notify-dimsntfy - (no file)


    **************************************************************************


    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-11-12 17:48:31


    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    .


    ------------------------ Other Running Processes ------------------------


    .


    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    c:\windows\system32\wdfmgr.exe


    c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    c:\program files\BitDefender\BitDefender 2008\vsserv.exe


    c:\program files\SpyZooka\spyzooka.exe


    c:\program files\iPod\bin\iPodService.exe


    c:\program files\HP\hpcoretech\comp\hptskmgr.exe


    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe


    .


    **************************************************************************


    .


    Completion time: 2008-11-12 18:02:38 - machine was rebooted


    ComboFix-quarantined-files.txt 2008-11-13 00:02:05


    Pre-Run: 24,399,835,136 bytes free


    Post-Run: 25,422,725,120 bytes free


    212 --- E O F --- 2008-11-12 09:37:00

  • Do you still have problems ? :)

  • Do you still have problems ? :)


    From my Scan using BD It came across this issue that could not be resolved, but other than that the system is running alot smoother than before. I will run a couple more scans in Safe mode to see what that will do.


    BitDefender Log File !!!!!


    Product : BitDefender GameSafe


    Version : BitDefender UIScanner v.11


    Log date : 06:58:26 13/11/2008


    Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1226581106_1_02.xml


    Scan Paths:Path0000: C:\


    Path0001: D:\


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : Yes


    Target selection options:Scan registry keys : Yes


    Scan cookies : Yes


    Scan boot sectors : Yes


    Scan memory processes : Yes


    Scan archives : No


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target ProcessingDefault action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Scan engines summaryNumber of virus signatures : 2150064


    Archive plugins : 43


    Email plugins : 6


    Scan plugins : 12


    Archive plugins : 43


    System plugins : 5


    Unpack plugins : 7


    Overall scan summaryScanned items : 111108


    Infected items : 3


    Suspicious items : 0


    Resolved items : 2


    Individual viruses found : 2


    Scanned directories : 7122


    Scanned boot sectors : 6


    Scanned archives : 129


    Input-output errors : 46


    Scan time : 00:00:51:04


    Files per second : 35


    Scanned processes summaryScanned : 42


    Infected : 0


    Scanned registry keys summaryScanned : 1051


    Infected : 0


    Scanned cookies summaryScanned : 13


    Infected : 0


    Remaining issues:Object Name Threat Name Final Status


    C:\System Volume Information\_restore{8644B53C-E305-4C14-B2BD-C6673D25DC97}\RP2\A0000110.exe IRC-Worm.Generic.3868 No action was possible


    Resolved issues:Object Name Threat Name Final Status


    [system]=]C:\Documents and Settings\Shernetra\Cookies\shernetra@marketlive.122.2o7[1].txt Cookie.2o7 Deleted


    [system]=]C:\Documents and Settings\Shernetra\Cookies\shernetra@msnportal.112.2o7[1].txt Cookie.2o7 Deleted


    Objects that were not scanned:Object Name Reason Final Status