PLEASE HELP!!! (Adaware, popups, etc.) Moved from XP by Murray

[RubyQT]

BitDefender Online Scanner


Scan report generated at: Fri, Oct 31, 2008 - 10:03:45



Scan path: C:\;D:\;





Statistics
Time
01:29:31
Files
317161
Folders
10414
Boot Sectors
0
Archives
5773
Packed Files
13232


Results
Identified Viruses
10
Infected Files
15
Suspect Files
0
Warnings
0
Disinfected
1
Deleted Files
18


Engines Info
Virus Definitions
2003041
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
16
Archive plugins
43
Unpack plugins
7
E-mail plugins
6
System plugins
4


Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes


Scanned File

Status

C:\Documents and Settings\DELLA\My Documents\My Music\free fallin john mayer 192kb.mp3
Infected with: Trojan.Wimad.Gen.1
C:\Documents and Settings\DELLA\My Documents\My Music\free fallin john mayer 192kb.mp3
Disinfected
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13E.tmp=>(Quarantine-4)=>Webroot SpySweeper v4.0.4.430 With Serial/updater.exe
Infected with: Trojan.Gina.N
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13E.tmp=>(Quarantine-4)=>Webroot SpySweeper v4.0.4.430 With Serial/updater.exe
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13E.tmp=>(Quarantine-4)=>Webroot SpySweeper v4.0.4.430 With Serial/updater.exe
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13E.tmp=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13E.tmp
Update failed
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\177.tmp=>(Quarantine-4)
Infected with: Trojan.MSN.VB.M
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\177.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\177.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\179.tmp=>(Quarantine-4)
Infected with: Trojan.MSN.VB.M
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\179.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\179.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4E.tmp=>(Quarantine-4)
Infected with: Generic.XPL.CRange.91B54C1D
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4E.tmp=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4E.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4E.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\75.tmp=>(Quarantine-4)
Infected with: Exploit.Win32.WMF-PFV
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\75.tmp=>(Quarantine-4)
Disinfection failed
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\75.tmp=>(Quarantine-4)
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\75.tmp
Deleted
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\Backup\bethesdaci[1].RB0
Infected with: Worm.Gedza.B
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\Backup\bethesdaci[1].RB0
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\D3DPMESH32 .dll.vir
Infected with: Trojan.Agent.AKVU
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\D3DPMESH32 .dll.vir
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dpu1132.dl l.vir
Infected with: Trojan.Generic.817194
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dpu1132.dl l.vir
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DSWAVE32.d ll.vir
Infected with: Trojan.Agent.AKVU
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DSWAVE32.d ll.vir
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pmnnNeFw.d ll.vir
Infected with: Trojan.Generic.868622
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pmnnNeFw.d ll.vir
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tbhkfcen.e xe.vir
Infected with: Trojan.LowZones.SL
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tbhkfcen.e xe.vir
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\urqNEUki.d ll.vir
Infected with: Trojan.Generic.868622
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\urqNEUki.d ll.vir
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_D3DPMESH3 2_.dll.zip=>D3DPMESH32.dll
Infected with: Trojan.Agent.AKVU
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_D3DPMESH3 2_.dll.zip=>D3DPMESH32.dll
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_D3DPMESH3 2_.dll.zip
Updated
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_D3DPMESH3 2_.dll.zip=>D3DPMESH32.dll.2
Infected with: Trojan.Agent.AKVU
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_D3DPMESH3 2_.dll.zip=>D3DPMESH32.dll.2
Deleted
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_D3DPMESH3 2_.dll.zip
Updated

[RubyQT]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:19 AM, on 10/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\DELLA\LOCALS~1\Temp\Rar$EX00.777\Hijac kThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1E1B286C-88FF-11D2-8D96-D7ACAC95951F} - http://66.194.67.102/banner/with-rep.../bannerads.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://leb4ever.spaces.live.com/Phot...d/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11239 bytes

[RubyQT]

I haven't had any problems since I ran the last Combofix.. Thank you!!

[AnnMarie]

That's good and your logs look fine too. You are good to go RubyQT.