[evilfantasy]

Yes there were some problems there.

Download NoLop to your desktop from one of the links below...

• Link 1
• Link 2

• Close any programs you have running since a reboot is required
• Double click NoLop.exe to run it
• Next, click the button labeled: Search and Destroy
  • Your computer will now be scanned for infected files
• When the scan finishes, if infected, you are prompted to reboot
• Click OK
• Now click: REBOOT
• A Message should popup from NoLop. If not, double click the program again and it will finish.
• Post the contents of C:\NoLop.log in the next reply.

Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

IMPORTANT - Combofix.exe MUST be saved to your your Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc)
• Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
  • Click on this link to see a list of programs that should be disabled and how to disable them. If yours is not listed and you don't know how to disable it, please ask.
• Double click combofix.exe & follow the prompts.
  • From the keyboard select 1 and press Enter
• When finished, it will produce a log for you.
• Post that log in your next reply.

Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.

----------

Next post add
No Lop log
Combofix log

[targh]

Ok, No Lop didn't find anything, so no log was created. And as much as it is making me nervous about sharing all my computer data on an open forum (no telling if someone can use it to hack or not), here is the log from Combofix


ComboFix 08-01-23.1B - Amber 2008-01-24 17:37:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.119 [GMT -5:00]
Running from: C:\Documents and Settings\Amber\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDes ktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller 3.exe
C:\Program Files\screensavers.com\SSSUninst.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-24 17:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 14:14 . 2008-01-24 16:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 14:13 . 2008-01-24 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 13:57 . 2008-01-24 13:57 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 13:52 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-24 13:50 . 2008-01-24 13:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-24 12:12 . 2008-01-24 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 11:33 . 2008-01-24 11:33 <DIR> d-------- C:\Program Files\Geek Squad
2008-01-23 21:57 . 2008-01-23 21:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-23 21:57 . 2004-08-16 20:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-01-21 12:29 . 2008-01-22 23:50 <DIR> d-------- C:\Program Files\mIRC
2008-01-14 13:41 . 2008-01-14 13:41 268 --ah----- C:\sqmdata01.sqm
2008-01-14 13:41 . 2008-01-14 13:41 244 --ah----- C:\sqmnoopt01.sqm
2008-01-11 18:21 . 2008-01-11 18:21 <DIR> d-------- C:\Program Files\ffdshow
2008-01-09 23:24 . 2007-12-04 22:29 1,738,416 --a------ C:\WINDOWS\system32\TheBlog SG Atlantis.scr
2008-01-09 23:06 . 2008-01-09 23:06 <DIR> d-------- C:\WINDOWS\ABS 5.1 Uninstaller
2008-01-09 23:06 . 2007-10-20 17:10 7,176,498 --a------ C:\WINDOWS\ABS 5.1.swf
2008-01-09 23:06 . 2007-09-05 03:55 1,214,520 --a------ C:\WINDOWS\ABS 5.1.exe
2008-01-09 23:06 . 2007-07-21 14:52 903,168 --a------ C:\WINDOWS\ABS 5.1.scr
2008-01-09 23:06 . 2007-09-14 21:17 558,284 --a------ C:\WINDOWS\ABS 5.1.c2
2008-01-09 23:06 . 2000-07-24 16:59 3,638 --a------ C:\WINDOWS\ABS 5.1.ico
2008-01-09 23:06 . 2007-10-20 17:19 672 --a------ C:\WINDOWS\ABS 5.1.c3
2008-01-09 23:06 . 2007-10-20 17:19 672 --a------ C:\WINDOWS\ABS 5.1.c1
2008-01-09 23:06 . 2006-10-24 18:06 639 --a------ C:\WINDOWS\ABS 5.1.c4
2008-01-09 23:06 . 2006-10-08 20:33 0 --a------ C:\WINDOWS\ABS 5.1.ini
2008-01-08 09:22 . 2008-01-08 09:27 <DIR> d-------- C:\NoLopBackups
2008-01-08 09:19 . 2008-01-24 17:28 318 --a------ C:\delete.bat
2008-01-08 08:32 . 2008-01-22 03:19 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-30 19:22 . 2008-01-23 14:01 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-30 08:49 . 2007-12-30 08:49 <DIR> d-------- C:\Program Files\PowerQuest
2007-12-29 18:39 . 2007-12-29 20:46 <DIR> d-------- C:\vcs5BGEffects
2007-12-29 18:14 . 2007-12-29 20:25 <DIR> d-------- C:\Program Files\AV Vcs 6.0
2007-12-29 17:52 . 2007-12-29 17:52 244 ---h----- C:\sqmnoopt00.sqm
2007-12-29 17:52 . 2007-12-29 17:52 232 ---h----- C:\sqmdata00.sqm
2007-12-29 17:26 . 2007-12-29 17:43 434 --------- C:\WINDOWS\smrpro.INI
2007-12-29 17:23 . 2007-12-29 17:23 <DIR> d-------- C:\Program Files\Admiresoft
2007-12-29 17:01 . 2007-12-29 17:47 <DIR> d-------- C:\Program Files\AV Music Morpher Gold
2007-12-26 23:19 . 2007-12-26 23:19 <DIR> d-------- C:\Program Files\Common Files\Screaming Bee
2007-12-26 23:11 . 2007-12-26 23:11 <DIR> d-------- C:\Program Files\Screaming Bee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-24 22:33 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-24 18:53 --------- d-----w C:\Program Files\Java
2008-01-24 02:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 18:35 --------- d-----w C:\Program Files\Yahoo!
2008-01-10 04:14 192,000 ----a-w C:\WINDOWS\screensaver-800x600.scr
2008-01-10 04:13 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-01-10 04:13 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-01-09 03:32 --------- d-----w C:\Program Files\RegCure
2007-12-30 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 03:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-21 05:17 --------- d-----w C:\Program Files\Participatory Culture Foundation
2007-12-19 02:57 --------- d-----w C:\Program Files\Common Files\Corel
2007-12-19 02:53 --------- d-----w C:\Program Files\Corel
2007-12-07 05:05 --------- d-----w C:\Program Files\iTunes
2007-12-07 05:05 --------- d-----w C:\Program Files\iPod
2007-12-07 05:03 --------- d-----w C:\Program Files\QuickTime
2007-11-30 06:08 --------- d-----w C:\Program Files\Trillian
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-28 03:30 774,144 ------w C:\Program Files\RngInterstitial.dll
2007-01-05 16:25 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-05-29 09:42 8652272]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16 4670968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"OpenGLv32"="C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\Amber\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 17:34:48 3746856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Push Client.LNK]
backup=C:\WINDOWS\pss\Push Client.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--------- 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
--------- 2003-11-25 12:39 729088 C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSmileys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarebot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2007-09-13 17:08 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2007-06-11 17:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DR IVERS\antispyfilter.sys [2007-07-02 12:56]
R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe" [2007-07-02 12:56]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio. sys [2006-09-28 11:20]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-24 21:33:01 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-18 04:57:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-24 22:00:05 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-03 08:22:47 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-24 22:00:01 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-22 08:19:24 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 17:41:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-24 17:42:39
ComboFix-quarantined-files.txt 2008-01-24 22:42:35
.
2008-01-10 14:36:17 --- E O F ---

[mrdaveyk]

dont worry dude theres no info here that can make you vulnerable

im sure they wouldn't let you post it, if it was

[evilfantasy]

I know it seems like a lot of information in the logs, but the only thing anybody can get is the make of your OS and your first name. No IP address or email can be seen. These tools are to clean up threats not exploit them. Hope that helps some...


The combofix log was much more revealing.


Speech Time

Your computer is infected by the WORM_MYTOB.J worm. This worm has backdoor capabilities. Please read all of this carefully.

Worms are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans/worms as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Worm/trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS.
When should I re-format? How should I reinstall?.
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it will be 100% secure afterwards or that the removal will be successful.

Should you have any questions, please feel free to ask.


Let me know what you have decided to do in your next post.

[targh]

Ok, for some reason I didn't get a notification of a reply on here, just checked, I would rather not reformat if not have to, but will at a last resort if needed. Is there a way to remvoe this worm?

[evilfantasy]

Download a new copy of combofix and post the log.

Be sure to use a new copy.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

IMPORTANT - Combofix.exe MUST be saved to your your Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc)
• Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
  • Click on this link to see a list of programs that should be disabled and how to disable them. If yours is not listed and you don't know how to disable it, please ask.
• Double click combofix.exe & follow the prompts.
  • From the keyboard select 1 and press Enter
• When finished, it will produce a log for you.
• Post that log in your next reply.

Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.

[targh]

ComboFix 08-02.01.6 - Amber 2008-02-01 14:48:06.2 - NTFSx86
Running from: C:\Documents and Settings\Amber\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-30 22:41 . 2008-01-30 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 22:41 . 2008-01-30 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 13:10 . 2008-01-30 13:10 268 --ah----- C:\sqmdata03.sqm
2008-01-30 13:10 . 2008-01-30 13:10 244 --ah----- C:\sqmnoopt03.sqm
2008-01-30 12:53 . 2008-01-30 12:53 268 --ah----- C:\sqmdata02.sqm
2008-01-30 12:53 . 2008-01-30 12:53 244 --ah----- C:\sqmnoopt02.sqm
2008-01-28 13:40 . 2008-01-28 13:47 <DIR> d-------- C:\Documents and Settings\Amber\Application Data\.purple
2008-01-28 13:14 . 2008-01-28 13:15 <DIR> d-------- C:\Program Files\Aspell
2008-01-28 13:13 . 2008-01-28 13:15 <DIR> d-------- C:\Program Files\Pidgin
2008-01-28 13:13 . 2008-01-28 13:13 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-01-24 14:14 . 2008-01-24 16:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 14:14 . 2008-01-24 14:14 <DIR> d-------- C:\Documents and Settings\Amber\Application Data\SUPERAntiSpyware.com
2008-01-24 14:14 . 2008-01-24 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-24 14:13 . 2008-01-24 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 13:57 . 2008-01-24 13:57 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 13:52 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-24 13:50 . 2008-01-24 13:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-24 13:08 . 2008-01-24 13:29 <DIR> d-------- C:\Documents and Settings\Amber\.SunDownloadManager
2008-01-24 12:12 . 2008-01-24 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 11:35 . 2008-01-24 11:35 <DIR> dr-h----- C:\Documents and Settings\Amber\Application Data\Geek Squad 24 Hour Computer Support
2008-01-24 11:33 . 2008-01-24 11:33 <DIR> d-------- C:\Program Files\Geek Squad
2008-01-23 21:57 . 2008-01-23 21:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-23 21:57 . 2004-08-16 20:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-01-21 12:29 . 2008-01-25 23:31 <DIR> d-------- C:\Program Files\mIRC
2008-01-14 13:41 . 2008-01-14 13:41 268 --ah----- C:\sqmdata01.sqm
2008-01-14 13:41 . 2008-01-14 13:41 244 --ah----- C:\sqmnoopt01.sqm
2008-01-11 18:21 . 2008-01-11 18:21 <DIR> d-------- C:\Program Files\ffdshow
2008-01-09 23:24 . 2007-12-04 22:29 1,738,416 --a------ C:\WINDOWS\system32\TheBlog SG Atlantis.scr
2008-01-09 23:06 . 2008-01-09 23:06 <DIR> d-------- C:\WINDOWS\ABS 5.1 Uninstaller
2008-01-09 23:06 . 2007-10-20 17:10 7,176,498 --a------ C:\WINDOWS\ABS 5.1.swf
2008-01-09 23:06 . 2007-09-05 03:55 1,214,520 --a------ C:\WINDOWS\ABS 5.1.exe
2008-01-09 23:06 . 2007-07-21 14:52 903,168 --a------ C:\WINDOWS\ABS 5.1.scr
2008-01-09 23:06 . 2007-09-14 21:17 558,284 --a------ C:\WINDOWS\ABS 5.1.c2
2008-01-09 23:06 . 2000-07-24 16:59 3,638 --a------ C:\WINDOWS\ABS 5.1.ico
2008-01-09 23:06 . 2007-10-20 17:19 672 --a------ C:\WINDOWS\ABS 5.1.c3
2008-01-09 23:06 . 2007-10-20 17:19 672 --a------ C:\WINDOWS\ABS 5.1.c1
2008-01-09 23:06 . 2006-10-24 18:06 639 --a------ C:\WINDOWS\ABS 5.1.c4
2008-01-09 23:06 . 2006-10-08 20:33 0 --a------ C:\WINDOWS\ABS 5.1.ini
2008-01-08 09:22 . 2008-01-08 09:27 <DIR> d-------- C:\NoLopBackups
2008-01-08 09:19 . 2008-01-24 17:28 318 --a------ C:\delete.bat
2008-01-08 08:32 . 2008-01-27 16:50 <DIR> d-------- C:\Program Files\XoftSpySE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-01 19:44 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-01 04:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-30 17:22 --------- d-----w C:\Documents and Settings\Amber\Application Data\AdwareAlert
2008-01-28 18:47 --------- d-----w C:\Documents and Settings\Amber\Application Data\.purple
2008-01-27 21:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-24 18:53 --------- d-----w C:\Program Files\Java
2008-01-24 02:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 18:35 --------- d-----w C:\Program Files\Yahoo!
2008-01-10 04:14 192,000 ----a-w C:\WINDOWS\screensaver-800x600.scr
2008-01-10 04:13 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-01-10 04:13 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-01-09 03:32 --------- d-----w C:\Program Files\RegCure
2008-01-08 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\File dvd base road
2008-01-05 01:27 --------- d-----w C:\Documents and Settings\Amber\Application Data\SiteClasses
2007-12-30 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 13:49 --------- d-----w C:\Program Files\PowerQuest
2007-12-30 01:25 --------- d-----w C:\Program Files\AV Vcs 6.0
2007-12-29 22:47 --------- d-----w C:\Program Files\AV Music Morpher Gold
2007-12-29 22:23 --------- d-----w C:\Program Files\Admiresoft
2007-12-27 04:32 --------- d-----w C:\Documents and Settings\Amber\Application Data\Screaming Bee
2007-12-27 04:19 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-12-27 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee
2007-12-27 04:11 --------- d-----w C:\Program Files\Screaming Bee
2007-12-21 05:18 --------- d-----w C:\Documents and Settings\Amber\Application Data\Participatory Culture Foundation
2007-12-21 05:17 --------- d-----w C:\Program Files\Participatory Culture Foundation
2007-12-19 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-19 02:57 --------- d-----w C:\Program Files\Common Files\Corel
2007-12-19 02:57 --------- d-----w C:\Documents and Settings\Amber\Application Data\Corel
2007-12-19 02:53 --------- d-----w C:\Program Files\Corel
2007-12-07 05:05 --------- d-----w C:\Program Files\iTunes
2007-12-07 05:05 --------- d-----w C:\Program Files\iPod
2007-12-07 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-07 05:03 --------- d-----w C:\Program Files\QuickTime
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-08-28 03:30 774,144 ------w C:\Program Files\RngInterstitial.dll
2007-01-05 16:25 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-05-29 09:42 8652272]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16 4670968]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"OpenGLv32"="C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\Amber\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 17:34:48 3746856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Push Client.LNK]
backup=C:\WINDOWS\pss\Push Client.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--------- 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
--------- 2003-11-25 12:39 729088 C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSmileys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarebot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2007-09-13 17:08 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2007-06-11 17:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DR IVERS\antispyfilter.sys [2007-07-02 12:56]
R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe" [2007-07-02 12:56]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio. sys [2006-09-28 11:20]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 21:12:40 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-18 04:57:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-30 22:00:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-03 08:22:47 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-30 22:00:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-22 08:19:24 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 14:52:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-01 14:53:58
ComboFix-quarantined-files.txt 2008-02-01 19:53:54
ComboFix2.txt 2008-01-24 22:42:40
.
2008-01-10 14:36:17 --- E O F ---

[evilfantasy]

Download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad.
• Post that log back here.

Be sure to restart the computer.

----------

Also run a new Hijackthis scan and post that log also.

[targh]

Ok... I scanned with Malwarebytes, but all the stuff it found was AdwareAlert files,folders, and registries including Quarantine files. The log is 179 pages long. I can't post it on here. :(

[evilfantasy]

179 pages!!!!

Go here http://savefile.com/

There is no need to sign up. See if you can upload the log there and post the link to it back here please. I really need to see the log.

The log can be found at:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Or at

C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt