[evilfantasy]

Download a new copy of combofix and post the log.

Be sure to use a new copy.

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

IMPORTANT - Combofix.exe MUST be saved to your your Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc)
• Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
  • Click on this link to see a list of programs that should be disabled and how to disable them. If yours is not listed and you don't know how to disable it, please ask.
• Double click combofix.exe & follow the prompts.
  • From the keyboard select 1 and press Enter
• When finished, it will produce a log for you.
• Post that log in your next reply.

Do not mouseclick combofix's window while it's running.
The scan will temporarily disable your desktop.
If interrupted it may leave your computer frozen.
If this occurs, please reboot to restore the desktop.

[targh]

ComboFix 08-02.01.6 - Amber 2008-02-01 14:48:06.2 - NTFSx86
Running from: C:\Documents and Settings\Amber\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-30 22:41 . 2008-01-30 22:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 22:41 . 2008-01-30 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 13:10 . 2008-01-30 13:10 268 --ah----- C:\sqmdata03.sqm
2008-01-30 13:10 . 2008-01-30 13:10 244 --ah----- C:\sqmnoopt03.sqm
2008-01-30 12:53 . 2008-01-30 12:53 268 --ah----- C:\sqmdata02.sqm
2008-01-30 12:53 . 2008-01-30 12:53 244 --ah----- C:\sqmnoopt02.sqm
2008-01-28 13:40 . 2008-01-28 13:47 <DIR> d-------- C:\Documents and Settings\Amber\Application Data\.purple
2008-01-28 13:14 . 2008-01-28 13:15 <DIR> d-------- C:\Program Files\Aspell
2008-01-28 13:13 . 2008-01-28 13:15 <DIR> d-------- C:\Program Files\Pidgin
2008-01-28 13:13 . 2008-01-28 13:13 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-01-24 14:14 . 2008-01-24 16:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 14:14 . 2008-01-24 14:14 <DIR> d-------- C:\Documents and Settings\Amber\Application Data\SUPERAntiSpyware.com
2008-01-24 14:14 . 2008-01-24 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-24 14:13 . 2008-01-24 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 13:57 . 2008-01-24 13:57 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 13:52 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-24 13:50 . 2008-01-24 13:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-24 13:08 . 2008-01-24 13:29 <DIR> d-------- C:\Documents and Settings\Amber\.SunDownloadManager
2008-01-24 12:12 . 2008-01-24 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 11:35 . 2008-01-24 11:35 <DIR> dr-h----- C:\Documents and Settings\Amber\Application Data\Geek Squad 24 Hour Computer Support
2008-01-24 11:33 . 2008-01-24 11:33 <DIR> d-------- C:\Program Files\Geek Squad
2008-01-23 21:57 . 2008-01-23 21:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-23 21:57 . 2004-08-16 20:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-01-21 12:29 . 2008-01-25 23:31 <DIR> d-------- C:\Program Files\mIRC
2008-01-14 13:41 . 2008-01-14 13:41 268 --ah----- C:\sqmdata01.sqm
2008-01-14 13:41 . 2008-01-14 13:41 244 --ah----- C:\sqmnoopt01.sqm
2008-01-11 18:21 . 2008-01-11 18:21 <DIR> d-------- C:\Program Files\ffdshow
2008-01-09 23:24 . 2007-12-04 22:29 1,738,416 --a------ C:\WINDOWS\system32\TheBlog SG Atlantis.scr
2008-01-09 23:06 . 2008-01-09 23:06 <DIR> d-------- C:\WINDOWS\ABS 5.1 Uninstaller
2008-01-09 23:06 . 2007-10-20 17:10 7,176,498 --a------ C:\WINDOWS\ABS 5.1.swf
2008-01-09 23:06 . 2007-09-05 03:55 1,214,520 --a------ C:\WINDOWS\ABS 5.1.exe
2008-01-09 23:06 . 2007-07-21 14:52 903,168 --a------ C:\WINDOWS\ABS 5.1.scr
2008-01-09 23:06 . 2007-09-14 21:17 558,284 --a------ C:\WINDOWS\ABS 5.1.c2
2008-01-09 23:06 . 2000-07-24 16:59 3,638 --a------ C:\WINDOWS\ABS 5.1.ico
2008-01-09 23:06 . 2007-10-20 17:19 672 --a------ C:\WINDOWS\ABS 5.1.c3
2008-01-09 23:06 . 2007-10-20 17:19 672 --a------ C:\WINDOWS\ABS 5.1.c1
2008-01-09 23:06 . 2006-10-24 18:06 639 --a------ C:\WINDOWS\ABS 5.1.c4
2008-01-09 23:06 . 2006-10-08 20:33 0 --a------ C:\WINDOWS\ABS 5.1.ini
2008-01-08 09:22 . 2008-01-08 09:27 <DIR> d-------- C:\NoLopBackups
2008-01-08 09:19 . 2008-01-24 17:28 318 --a------ C:\delete.bat
2008-01-08 08:32 . 2008-01-27 16:50 <DIR> d-------- C:\Program Files\XoftSpySE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-01 19:44 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-01 04:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-30 17:22 --------- d-----w C:\Documents and Settings\Amber\Application Data\AdwareAlert
2008-01-28 18:47 --------- d-----w C:\Documents and Settings\Amber\Application Data\.purple
2008-01-27 21:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-24 18:53 --------- d-----w C:\Program Files\Java
2008-01-24 02:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 18:35 --------- d-----w C:\Program Files\Yahoo!
2008-01-10 04:14 192,000 ----a-w C:\WINDOWS\screensaver-800x600.scr
2008-01-10 04:13 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-01-10 04:13 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-01-09 03:32 --------- d-----w C:\Program Files\RegCure
2008-01-08 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\File dvd base road
2008-01-05 01:27 --------- d-----w C:\Documents and Settings\Amber\Application Data\SiteClasses
2007-12-30 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 13:49 --------- d-----w C:\Program Files\PowerQuest
2007-12-30 01:25 --------- d-----w C:\Program Files\AV Vcs 6.0
2007-12-29 22:47 --------- d-----w C:\Program Files\AV Music Morpher Gold
2007-12-29 22:23 --------- d-----w C:\Program Files\Admiresoft
2007-12-27 04:32 --------- d-----w C:\Documents and Settings\Amber\Application Data\Screaming Bee
2007-12-27 04:19 --------- d-----w C:\Program Files\Common Files\Screaming Bee
2007-12-27 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Screaming Bee
2007-12-27 04:11 --------- d-----w C:\Program Files\Screaming Bee
2007-12-21 05:18 --------- d-----w C:\Documents and Settings\Amber\Application Data\Participatory Culture Foundation
2007-12-21 05:17 --------- d-----w C:\Program Files\Participatory Culture Foundation
2007-12-19 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-19 02:57 --------- d-----w C:\Program Files\Common Files\Corel
2007-12-19 02:57 --------- d-----w C:\Documents and Settings\Amber\Application Data\Corel
2007-12-19 02:53 --------- d-----w C:\Program Files\Corel
2007-12-07 05:05 --------- d-----w C:\Program Files\iTunes
2007-12-07 05:05 --------- d-----w C:\Program Files\iPod
2007-12-07 05:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-07 05:03 --------- d-----w C:\Program Files\QuickTime
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-08-28 03:30 774,144 ------w C:\Program Files\RngInterstitial.dll
2007-01-05 16:25 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-05-29 09:42 8652272]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16 4670968]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872]
"OpenGLv32"="C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\Amber\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 17:34:48 3746856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Push Client.LNK]
backup=C:\WINDOWS\pss\Push Client.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--------- 2002-12-17 12:28 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
--------- 2003-11-25 12:39 729088 C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSmileys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--------- 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarebot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2007-09-13 17:08 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2007-06-11 17:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DR IVERS\antispyfilter.sys [2007-07-02 12:56]
R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe" [2007-07-02 12:56]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio. sys [2006-09-28 11:20]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 21:12:40 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-18 04:57:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-30 22:00:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-03 08:22:47 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-30 22:00:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-22 08:19:24 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 14:52:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-01 14:53:58
ComboFix-quarantined-files.txt 2008-02-01 19:53:54
ComboFix2.txt 2008-01-24 22:42:40
.
2008-01-10 14:36:17 --- E O F ---

[evilfantasy]

Download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad.
• Post that log back here.

Be sure to restart the computer.

----------

Also run a new Hijackthis scan and post that log also.

[targh]

Ok... I scanned with Malwarebytes, but all the stuff it found was AdwareAlert files,folders, and registries including Quarantine files. The log is 179 pages long. I can't post it on here. :(

[evilfantasy]

179 pages!!!!

Go here http://savefile.com/

There is no need to sign up. See if you can upload the log there and post the link to it back here please. I really need to see the log.

The log can be found at:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Or at

C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

[targh]

Problem resolved, it was embedded in my AIM program

[evilfantasy]

The logs we have been working have been showing quite a bit of malware. I suggest posting the last log I requested along with a new Hijackthis log.

[targh]

Rather not, computer has become very fragmented and the settings on my computer keep getting changed after running them programs. I'm planning to do a windows repair. Just looking for some way can backup my programs and settings for them in case I loose all the stuff in the repair process.