trojan horse logs and notes tajv2005

[tajv2005]

I know !

[tajv2005]

whaat about the logs I had to post? I thought someone was going to interpret them?

Harry, your replies do not make sense . You are not replying to what I said. I did not say I wanted another anti-spyware.
With all due respect and appreciation for your help.

[evilfantasy]

Hello tajv2005.

PLease everyone but tajv2005 stop posting in this topic so we can finish this up without confusion.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[tajv2005]

Thank you evilfantasy. I appreciate the comments and the combo fix. I will do it.

[tajv2005]

evilfantasy
Am I going to be installing a new windows XP Pro?
Is that part of using  combfix ?

(I have been reading the instructions)http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

OK the recovery console is just a precaution.

So the next question is:
do I download from windows and instead of making 6 floppies, combofix installs recovery console from the download Is that  right?

I have read all the instructions, and it still seems that I will be losing my data on my hard drive and installing a new copy of windows XP Pro.

I am going to sleep finally ! (2:12AM)

[evilfantasy]

Installing the Recovery Console is up to you. It is usually not needed.

[tajv2005]

Thank you. Now I need to know is combofix a removal tool? Will it tell me if I really  have removed all signs of the trojan(s)?

This post is a re-statement of the original post and question" The conditions and background to the question, which is: how does one know for sure when a trojan is removed completeley?

I understand trojans to be worms which make it easy for hackers to invade a computer,  to install spyware or to steal identities...etc.

Last year, the trojan that invaded my computer,  I looked up in microsoft and it said it can multiply.
The removal tools that microsoft listed were not for that specific trojan.

That is why I wiped the hard drive with system mechanic drive scrubber.
It kept coming back and showing up in AVG free and in AdAWare and in spybot search & destroy.  So I wiped the hard drive.

Now, I am trying not to do that.  I would have to reinstall a whole list of programs and utilities.

I do not understand what combo fix will do for me. And what will come of the log? I posted logs and no one has yet to tell me about them.

I spent all day yesterday and I never fell asleep tonight/this morning. Now it is 5:15 AM and I have reached my limits long ago (like at about 7:00 PM Wednesday).

After I followed the procedures very faithfully, I ended up with no answer to my question: how do I know for sure I removed all of the trojan(s)?

I used SAS three times yesterday. I used HJT twice. And malware bytes twice. ON the second time, last night, it hung up my computer when I tried to opt out of the screen saver ("press any key").

So I uninstalled all of the three utilities. And I installed AdAWare again. I know what it does and can do and have trusted it for 5 or 6 years.
I have trusted AVG that long too. I tried McAfee last year and it allowed the trojan in and could not remove it. That too is why I ended up wiping my hard drive last year.

The year before that, 2006, AVG stopped a virus from coming in. It trapped it, then removed it. Nothing was lost.
Right now this computer is working. AVG  is scanning. So far it has found only tracking cookies.


Is it not possible to remove a trojan horse? Again: how does one know for sure it is gone !!!!


This AVG scan showed only tracking cookies.
I am not goint to use combo fix for now.

Thank you for your help.

[evilfantasy]

I posted logs and no one has yet to tell me about them.

Nobody replying until me has been a member of the CH Malware Removal team and I normally don't tell you about them, rather I diagnose them and decide from them what needs to be done next, if anything. There are many types of malware. Search Google for the definitions.

I am not trying to be rude but this process includes posting logs and letting me diagnose them to see if any malware still remains and in turn what we need to do to remove it.

Is it not possible to remove a trojan horse? Again: how does one know for sure it is gone !!!!

I don't mind answering some questions, it's your computer and I want you to be comfortable, but if I have to explain the how, when, why and where of the infection we will never get anywhere. Remember I am volunteering my time. You either accept the help or not. Your choice.

If you are interested in ComboFix just click the link I provided in the instructions to run the tool. How to use ComboFix.

Note: AVG may still show as running when you start ComboFix. Just ignore the warnings and continue on. That's if you decide to continue. If not then please let me know so I can close this topic and start helping someone else.

[harry 48]

SORRY for trying to help

[tajv2005]

evilfantasy, I will run combo fix.
thank you.

Harry don't be insulted. I hae been at it (working on this problem) all day and all night.

[harry 48]

dont question ( to much ) what you are being told by an expert you are with 1 of the best

i had both avg and mcafee took them both out and got avast and it seems to be much better , but wait to see what evil says about that

[tajv2005]

ComboFix 09-04-04.01 - Administrator 2009-04-09 10:41:53.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1531 [GMT -4:00]
Running from: d:\backup of c drive aprl 6 2009\Documents and Settings\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2009-03-09 to 2009-04-09  )))))))))))))))))))))))))))))))
.

2009-04-08 14:47 . 2009-04-08 14:47   <DIR>   d--------   c:\program files\Trend Micro
2009-04-08 13:25 . 2009-04-08 13:25   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Viewpoint
2009-04-08 12:00 . 2009-04-08 20:32   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-04-08 12:00 . 2009-04-08 12:00   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-08 12:00 . 2009-04-08 20:32   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-08 11:41 . 2009-04-08 11:41   <DIR>   d--------   c:\program files\CCleaner
2009-04-08 09:30 . 2009-04-08 09:30   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 09:30 . 2009-04-08 09:30   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-07 14:04 . 2009-04-07 14:04   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Roxio
2009-04-07 14:03 . 2009-04-07 14:03   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Logitech
2009-04-07 14:03 . 2009-04-07 14:03   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\InstallShield
2009-04-07 14:03 . 2009-04-08 13:25   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\AOL
2009-04-07 10:57 . 2009-04-09 10:25   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\COMCASTTOOLBAR
2009-04-07 10:57 . 2009-04-07 10:57   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-06 12:54 . 2009-04-06 12:54   <DIR>   d--------   c:\program files\Common Files\SureThing Shared
2009-04-06 07:36 . 2009-04-06 07:36   <DIR>   d--------   c:\program files\NOTE  HP above  is for my mouse
2009-04-01 06:23 . 2009-04-01 06:23   <DIR>   d--h-----   c:\windows\system32\GroupPolicy
2009-03-25 18:40 . 2009-03-25 18:40   <DIR>   d--------   c:\program files\Photo Story 3 for Windows
2009-03-25 03:54 . 2009-03-25 10:46   <DIR>   d--------   c:\program files\MusicBar
2009-03-11 01:43 . 2004-08-03 19:56   221,184   --a------   c:\windows\system32\wmpns.dll
2009-03-11 01:06 . 2008-12-05 02:54   144,896   -----c---   c:\windows\system32\dllcache\schannel.dll
2009-03-09 16:12 . 2008-05-02 02:38   301,656   --a------   c:\windows\system32\BtCoreIf.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 14:18   ---------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-08 18:45   ---------   d-----w   c:\program files\Java
2009-04-06 16:54   ---------   d-----w   c:\program files\Roxio
2009-04-06 16:54   ---------   d-----w   c:\program files\Common Files\Sonic Shared
2009-04-06 16:54   ---------   d-----w   c:\program files\Common Files\Roxio Shared
2009-04-06 16:50   ---------   d-----w   c:\documents and settings\All Users\Application Data\Roxio
2009-04-06 14:12   ---------   d-----w   c:\program files\Common Files\Real
2009-04-05 16:17   ---------   d-----w   c:\program files\Google
2009-04-05 16:13   ---------   d-----w   c:\program files\RegScrubXP
2009-04-05 16:08   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-31 22:08   ---------   d-----w   c:\program files\Creative
2009-03-19 11:52   ---------   d-----w   c:\program files\Common Files\Adobe
2009-03-09 20:12   ---------   d-----w   c:\program files\Common Files\Logitech
2009-03-09 20:11   ---------   d-----w   c:\program files\Common Files\Logishrd
2009-03-09 09:19   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-01 16:13   ---------   d-----w   c:\documents and settings\All Users\Application Data\McAfee.com
2009-02-17 15:11   ---------   d-----w   c:\program files\AOL 9.5
2009-02-17 13:59   ---------   d-----w   c:\program files\Common Files\AOL
2009-02-17 13:58   ---------   d-----w   c:\program files\Common Files\aolshare
2009-02-17 13:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\AOL
2009-02-17 13:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-12 00:50   ---------   d-----w   c:\program files\AOL 9.1
2009-02-11 16:25   499,712   ----a-w   c:\windows\system32\msvcp71.dll
2009-02-11 16:25   348,160   ----a-w   c:\windows\system32\msvcr71.dll
2009-02-11 06:38   ---------   d-----w   c:\program files\service pack 3 overview downloads
2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
2009-01-30 22:01   10,520   ----a-w   c:\windows\system32\avgrsstx.dll
2008-11-24 17:07   2,217   ----a-w   c:\program files\devicetable.log
2008-11-12 15:58   93,696   ----a-w   c:\program files\Freebie - Mary Stafford - How I use EFT with Kids.ppt
2008-11-10 05:17   379,392   ----a-w   c:\program files\subinacl.msi
2008-11-10 05:15   208,144   ----a-w   c:\program files\uninstall_flash_player.exe
2008-09-05 18:01   267,056   ----a-w   c:\program files\utorrent.exe
2008-08-25 17:05   930   ----a-w   c:\program files\reset_minimal.zip
2008-08-23 20:10   19,153,264   ----a-w   c:\program files\aaw2008.exe
2008-08-22 21:46   15,083,520   ----a-w   c:\program files\spybotsd160.exe
2008-08-21 10:17   25,740,144   ----a-w   c:\program files\wmp11-windowsxp-x86-enu.exe
2008-08-19 11:52   632,265   ----a-w   c:\program files\0pop-popup-killer-and-surf-washer.exe
2008-08-17 12:50   76   ----a-w   c:\program files\DVDPATH.TXT
2008-08-17 03:42   15,452,536   ----a-w   c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-16 22:56   24,049   ----a-w   c:\program files\System Mechanic_ Boost PC speed with new Tri-Active Registry Optimization.eml
2008-08-16 03:45   4,189,808   ----a-w   c:\program files\ComcastToolbar2_2.exe
2008-09-04 10:53   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9EEDA970-CF59-49a1-845B-60B664694E5C}"= "c:\program files\MusicBar\SrchAstt\1.bin\MZSRCAS.DLL" [2009-03-25 61440]

[HKEY_CLASSES_ROOT\clsid\{9eeda970-cf59-49a1-845b-60b664694e5c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{371C1609-EB05-4333-A09E-C607DB6BA749}]
2009-03-25 03:54   266240   --a------   c:\program files\MusicBar\bar\1.bin\MUSICBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EEDA966-CF59-49a1-845B-60B664694E5C}]
2009-03-25 03:54   61440   --a------   c:\program files\MusicBar\SrchAstt\1.bin\MZSRCAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{371C160B-EB05-4333-A09E-C607DB6BA749}"= "c:\program files\MusicBar\bar\1.bin\MUSICBAR.DLL" [2009-03-25 266240]

[HKEY_CLASSES_ROOT\clsid\{371c160b-eb05-4333-a09e-c607db6ba749}]
[HKEY_CLASSES_ROOT\TypeLib\{371C1608-EB05-4333-A09E-C607DB6BA749}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{371C160B-EB05-4333-A09E-C607DB6BA749}"= "c:\program files\MusicBar\bar\1.bin\MUSICBAR.DLL" [2009-03-25 266240]

[HKEY_CLASSES_ROOT\clsid\{371c160b-eb05-4333-a09e-c607db6ba749}]
[HKEY_CLASSES_ROOT\TypeLib\{371C1608-EB05-4333-A09E-C607DB6BA749}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"HostManager"="c:\program files\Common Files\AOL\1218857325\ee\AOLSoftware.exe" [2008-11-06 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-15 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-05-27 135168]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-08-16 684032]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MusicBar Plugin"="c:\progra~1\MusicBar\bar\1.bin\M2PLUGIN.DLL" [2009-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-06 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 18:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1218857325\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1218857325\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 10\\Creator10.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-16 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-16 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-16 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 298264]
R3 HidMouse;HidMouse;c:\windows\system32\drivers\HidMouse.sys [2008-08-15 29184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c993c493f3db38;Google Update Service (gupdate1c993c493f3db38);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S2 MusicBarService;Music Bar Service;c:\progra~1\MusicBar\bar\1.bin\mzsvc.exe [2009-03-25 28758]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-01-30 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 20:12]

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 21:34]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{2490DAE9-5585-4789-B671-5653F94D9032}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: aol.com\free
DPF: {C5D6B2AD-7C33-4AA5-A482-7DD116607625} - hxxp://ak.exe.imgfarm.com/images/nocache/musictoolbar/ei/MusicBarInitialSetup1.0.1.1.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 10:42:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-04-09 10:44:23
ComboFix-quarantined-files.txt  2009-04-09 14:44:15

Pre-Run: 18,059,862,016 bytes free
Post-Run: 18,079,199,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

215   --- E O F ---   2009-04-06 20:44:28

[tajv2005]

evilfantasy, there is the log from combo fix.

thank you very much ! I am very happy I ran combo fix !!
Everything went very smoothly.

[tajv2005]

evilfantasy
If it is of value to you, I uninstalled long ago:
system mechanic
utorrent
regedit
top speed
spybot S&D

[evilfantasy]

Your welcome.

There are a few more things to do to finish the cleanup.

evilfantasy
If it is of value to you, I uninstalled long ago:
system mechanic
utorrent
regedit
top speed
spybot S&D

I don't see anything running from those programs so it looks as if they were removed correctly. I am a bit skeptical about the Music Toolbar. Is that something you use?

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

• ViewMgr.exe - Useless
  
• Viewpoint to Plunge Into Adware

It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  
• Viewpoint Experience Technology

.
----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
c:\documents and settings\Administrator\Application Data\Viewpoint

Registry::
[-HKEY_CLASSES_ROOT\clsid\{9eeda970-cf59-49a1-845b-60b664694e5c}]

[-HKEY_CLASSES_ROOT\clsid\{371c160b-eb05-4333-a09e-c607db6ba749}]

[-HKEY_CLASSES_ROOT\TypeLib\{371C1608-EB05-4333-A09E-C607DB6BA749}]

[-HKEY_CLASSES_ROOT\clsid\{371c160b-eb05-4333-a09e-c607db6ba749}]

[-HKEY_CLASSES_ROOT\TypeLib\{371C1608-EB05-4333-A09E-C607DB6BA749}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze