Sponsored By

kohu

Popups And Dissapearing Desktop.[RESOLVED]

Recommended Posts

And hjeres the HJT log

Logfile of HijackThis v1.99.1

Scan saved at 11:35:58 AM, on 10/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\M-Audio Uno\UnoInst.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\Cyb2k.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.stumbleupon.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx

O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Share this post


Link to post
Share on other sites

Hello again,

Step 1

I see you have LimeWire installed on your system.

While the program itself is legal, most of the files downloaded with it are not.

Also, quite often the files can be infected with viruses, malware, and other undesirable applications.

I highly recommend uninstalling LimeWire via Add or Remove Programs, but this program is optional for you if you choose to want to keep it.

See HERE for details on P2P file sharing programs.

Step 2

Open notepad and copy/paste the text in the quotebox below into it:

File::

C:\WINDOWS\system32\gnfil.dll

C:\WINDOWS\system32\pkmon.dll

C:\WINDOWS\system32\adwfil.dll

C:\WINDOWS\system32\jbfil.dll

C:\WINDOWS\system32\movfil.dll

C:\WINDOWS\system32\auctfil.dll

C:\WINDOWS\system32\swfil.dll

C:\WINDOWS\system32\wrestfil.dll

C:\WINDOWS\system32\vgamfil.dll

C:\WINDOWS\system32\iawfil.dll

C:\WINDOWS\system32\hatfil.dll

C:\WINDOWS\system32\viofil.dll

C:\WINDOWS\system32\srchin.dll

C:\WINDOWS\system32\lgwfil.dll

C:\WINDOWS\system32\perfil.dll

C:\WINDOWS\system32\nvgamfil.dll

C:\WINDOWS\system32\popfil.dll

C:\WINDOWS\system32\pxyfil.dll

C:\WINDOWS\system32\tafil.dll

C:\WINDOWS\system32\finfil.dll

C:\WINDOWS\system32\gblfil.dll

C:\WINDOWS\system32\psyfil.dll

C:\WINDOWS\system32\entfil.dll

C:\WINDOWS\system32\sporfil.dll

C:\WINDOWS\system32\fmfil.dll

C:\WINDOWS\system32\chtfil.dll

C:\WINDOWS\system32\giisjvor.dll

C:\WINDOWS\system32\hjkkj.bak2

C:\WINDOWS\system32\7ADF967E6C.sys

C:\WINDOWS\system32\hjkkj.bak1

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Share this post


Link to post
Share on other sites

Okay, I didn't find Limewire in the add/remove programs. My brother installed it a while back so I unistalled it. Is there any other way to unistall it?

Also, after running combofix with the script like you told me, I couldn't connect to the internet after it was done, So I was stuck with having to do a system restore. attached the combofixlog. I'll post the HJT log after that. Oh and these were saved before I did the systm restore.

log.txt

Share this post


Link to post
Share on other sites

heres the HJT log

Logfile of HijackThis v1.99.1

Scan saved at 3:08:17 PM, on 10/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\M-Audio Uno\UnoInst.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\Cyb2k.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.stumbleupon.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx

O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Share this post


Link to post
Share on other sites

Hello again,

Sorry to hear about your internet, so lets take a different route.

Step 1

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

Step 2

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 3

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Step 4

Download and scan with SUPERAntiSpyware Free for Home Users

  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

    [*]Click the "Close" button to leave the control center screen.

    [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

    [*]On the left, make sure you check C:\Fixed Drive.

    [*]On the right, under "Complete Scan", choose Perform Complete Scan.

    [*]Click "Next" to start the scan. Please be patient while it scans your computer.

    [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

    [*]Make sure everything has a checkmark next to it and click "Next".

    [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

    [*]If asked if you want to reboot, click "Yes".

    [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply along with a fresh HJT log and the DrWeb.csv.

    [*]Click Close to exit the program.

Edited by MoNsTeReNeRgY22

Share this post


Link to post
Share on other sites

Sorry it took a while, Dr.Web took 13 hours to scan >.> Heres the Superantispyware log. I'll post teh HJT log and Dr.Web log next. Also, I just saw your edit with the deldomains and I think I installed it. Nothing else popsup when I click open after right click install correct? And I don't need to run Dr. Web again Do I? It took forever the firsttime...

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/08/2007 at 08:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3321

Trace Rules Database Version: 1322

Scan type : Complete Scan

Total Scan Time : 01:31:43

Memory items scanned : 530

Memory threats detected : 0

Registry items scanned : 6951

Registry threats detected : 3

File items scanned : 72520

File threats detected : 169

Adware.Tracking Cookie

C:\Documents and Settings\Pete's\Cookies\pete'[email protected][2].txt

C:\Documents and Settings\Pete's\Cookies\pete'[email protected][3].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected]_tracker[1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][4].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][4].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\owne[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Pete's\Cookies\pete'[email protected][2].txt

C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txt

C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txt

C:\Documents and Settings\Pete's\Cookies\pete'[email protected][1].txt

Trojan.ZenoSearch

C:\WINDOWS\system32\msnav32.ax

C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP236\A0243247.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP243\A0245474.EXE

Adware.Think-Adz

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString

Trojan.WinAntiSpyware 2007

C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\WINANTISPYWARE2007SETUP.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP118\A0150348.EXE

Adware.ClickSpring/Yazzle

C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR

C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP226\A0239176.EXE

Trojan.Net-MSV/VPS-G

C:\SYSTEM VOLUME INFORMATION\_RESTORE{70304573-AB33-4072-AA96-4495C42D15E3}\RP169\A0219791.DLL

Trojan.Downloader-Gen

C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Adware.Unknown Origin

C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Trace.Known Threat Sources

C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O1U74PY7\ping[1].htm

C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O1U74PY7\anota[1].htm

C:\Deckard\System Scanner\backup\DOCUME~1\Pete's\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GPM3816F\checkin[1].htm

Edited by Kohu

Share this post


Link to post
Share on other sites

I figured it out ;) Heres the Dr.web log.

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted

RealBar.dll;C:\Program Files\Real\Toolbar;Adware.MegaSearch.origin;Incurable.Deleted

And heres the HJT Log

Logfile of HijackThis v1.99.1

Scan saved at 3:19:46 PM, on 10/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\M-Audio Uno\UnoInst.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\Cyb2k.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.stumbleupon.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx

O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Share this post


Link to post
Share on other sites

Hello,

No need to re run Dr Web. Here are some simpler instructions for del domains.

RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") in order to download DelDomains.inf to your desktop.

To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)

Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

I also wanna see a new ComboFix log for something specific.

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites

Thank god! Okay, I installed the dell thing correctly. heres my HJT log and I attached the combofix log.

Logfile of HijackThis v1.99.1

Scan saved at 6:09:21 PM, on 10/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\M-Audio Uno\UnoInst.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\Cyb2k.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Pete's\My Documents\highjackthis\energy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.stumbleupon.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx

O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

log.txt

Share this post


Link to post
Share on other sites

Hello,

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Share this post


Link to post
Share on other sites

Oh no! Panda active scan keeps getting stuck on the checking memory part, The status bar doesn't move at all! I know its not normal because I remeber doing one 7 months ago. Help?

Share this post


Link to post
Share on other sites

Lets try a different scanner.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Share this post


Link to post
Share on other sites

Okay! Here it is

Scanning Report

Friday, October 12, 2007 18:53:43 - 21:07:24

Computer name: SHADOW

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ D:\

--------------------------------------------------------------------------------

Result: 68 malware found

Malware.ADRA (virus)

C:\HP\BIN\TRIALHTML\OFFICE 2003 EDITION 60 DAY TRIAL.EXE (Submitted)

Tracking Cookie (spyware)

System (Disinfected)

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

System

Vundo.dam (virus)

C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\QEYTGTMC.DLL (Submitted)

C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\TYKSNGLX.DLL (Submitted)

C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VLAAGGVY.DLL (Submitted)

C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\PETE'S\LOCALS~1\TEMP\VVEXJYSP.DLL (Submitted)

Vundo.gen38 (virus)

C:\WINDOWS\SYSTEM32\AOKLYWNB.INI (Submitted)

C:\WINDOWS\SYSTEM32\DKTQLWMB.INI (Submitted)

C:\WINDOWS\SYSTEM32\DVXBNWJX.INI (Submitted)

C:\WINDOWS\SYSTEM32\DWVWGUKI.INI (Submitted)

C:\WINDOWS\SYSTEM32\EUGOEIUB.INI (Submitted)

C:\WINDOWS\SYSTEM32\EVNXUPBM.INI (Submitted)

C:\WINDOWS\SYSTEM32\FGIRIWGE.INI (Submitted)

C:\WINDOWS\SYSTEM32\JRKYSUUH.INI (Submitted)

C:\WINDOWS\SYSTEM32\KNCAHCUV.INI (Submitted)

C:\WINDOWS\SYSTEM32\ODEXOPRA.INI (Submitted)

C:\WINDOWS\SYSTEM32\QBMYWCIV.INI (Submitted)

C:\WINDOWS\SYSTEM32\RASIQALO.INI (Submitted)

C:\WINDOWS\SYSTEM32\RYISDBET.INI (Submitted)

C:\WINDOWS\SYSTEM32\SKMASOQM.INI (Submitted)

C:\WINDOWS\SYSTEM32\SOEJVRLQ.INI (Submitted)

C:\WINDOWS\SYSTEM32\THEQWNDY.INI (Submitted)

C:\WINDOWS\SYSTEM32\TINAROEK.INI (Submitted)

C:\WINDOWS\SYSTEM32\TLMGWICF.INI (Submitted)

C:\WINDOWS\SYSTEM32\UBQWIPKS.INI (Submitted)

C:\WINDOWS\SYSTEM32\VPWVONJJ.INI (Submitted)

Vundo.gen39 (virus)

C:\WINDOWS\SYSTEM32\AJHHKBJY.INI (Submitted)

C:\WINDOWS\SYSTEM32\BHJPMRIE.INI (Submitted)

C:\WINDOWS\SYSTEM32\EEEQIPDS.INI (Submitted)

C:\WINDOWS\SYSTEM32\GHMXISUM.INI (Submitted)

C:\WINDOWS\SYSTEM32\HNRWTSCL.INI (Submitted)

C:\WINDOWS\SYSTEM32\ITOSLLCF.INI (Submitted)

C:\WINDOWS\SYSTEM32\JPTPINSG.INI (Submitted)

C:\WINDOWS\SYSTEM32\KAMOFHOA.INI (Submitted)

C:\WINDOWS\SYSTEM32\LWOBJSST.INI (Submitted)

C:\WINDOWS\SYSTEM32\MSDKIIUS.INI (Submitted)

C:\WINDOWS\SYSTEM32\OKGJIBGB.INI (Submitted)

C:\WINDOWS\SYSTEM32\PUCBSJTN.INI (Submitted)

C:\WINDOWS\SYSTEM32\QIGRKETY.INI (Submitted)

C:\WINDOWS\SYSTEM32\SOFLECPJ.INI (Submitted)

C:\WINDOWS\SYSTEM32\SRTBVXEW.INI (Submitted)

C:\WINDOWS\SYSTEM32\TUWRFDWI.INI (Submitted)

C:\WINDOWS\SYSTEM32\TWUTSNIL.INI (Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 66085

System: 6551

Not scanned: 12

Actions:

Disinfected: 1

Renamed: 0

Deleted: 0

None: 67

Submitted: 42

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX

C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL

C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL

C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL

C:\RECYCLER\S-1-5-21-321053874-2636943631-3830183119-1003\DC11.LNK

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\COMPONENTS\VETSDK.DLL

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\XAUPDATE.EXE

C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\PLUG_INS\MULTIMEDIA\MPP\ATMOSPHEREMPP.MPP

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD491DC9AFBF2A7891310B584217359_A041A4AD-923E-4008-913D-823040B1FB43

--------------------------------------------------------------------------------

Options

Scanning engines:

F-Secure AVP: 7.0.171, 2007-10-12

F-Secure Blacklight: 1.0.64

F-Secure Draco: 1.0.35, 0598-150-72

F-Secure Libra: 2.4.2, 2007-10-12

F-Secure Orion: 1.2.37, 2007-10-12

F-Secure Pegasus: 1.19.0, 2007-09-10

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Share this post


Link to post
Share on other sites

Hi again,

1. Close all windows so that you have nothing open and you are at your Desktop.

2. Click on Start, then click on Run.

3. In the Open: field copy and paste the entire contents inside the CODE box below and press the OK button.

"%userprofile%\Desktop\dss.exe" /config

This will open up DSS configuration.

4. Click on Check All.

5. Click Scan.

DSS will now run again.

6. When finished, please post back both logs that open in Notepad: main.txt and extra.txt.

Share this post


Link to post
Share on other sites

Okay, heres the main.txt

Deckard's System Scanner v20070905.67

Run by Pete's on 2007-10-13 11:25:41

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

145: 2007-10-13 18:25:59 UTC - RP250 - Deckard's System Scanner Restore Point

144: 2007-10-13 16:37:44 UTC - RP249 - System Checkpoint

143: 2007-10-12 02:21:52 UTC - RP248 - System Checkpoint

142: 2007-10-11 00:35:59 UTC - RP247 - ComboFix created restore point

141: 2007-10-10 03:39:54 UTC - RP246 - Software Distribution Service 3.0

-- First Restore Point --

1: 2007-07-13 20:22:18 UTC - RP106 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Pete's.exe) ----------------------------------------------

Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-10-13 11:26:13

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16544)

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\M-Audio Uno\UnoInst.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system\hpsysdrv.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\hp\KBD\kbd.exe

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\Cyb2k.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Comodo\Firewall\cpf.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Pete's\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: (no name) - - (no file)

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll

O4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKEY_LOCAL_MACHINE\..\Run: [VTTimer] VTTimer.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKEY_LOCAL_MACHINE\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKEY_LOCAL_MACHINE\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKEY_LOCAL_MACHINE\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.stumbleupon.com (HKCU)

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocx

O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - "C:\Program Files\Viewpoint\Common\ViewpointService.exe"

-- HijackThis Fixed Entries (C:\DOCUME~1\Pete's\MYDOCU~1\HIGHJA~1\backups\) ----

backup-20070726-153724-152 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

backup-20070726-153724-372 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

backup-20070726-153724-455 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

backup-20071006-101222-293 O2 - BHO: (no name) - {B62F5B2F-FB3C-45BC-97BF-9EBE1A61AED4} - C:\WINDOWS\system32\awvtr.dll (file missing)

backup-20071006-101222-426 O4 - Startup: PowerReg Scheduler V3.exe

backup-20071006-101222-521 O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

backup-20071006-101222-647 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinqmds.exe CHD003

backup-20071006-101222-823 O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinqmds.exe

backup-20071006-101223-307 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys

R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys

R3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>

R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>

R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 rxp - c:\windows\system32\drivers\rxp.sys (file missing)

S3 catchme - c:\docume~1\pete's\locals~1\temp\catchme.sys (file missing)

S3 EVOLUSB (%EVOL_USB_SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>

S3 pnicml - c:\docume~1\owner\locals~1\temp\pnicml.sys (file missing)

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>

S3 samhid - c:\windows\system32\drivers\samhid.sys (file missing)

S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>

R2 UnoInstallerService (Uno Installer) - c:\program files\m-audio uno\unoinst.exe <Not Verified; ; EvoUno USB Installer Service>

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\78232CE01800

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\78232CE01800

Service: NIC1394

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 828)

2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1048)

2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 1172)

2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2006-06-26 10:37:10 148480 --a------ C:\WINDOWS\system32\dnsapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2001-03-11 16:01:42 159744 --a------ C:\WINDOWS\system32\lspcs.dll <Not Verified; Solid Oak; internet filter>

2006-06-26 10:37:10 8192 --a------ C:\WINDOWS\system32\rasadhlp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\system32\svchost.exe (pid 616)

2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

C:\WINDOWS\explorer.exe (pid 3320)

2007-06-19 06:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2007-07-31 18:44:42 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes>

2007-07-31 18:44:42 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes>

-- :: 0 --------- C:\DOCUME~1\Pete's\LOCALS~1\Temp\IadHide4.dll

2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>

2005-09-23 08:28:50 9216 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>

2007-04-13 03:21:12 5634048 --a------ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>

-- Scheduled Tasks -------------------------------------------------------------

2007-09-07 21:40:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-09-13 and 2007-10-13 -----------------------------

2007-10-08 18:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-10-08 18:25:05 0 d-------- C:\Program Files\SUPERAntiSpyware

2007-10-08 18:25:05 0 d-------- C:\Documents and Settings\Pete's\Application Data\SUPERAntiSpyware.com

2007-10-08 10:38:38 0 d-------- C:\Documents and Settings\Pete's\DoctorWeb

2007-10-07 21:20:08 0 d-------- C:\Documents and Settings\Pete's\Application Data\WinRAR

2007-10-07 17:20:13 0 d-------- C:\Program Files\Rocket Division Software

2007-10-07 15:43:27 0 d-------- C:\Program Files\SpywareBlaster

2007-10-07 15:43:27 0 d-------- C:\Program Files\Panicware

2007-10-07 15:43:14 0 d-------- C:\Program Files\Lionhead Studios

2007-10-07 15:42:59 0 d-------- C:\Program Files\EA Games

2007-10-07 15:42:49 0 d-------- C:\Documents and Settings\Pete's\Application Data\Microsoft Games

2007-10-07 15:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games

2007-10-07 15:41:03 0 d-------- C:\Program Files\Hasbro Interactive

2007-10-07 15:40:59 0 d-------- C:\Program Files\Game_Maker6

2007-10-07 15:40:59 0 d-------- C:\Program Files\eMule

2007-10-07 15:40:59 0 d-------- C:\Program Files\ASUS

2007-10-07 15:40:56 0 d-------- C:\Starcraft

2007-10-07 15:40:56 0 d-------- C:\Program Files\Clever Batch Image Converter

2007-10-07 15:40:56 0 d-------- C:\Program Files\BitComet

2007-10-07 15:40:56 0 d-------- C:\Program Files\BatchDPG

2007-10-07 10:57:02 0 d-------- C:\Program Files\R4 Commander

2007-10-05 19:13:19 0 d-------- C:\Documents and Settings\Pete's\Application Data\Comodo

2007-10-05 19:13:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo

2007-10-05 19:09:21 0 d-------- C:\Program Files\Comodo

2007-10-05 15:50:12 0 d-------- C:\Program Files\Alwil Software

2007-10-04 18:46:47 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>

2007-10-03 19:00:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google

2007-09-29 19:54:32 0 d-------- C:\New Folder

2007-09-29 14:16:33 0 d-------- C:\Program Files\VOCALOID2

2007-09-29 14:13:28 200704 --a------ C:\WINDOWS\system32\libguide40.dll <Not Verified; Intel Corporation; Guide Run-time Library>

2007-09-29 14:13:28 4874240 --a------ C:\WINDOWS\system32\DSE2_DFT.dll

2007-09-28 15:44:38 0 d-------- C:\Program Files\Steinberg

2007-09-28 15:20:25 0 d-------- C:\Program Files\VOCALOID

2007-09-20 20:46:18 0 d-------- C:\Program Files\Windows Media Connect 2

2007-09-20 20:41:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF

-- Find3M Report ---------------------------------------------------------------

2007-10-11 18:09:00 0 d-------- C:\Program Files\M-Audio Uno

2007-10-11 18:08:53 0 d-------- C:\Program Files\iTunes

2007-10-11 18:08:43 0 d-------- C:\Program Files\Lexmark 2400 Series

2007-10-11 18:08:23 0 d-------- C:\Program Files\Messenger

2007-10-11 18:08:11 0 d-------- C:\Program Files\Lexmark Toolbar

2007-10-11 18:08:11 0 d-------- C:\Program Files\Google

2007-10-11 18:08:10 0 d-------- C:\Program Files\StumbleUpon

2007-10-08 18:24:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-10-08 12:28:02 0 d-------- C:\Program Files\Project64 1.6

2007-10-07 15:47:31 0 d-------- C:\Program Files\lx_cats

2007-10-07 15:45:21 0 d-------- C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information

2007-10-07 15:40:48 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-07 10:14:21 0 d-------- C:\Program Files\Microsoft Games

2007-10-07 10:09:39 0 d-------- C:\Documents and Settings\Pete's\Application Data\My Battle for Middle-earth Files

2007-10-07 00:33:17 0 d-------- C:\Program Files\MAIET

2007-10-07 00:33:06 0 d-------- C:\Program Files\Line Adventures

2007-10-07 00:27:07 0 d-------- C:\Program Files\UltraISO

2007-10-07 00:26:46 0 d-------- C:\Program Files\TurboTax

2007-10-07 00:26:40 0 d-------- C:\Program Files\Common Files

2007-10-07 00:26:17 0 d-------- C:\Program Files\Total Video Converter

2007-10-07 00:23:09 0 d-------- C:\Program Files\Datel

2007-10-07 00:22:47 0 d-------- C:\Program Files\Lenogo iPod to PC Transfer

2007-10-07 00:19:44 0 d-------- C:\Documents and Settings\Pete's\Application Data\Google

2007-10-07 00:16:56 0 d-------- C:\Program Files\DarwiniaDemo2

2007-10-07 00:16:14 0 d-------- C:\Documents and Settings\Pete's\Application Data\Dev-Cpp

2007-10-07 00:15:29 0 d-------- C:\Program Files\AviSynth 2.5

2007-10-05 15:10:39 28 --a------ C:\WINDOWS\liccyval.dat

2007-10-04 20:04:22 0 d-------- C:\Program Files\Java

2007-09-30 16:32:37 0 d-------- C:\Documents and Settings\Pete's\Application Data\NetMedia Providers

2007-09-29 13:36:15 0 d-------- C:\Documents and Settings\Pete's\Application Data\InstallShield

2007-09-29 11:13:44 0 d-------- C:\Documents and Settings\Pete's\Application Data\uTorrent

2007-09-29 10:37:38 0 d-------- C:\Program Files\MagicISO

2007-09-28 15:52:58 2246 --a------ C:\WINDOWS\system32\wzfil.dll

2007-09-28 15:52:56 6050 --a------ C:\WINDOWS\system32\wrestfil.dll

2007-09-28 15:52:56 4162 --a------ C:\WINDOWS\system32\viofil.dll

2007-09-28 15:52:56 5782 --a------ C:\WINDOWS\system32\vgamfil.dll

2007-09-28 15:52:56 1656 --a------ C:\WINDOWS\system32\tapfil.dll

2007-09-28 15:52:56 14712 --a------ C:\WINDOWS\system32\tafil.dll

2007-09-28 15:52:56 6830 --a------ C:\WINDOWS\system32\swfil.dll

2007-09-28 15:52:56 258 --a------ C:\WINDOWS\system32\srchout.dll

2007-09-28 15:52:56 3444 --a------ C:\WINDOWS\system32\srchin.dll

2007-09-28 15:52:56 540 --a------ C:\WINDOWS\system32\srchfrgn.dll

2007-09-28 15:52:56 12266 --a------ C:\WINDOWS\system32\sporfil.dll

2007-09-28 15:52:56 724 --a------ C:\WINDOWS\system32\spmfil.dll

2007-09-28 15:52:56 592 --a------ C:\WINDOWS\system32\snetfil.dll

2007-09-28 15:52:54 157916 --a------ C:\WINDOWS\system32\pxyfil.dll

2007-09-28 15:52:54 12730 --a------ C:\WINDOWS\system32\psyfil.dll

2007-09-28 15:52:54 16802 --a------ C:\WINDOWS\system32\popfil.dll

2007-09-28 15:52:54 9634 --a------ C:\WINDOWS\system32\pkmon.dll

2007-09-28 15:52:54 306 --a------ C:\WINDOWS\system32\picsfil.dll

2007-09-28 15:52:54 22618 --a------ C:\WINDOWS\system32\perfil.dll

2007-09-28 15:52:52 17488 --a------ C:\WINDOWS\system32\nvgamfil.dll

2007-09-28 15:52:52 116 --a------ C:\WINDOWS\system32\nfil.dll

2007-09-28 15:52:52 670 --a------ C:\WINDOWS\system32\mp3fil.dll

2007-09-28 15:52:52 7778 --a------ C:\WINDOWS\system32\movfil.dll

2007-09-28 15:52:52 34 --a------ C:\WINDOWS\system32\macfil.dll

2007-09-28 15:52:52 3286 --a------ C:\WINDOWS\system32\lgwfil.dll

2007-09-28 15:52:52 18 --a------ C:\WINDOWS\system32\lastupdate.dll

2007-09-28 15:52:52 8652 --a------ C:\WINDOWS\system32\jbfil.dll

2007-09-28 15:52:52 1100 --a------ C:\WINDOWS\system32\imgfil.dll

2007-09-28 15:52:52 194 --a------ C:\WINDOWS\system32\igefil.dll

2007-09-28 15:52:52 5180 --a------ C:\WINDOWS\system32\iawfil.dll

2007-09-28 15:52:52 4442 --a------ C:\WINDOWS\system32\hatfil.dll

2007-09-28 15:52:52 9796 --a------ C:\WINDOWS\system32\gnfil.dll

2007-09-28 15:52:50 1482 --a------ C:\WINDOWS\system32\gdwfil.dll

2007-09-28 15:52:50 13070 --a------ C:\WINDOWS\system32\gblfil.dll

2007-09-28 15:52:50 1816 --a------ C:\WINDOWS\system32\fshrfil.dll

2007-09-28 15:52:50 11338 --a------ C:\WINDOWS\system32\fmfil.dll

2007-09-28 15:52:50 13154 --a------ C:\WINDOWS\system32\finfil.dll

2007-09-28 15:52:50 12422 --a------ C:\WINDOWS\system32\entfil.dll

2007-09-28 15:52:50 1830 --a------ C:\WINDOWS\system32\cultfil.dll

2007-09-28 15:52:50 1790 --a------ C:\WINDOWS\system32\csnews.dll

2007-09-28 15:52:50 10906 --a------ C:\WINDOWS\system32\chtfil.dll

2007-09-28 15:52:50 400 --a------ C:\WINDOWS\system32\bsnlst.dll

2007-09-28 15:52:50 100 --a------ C:\WINDOWS\system32\bnrfil.dll

2007-09-28 15:52:48 7642 --a------ C:\WINDOWS\system32\auctfil.dll

2007-09-28 15:52:48 88076 --a------ C:\WINDOWS\system32\adwfil.dll

2007-09-17 16:11:43 0 d-------- C:\Program Files\Common Files\InstallShield

2007-08-27 15:45:35 0 d-------- C:\Program Files\Real

2007-08-27 15:44:12 0 d-------- C:\Program Files\Windows Live

2007-08-24 18:40:38 0 d-------- C:\Program Files\HP

2007-08-24 16:52:11 0 d-------- C:\Documents and Settings\Pete's\Application Data\Macromedia

2007-08-20 12:50:18 0 d-------- C:\Program Files\Accursed Toys

2007-08-19 15:54:07 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-08-17 10:50:28 3648 --a------ C:\WINDOWS\system32\giisjvor.dll

2007-08-14 13:56:50 0 d-------- C:\Program Files\LimeWire

2007-08-13 19:02:00 0 d-------- C:\Program Files\iPod

2007-08-13 18:02:08 0 d-------- C:\Program Files\QuickTime

2007-08-13 18:00:19 0 d-------- C:\Program Files\Apple Software Update

2007-08-13 17:59:42 0 d-------- C:\Program Files\Common Files\Apple

2007-07-25 21:26:12 22907904 --a------ C:\ledbackground

2007-07-24 17:44:42 23 --a------ C:\Documents and Settings\Pete's\Application Data\Download.url

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 02:54 PM]

"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 04:23 AM]

"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 04:15 AM]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM]

"VTTimer"="VTTimer.exe" [01/15/2004 09:33 PM C:\WINDOWS\system32\VTTimer.exe]

"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]

"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/30/2004 10:10 PM]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]

"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]

"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 01:48 PM]

"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/07/2006 01:10 AM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2004 07:07 PM]

"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" []

"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [10/16/2001 11:10 AM]

"C2K"="C:\WINDOWS\Cyb2k.exe" [08/03/2004 10:47 AM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 03:06 AM]

"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [10/05/2007 07:09 PM]

"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [02/24/2006 07:54 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]

"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 02:34 AM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/04/2007 07:23 PM]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [1/2/2005 4:50:01 PM]

EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [8/22/2004 12:45:32 PM]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 1:19:24 PM]

Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [4/1/2004 2:16:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2007-10-13 11:31:32 ------------

Share this post


Link to post
Share on other sites

And heres the extra.txt

Deckard's System Scanner v20070905.67

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: AMD Athlon XP 3200+

Percentage of Memory in Use: 73%

Physical Memory (total/avail): 511.48 MiB / 136.72 MiB

Pagefile Memory (total/avail): 1151.71 MiB / 718.46 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1955.61 MiB

C: is Fixed (NTFS) - 144.25 GiB total, 82.34 GiB free.

D: is Fixed (FAT32) - 4.79 GiB total, 0.62 GiB free.

E: is CDROM (No Media)

F: is CDROM (CDFS)

H: is Removable (No Media)

I: is Removable (No Media)

J: is Removable (No Media)

K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions

\PARTITION0 - Unknown - 4.79 GiB - D:

\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FW: COMODO Firewall Pro v2.3.035 (COMODO)

AV: avast! antivirus 4.7.1043 [VPS 000780-2] v4.7.1043 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Pete's\Application Data

CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

COLLECTIONID=COL8143

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=SHADOW

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Pete's

ITEMID=dj-22741-6

LANG=1033

LOGONSERVER=\\SHADOW

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

OSVER=winXPH

PAPATH=c:/devkitPro/PAlib/

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0a00

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

SESSIONID=1098426280950wuws04-l1e1be92:ffbf4e2f8a:3c80

SESSIONNAME=Console

SWUTVER=1.0.22.20030804

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Pete's\LOCALS~1\Temp

TIMEOUT=0

TMP=C:\DOCUME~1\Pete's\LOCALS~1\Temp

TOOLPATH=/c:\Program%20Files\HP\HP%20Software%20Update\install.htm

UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad0131D.tmp

USERDOMAIN=SHADOW

USERNAME=Pete's

USERPROFILE=C:\Documents and Settings\Pete's

VERSION=3.0.2.97

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Owner (admin)

Pete's (admin)

Kid (new local, admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"

Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}

Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"

Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe ActiveShare 1.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\ActiveShare\Uninst.isu"

Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe PhotoDeluxe Home Edition 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"

Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}

Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}

Agere Systems PCI Soft Modem --> agrsmdel

Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}

Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI DVD Decoder 2.2.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{45D228AA-4284-467A-9DB6-942B92BFF656} /l1033

ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"

ATI Multimedia Center 8.6.0.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB} /l1033

avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"

Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly

Civilization III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}

COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln

Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"

DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u

EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r

GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}

Ghost Recon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe"

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HijackThis 1.99.1 --> C:\Documents and Settings\Pete's\My Documents\highjackthis\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

How To Master Excel 2000 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Uninst.isu

HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat

HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG

HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat

HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat

HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}

Impossible Creatures 1.0.1 --> MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}

Ink Monitor --> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U

InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL

InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL

iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033

ips XP 1.11.2600 --> "C:\Program Files\ipsXP\unins000.exe"

ips XP 1.11.2600 --> "C:\Program Files\ipsXP\unins000.exe"

ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}

iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Kazaa Lite K++ v2.4.3 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"

Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe

Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"

Lords of the Realm III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C1EAF33-82AD-4A63-B56D-4739172714DF}\Setup.exe" -l0x9

Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG

Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}

Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf

Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}

Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}

Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}

Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}

Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

Need For Speed Hot Pursuit 2 --> C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe

Nintendo DS - GBA Max Drive --> "C:\Program Files\Datel\Nintendo DS - GBA Max Drive\unins000.exe"

Norton Internet Security --> MsiExec.exe /I{88770EA7-9E8F-483C-ADDB-5F633691C036}

Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"

Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"

Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"

overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}

Paint.NET v3.08 --> MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}

Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan

PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"

Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat

Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"

Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG

Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

PS2 --> C:\WINDOWS\system32\ps2.exe uninstall

QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}

Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"

Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log

Roller Coaster Tycoon --> C:\PROGRA~1\INFOGR~2\ROLLER~1\UNWISE.EXE C:\PROGRA~1\INFOGR~2\ROLLER~1\INSTALL.LOG

RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9

S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'

S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'

S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'

S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'

SC Ver 2.60 --> "C:\Program Files\SC\unins000.exe"

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly

Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033

Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"

Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

Sony ACID Music Studio 6.0b --> MsiExec.exe /X{D4A823CA-D124-456E-9A98-71544A928897}

SpongeBob SquarePants - The Movie --> RunDll32 C:\DOCUME~1\Pete's\APPLIC~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information\{B98D958E-9E59-43B7-B47F-043D45D73EE6}\setup.exe" -l0x9 -uninst

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

Street Atlas USA Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3409AD65-7A2A-46D4-8F07-DB1508B9158D}\setup.exe" NoMode

StumbleUpon IE Toolbar --> C:\Program Files\StumbleUpon\uninstall.exe

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

The Battle for Middle-earth --> C:\Program Files\EA GAMES\The Battle for Middle-earth \EAUninstall.exe

The Hobbit --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{023FFB0A-C5DB-4930-B3E4-D48266C21738}

Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe

Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"

TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}

UniChrome IGP Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns

Uno --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8E28912-A7B8-488C-B259-33F9014B9D09}\setup.exe" -l0x9

Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903

VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

VOCALOID Editor V1.1.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}\setup.exe" -l0x9

VOCALOID Expression DB (Miriam) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44F77FBE-828D-4B04-A02B-C70426F65C86}\setup.exe" -l0x9

VOCALOID Expression DB (Standard) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}\setup.exe" -l0x9

VOCALOID SKIN (Zero-G MIRIAM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BBB3758-6759-4086-835B-1D665DBE979F}\setup.exe" -l0x9

VOCALOID Voice DB (Miriam) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{146303B2-EA46-4BFB-8054-FC75A0D0088B}\setup.exe" -l0x9

VOCALOID VSTi V1.1.1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAC611DA-E445-4D7A-8311-7389C627FA32}\setup.exe" -l0x9

VOCALOID2 Editor V2.0.2.4J --> C:\Program Files\InstallShield Installation Information\{F1C1C21B-F56E-400B-B0B0-270D817889F3}\setup.exe -runfromtemp -l0x0009 -removeonly

VOCALOID2 Expression DB (Standard) --> C:\Program Files\InstallShield Installation Information\{B6588186-9657-486C-AEB1-F57D8E160F19}\setup.exe -runfromtemp -l0x0009 -removeonly

VOCALOID2 Voice DB (Miku) --> C:\Program Files\InstallShield Installation Information\{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}\setup.exe -runfromtemp -l0x0009 -removeonly

VOCALOID2 VSTi V2.0.2.0 --> C:\Program Files\InstallShield Installation Information\{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}\setup.exe -runfromtemp -l0x0009 -removeonly

Where Am I Dataset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A202CE5-2F2C-484F-B43E-523943D68E68}\setup.exe" NoMode

Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}

Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}

Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Word Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"

Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall

Zoo Tycoon 2 Patch --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTPA.EXE" /runtemp /uninstall

-- Application Event Log -------------------------------------------------------

Event Record #/Type13141 / Error

Event Submitted/Written: 10/13/2007 11:29:28 AM

Event ID/Source: 5 / CYBERsitter

Event Description:

Exception Error - GETCIP [11004] Valid name, no data record of requested type

Event Record #/Type13140 / Error

Event Submitted/Written: 10/13/2007 11:28:43 AM

Event ID/Source: 5 / CYBERsitter

Event Description:

Exception Error - GETCIP [11004] Valid name, no data record of requested type

Event Record #/Type13139 / Error

Event Submitted/Written: 10/13/2007 11:27:28 AM

Event ID/Source: 5 / CYBERsitter

Event Description:

Exception Error - GETCIP [11004] Valid name, no data record of requested type

Event Record #/Type13138 / Error

Event Submitted/Written: 10/13/2007 11:26:29 AM

Event ID/Source: 5 / CYBERsitter

Event Description:

Exception Error - GETCIP [11004] Valid name, no data record of requested type

Event Record #/Type13137 / Error

Event Submitted/Written: 10/13/2007 11:25:30 AM

Event ID/Source: 5 / CYBERsitter

Event Description:

Exception Error - GETCIP [11004] Valid name, no data record of requested type

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type16918 / Error

Event Submitted/Written: 10/13/2007 10:30:11 AM

Event ID/Source: 7034 / Service Control Manager

Event Description:

The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type16888 / Error

Event Submitted/Written: 10/13/2007 08:58:27 AM

Event ID/Source: 7026 / Service Control Manager

Event Description:

The following boot-start or system-start driver(s) failed to load:

rxp

Event Record #/Type16859 / Error

Event Submitted/Written: 10/12/2007 05:35:50 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

The following boot-start or system-start driver(s) failed to load:

rxp

Event Record #/Type16821 / Error

Event Submitted/Written: 10/12/2007 03:23:46 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

The following boot-start or system-start driver(s) failed to load:

rxp

Event Record #/Type16788 / Error

Event Submitted/Written: 10/11/2007 05:20:15 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

The following boot-start or system-start driver(s) failed to load:

rxp

-- End of Deckard's System Scanner: finished at 2007-10-13 11:31:32 ------------

Share this post


Link to post
Share on other sites

Hello again,

Step 1

I see you have Kazaa Lite K++ v2.4.3 installed on your system.

While the program itself is legal, most of the files downloaded with it are not.

Also, quite often the files can be infected with viruses, malware, and other undesirable applications.

I highly recommend uninstalling Kazaa Lite K++ v2.4.3 via Add or Remove Programs, but this program is optional for you if you choose to want to keep it.

See HERE for details on P2P file sharing programs.

Step 2

Since you already have AVG Anti Spyware installed, please do the following.

  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

    [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

    [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

    [*]Under "Reports"

    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

NOTE: if you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net/en/download/updates/

NOTE: if you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ewido.net/public.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> reg.gif double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Share this post


Link to post
Share on other sites

Every things running fine, And I haven't noticed any bad things so far! Thanks a lot for the help so far! And sorry its taking a while. I'm loving the firewall and Avast!

Share this post


Link to post
Share on other sites

Nice job your log looks clean !

How is it running ?

Please use the following suggestion to help prevent reinfection.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

  • Click Start, Settings, Control Panel
  • Double-click the System icon
  • Click the Performance tab, File System, Troubleshooting tab
  • Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  • Then uncheck "Turn off System Restore" which will create a new System Restore point
  • Click OK

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SUPERAntiSpyware - A very powerful tool which searches and kills malware that infects your system.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir.

DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Zone Alarm, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little action-smiley-036.gifHow did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing :)

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.