Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 Jls900

Jls900

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 04 May 2008 - 12:27 AM

Here is my HiJackThis log.

All i know about my virus is that it has popups and slows me down terribly, and when it goes untreated for a day it completely disables applications.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:32 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\taskmgr.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll
O2 - BHO: (no name) - {38617DDB-E01A-48B6-B21D-89456E1B31A1} - C:\WINDOWS\system32\pmnomLEW.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {847B6838-BFB6-40a1-8888-736928099059} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\cbXRKExw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM38027741] Rundll32.exe "C:\WINDOWS\system32\jrdaopbn.dll",s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O20 - Winlogon Notify: cbXRKExw - cbXRKExw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10116 bytes

BC AdBot (Login to Remove)

 


m

#2 Octagonal

Octagonal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 04 May 2008 - 06:17 AM

Hi Jls900,

Welcome to BleepingComputer. :thumbsup:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
~ Octagonal ~

#3 Jls900

Jls900
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 04 May 2008 - 10:45 AM

Hello. Thanks a ton for helping, I did what you said and here are my logs. First is the ComboFix log.

ComboFix 08-05-01.3 - HP_Owner 2008-05-04 11:20:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\Temporary
C:\WINDOWS\adaway.lic
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\1564928781.CPX
C:\WINDOWS\system32\15649287812.CPX
C:\WINDOWS\system32\156492878133.CPX
C:\WINDOWS\system32\1564928782.CPX
C:\WINDOWS\system32\15649287833.CPX
C:\WINDOWS\system32\pkivsjmp.ini
C:\WINDOWS\system32\WELmonmp.ini
C:\WINDOWS\system32\WELmonmp.ini2
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 21:14 . 2008-05-03 21:16 <DIR> d-------- C:\Program Files\Adware Away
2008-05-03 20:53 . 2008-05-03 21:04 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-03 20:53 . 2008-05-03 20:53 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-05-03 20:53 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-03 20:53 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-03 20:53 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-03 20:53 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-03 20:39 . 2008-05-03 20:39 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-03 19:51 . 2008-05-03 19:54 221 --a------ C:\WINDOWS\wininit.ini
2008-05-03 19:21 . 2008-05-03 19:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 19:21 . 2008-05-03 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 19:07 . 2008-05-03 19:07 <DIR> d-------- C:\New Folder
2008-05-01 16:26 . 2008-05-01 16:26 <DIR> d-------- C:\WINDOWS\qkof
2008-05-01 16:26 . 2008-05-03 18:12 <DIR> d-------- C:\Program Files\Common Files\qkof
2008-04-30 21:11 . 2008-04-30 21:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-04-30 14:30 . 2008-04-30 14:30 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-30 14:05 . 2008-04-30 14:05 <DIR> d-------- C:\Program Files\Spcron
2008-04-30 14:00 . 2008-04-30 14:00 <DIR> d-------- C:\Program Files\Svconr
2008-04-30 13:06 . 2008-04-30 14:22 109,771 --a------ C:\WINDOWS\BM38027741.xml
2008-04-29 13:53 . 2008-04-29 13:59 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\MilkShape 3D 1.x.x
2008-04-29 13:52 . 2008-04-29 13:52 <DIR> d-------- C:\Program Files\MilkShape 3D 1.8.2
2008-04-17 14:20 . 2008-05-01 23:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 14:20 . 2008-04-17 14:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 19:15 . 2008-04-11 19:15 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Anvil Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 15:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 18:45 --------- d-----w C:\Program Files\Plaxo
2008-04-29 23:00 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\gtk-2.0
2008-04-27 20:18 --------- d-----w C:\Program Files\Steam
2008-04-24 17:40 --------- d-----w C:\Program Files\AgeOfTime
2008-04-17 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-04-14 01:13 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2008-04-12 17:15 --------- d-----w C:\Program Files\DominateGame
2008-04-08 15:38 --------- d-----w C:\Program Files\AgeOfTime_0003
2008-03-25 13:57 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2006-09-24 17:05 803 ----a-w C:\Documents and Settings\john\Application Data\waver_2.95.dat
2006-08-21 19:26 519 ----a-w C:\Documents and Settings\john\coindata.dat
2006-06-14 17:15 778 ----a-w C:\Documents and Settings\john\sktvars.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38617DDB-E01A-48B6-B21D-89456E1B31A1}]
C:\WINDOWS\system32\pmnomLEW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{847B6838-BFB6-40a1-8888-736928099059}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 15:32 68856]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [2008-04-30 14:00 57344]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 06:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 03:12 49152]
"HostManager"="C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe" [2006-05-09 20:24 50760]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-05 02:34 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-07 12:25 180269]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 13:38 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"BM38027741"="C:\WINDOWS\system32\jrdaopbn.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-04-22 18:18:09 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-03-07 12:44:57 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRKExw]
cbXRKExw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Blockland\\Blockland.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Documents and Settings\\john\\Desktop\\Copy of Copy of Blockland junk222\\blockLand.exe"=
"C:\\Documents and Settings\\john\\Desktop\\Copy (2) of Copy of Blockland junk222\\blockLand.exe"=
"C:\\Documents and Settings\\john\\Desktop\\Main BL\\blockLand.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Yahoo! Games\\Tradewinds\\tradewinds.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Documents and Settings\\john\\Desktop\\AoTv3Patch\\AgeOfTime_0003\\AgeOfTime.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\AgeOfTime_0003\\AgeOfTime.exe"=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\AgeOfTime\\AgeOfTime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 11:30:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-05-04 11:40:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 15:40:11

Pre-Run: 6,210,523,136 bytes free
Post-Run: 9,524,740,096 bytes free

187 --- E O F --- 2008-04-11 05:39:20

And heres the new Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:44 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {38617DDB-E01A-48B6-B21D-89456E1B31A1} - C:\WINDOWS\system32\pmnomLEW.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {847B6838-BFB6-40a1-8888-736928099059} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BM38027741] Rundll32.exe "C:\WINDOWS\system32\jrdaopbn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O20 - Winlogon Notify: cbXRKExw - cbXRKExw.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9055 bytes

#4 Octagonal

Octagonal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 04 May 2008 - 08:03 PM

Hi Jls900,

Let's see if we can clean all of this in one go. :thumbsup:

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\jrdaopbn.dll

Folder::
C:\Program Files\Spcron
C:\Program Files\QdrPack
C:\Program Files\Poker.com

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38617DDB-E01A-48B6-B21D-89456E1B31A1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{847B6838-BFB6-40a1-8888-736928099059}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svconr"=-
"QdrPack15"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM38027741"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRKExw]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following Combofix.txt log into your next reply.

Reboot the computer if it did not ask you to.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Select a target to scan; click on My Computer.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete choose the option to Save as Text.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply please post the following:
  • ComboFix.txt
  • SUPERAntiSpyware results
  • Kaspersky results
  • A fresh Hijackthis log
And let me know how your system is now behaving.
~ Octagonal ~

#5 Jls900

Jls900
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 05 May 2008 - 12:52 AM

Hey again, did everything you said and got all the logs. It was to much text to post so i pasted it all into a text file to upload, but that was to big too!

So i uploaded it into a site i know.

Leave the username blank and the password is "logs"

Here's the link

#6 Octagonal

Octagonal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 06 May 2008 - 03:09 AM

If you can't fit all the log into one post then split them over several posts. Just be sure to begin the next one where the previous one finishes so that we don't miss anything.

I notice that you have quite a bit of downloaded music and cracked software files on your system. A lot of these files are infected with an embedded worm. You must follow these directions and delete those files if you wish to clean your computer. It is not worth it to back-up those files as they will only re-infect any computer that you run them on. It is reasonable to suspect that those files were downloaded by Peer to Peer software so I ask you to not use those types of programs while we are cleaning your system.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b]C:\Documents and Settings\HP_Owner\Desktop\junk\family-feud-online-party-setup.exe
    C:\Documents and Settings\HP_Owner\Desktop\junk\internet_macro.zip
    C:\Documents and Settings\HP_Owner\Shared\(AniRena)[BSS] Kawaii! JeNny - 01 [640x480 XviD][MP3][3F52722A] avi.zip
    C:\Documents and Settings\HP_Owner\Shared\- Select one -.zip
    C:\Documents and Settings\HP_Owner\Shared\2007 - Serj Tankian - Elect the Dead (3 songs).zip
    C:\Documents and Settings\HP_Owner\Shared\25 Hi Res Wallpapers of the Ford Mustang GTR Concept -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\50 Most Download CSS Website Templates From OSWD -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\50 Most Popular Fonts (Grafitti, Handwritten, Horror, & More -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\=Demonoid com= -The Best Clean Proper Windows XP Pro SP2 CORP (untouched) and key passes all wga ch.zip
    C:\Documents and Settings\HP_Owner\Shared\Advanced search.zip
    C:\Documents and Settings\HP_Owner\Shared\Amazing Peugeot Quark Concept Hi Res 10 Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Analytic Geometry for Colleges, Universities & Schools eBooK -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Art in Needlework Classic eBooK -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Audio books.zip
    C:\Documents and Settings\HP_Owner\Shared\Avatar 3x03 The Painted Lady subt esp SC avi.zip
    C:\Documents and Settings\HP_Owner\Shared\Avril Lavigne - Hot (Music Video ).zip
    C:\Documents and Settings\HP_Owner\Shared\Bee Movie [2007] All Res  Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Bigfish Games + Burger Shop + Precracked + Indianboy 2007.zip
    C:\Documents and Settings\HP_Owner\Shared\BricoPack Vista Inspirat Ultimate 2 (Vista Desktop Theme) -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Brooks & Dunn - Cowboy Town (2007).zip
    C:\Documents and Settings\HP_Owner\Shared\Browse categories.zip
    C:\Documents and Settings\HP_Owner\Shared\Chinese Shangai 2007 F1 (STAR-SPORTS)vppa100.zip
    C:\Documents and Settings\HP_Owner\Shared\Chinese Shangai 2007 F1 Grand Prix Star sports.zip
    C:\Documents and Settings\HP_Owner\Shared\Consumer Reports Magazine - October, 2007 pdf.zip
    C:\Documents and Settings\HP_Owner\Shared\Cops S20E06 HDTV XviD-STFU [eztv].zip
    C:\Documents and Settings\HP_Owner\Shared\Copyright policy.zip
    C:\Documents and Settings\HP_Owner\Shared\Country  Western.zip
    C:\Documents and Settings\HP_Owner\Shared\David Guetta Club FG Radio FG SAT 09-26-2007.zip
    C:\Documents and Settings\HP_Owner\Shared\Deana Carter - The Chain (2007 - ADVANCE).zip
    C:\Documents and Settings\HP_Owner\Shared\Ferrari F430 Scuderia Hi Res Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\FIFA 08 PAL FRENCH PS2DVD SWAPFiXED-RiPLEY.zip
    C:\Documents and Settings\HP_Owner\Shared\FIFA08 by Negresco 7.zip
    C:\Documents and Settings\HP_Owner\Shared\FIFA08 v1 0 No DVD Crack Eng rar.zip
    C:\Documents and Settings\HP_Owner\Shared\Fifteen Thousand Useful Phrases eBooK PDF Format-LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Gregorian Masters of Chant Chapter VI (2007)(320KB).zip
    C:\Documents and Settings\HP_Owner\Shared\greys anatomy s04e02 hdtv vostfr-LBP [all-series com].zip
    C:\Documents and Settings\HP_Owner\Shared\Greys Anatomy.zip
    C:\Documents and Settings\HP_Owner\Shared\Henley's Twentieth Century Formulas Recipes, Formulas & More -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Heroes S02E01 & S02E02  VOSTFR HDTV XVID avi rar.zip
    C:\Documents and Settings\HP_Owner\Shared\Heroes S02E03 HDTV XviD-XOR.zip
    C:\Documents and Settings\HP_Owner\Shared\Honda (Remix) New Concept Car 2007 20 Hi Res Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\How To Live With Your Teen-Ager 1953 eBooK -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Ice Spiders 2007 DVDRip XviD-VoMiT { www IPTorrents com }.zip
    C:\Documents and Settings\HP_Owner\Shared\IKEA 2008 Catalog 372 Pages -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Introduction to Infinite Series eBooK -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Jaguar R Coupe Concept 20 Hi Res Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\James Clerk Maxwell and Modern Physics eBooK -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Kaspersky 7 0 0 125 (working) + keygen.zip
    C:\Documents and Settings\HP_Owner\Shared\Kelly Brook Sexy Picture Collection.zip
    C:\Documents and Settings\HP_Owner\Shared\La Vengeance dans la peau.zip
    C:\Documents and Settings\HP_Owner\Shared\Les fils du vent french dvdrip.zip
    C:\Documents and Settings\HP_Owner\Shared\MadTV S13E04 Most Wanted PDTV XviD-2HD [eztv].zip
    C:\Documents and Settings\HP_Owner\Shared\Mercedes Mclaren SLR Roadster 20 Hi Res Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Mitsubishi Lancer EVO Prototype X 20 Hi Res Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Mobile Suit Gundam 00 - 01 mkv.zip
    C:\Documents and Settings\HP_Owner\Shared\narracao08br exe.zip
    C:\Documents and Settings\HP_Owner\Shared\National Heads Up Poker Championship 2007 Season 3 HDTV XviD COMPLETE.zip
    C:\Documents and Settings\HP_Owner\Shared\Need For Speed - Porsche Unleashed rar (this 1 is clean).zip
    C:\Documents and Settings\HP_Owner\Shared\nero 8 with serial and keygen[www.btscene.com].zip
    C:\Documents and Settings\HP_Owner\Shared\Nero-8 1 1 0 + keygen rarw.zip
    C:\Documents and Settings\HP_Owner\Shared\Nintendo DS.zip
    C:\Documents and Settings\HP_Owner\Shared\PC World November 2007  (FULL VERSION 168 pages).zip
    C:\Documents and Settings\HP_Owner\Shared\PDFTools Version  1 3 -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Planet Terror FRENCH DVDRiP XviD(MFG).zip
    C:\Documents and Settings\HP_Owner\Shared\Pokemon Diamond and Pearl - 1031 - The Grass-Type Is Always Greener! {C_P}.avi.zip
    C:\Documents and Settings\HP_Owner\Shared\Prepared Foods Magazine 2007 -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Prison Break S03E03 VOSTF by Crystall avi.zip
    C:\Documents and Settings\HP_Owner\Shared\Prison Break S03E04 Good Fences (Sneak Peak & Trailer Only).zip
    C:\Documents and Settings\HP_Owner\Shared\Prison Break.zip
    C:\Documents and Settings\HP_Owner\Shared\Privacy policy.zip
    C:\Documents and Settings\HP_Owner\Shared\Propellerheads Reason v4 0.zip
    C:\Documents and Settings\HP_Owner\Shared\PSP Game HotPixel English UMDFULL CSO245MB.zip
    C:\Documents and Settings\HP_Owner\Shared\Robin Hood S02E01 HDTV XviD-BiA [eztv].zip
    C:\Documents and Settings\HP_Owner\Shared\Sara Evans - Greatest Hits (2007 - ADVANCE).zip
    C:\Documents and Settings\HP_Owner\Shared\Search cloud.zip
    C:\Documents and Settings\HP_Owner\Shared\Search options.zip
    C:\Documents and Settings\HP_Owner\Shared\Shanghai Kiss 2007 DVDRip XviD-VoMiT (HAYDEN PANETTIERE!).zip
    C:\Documents and Settings\HP_Owner\Shared\Sherlock Holmes - With Carleton Hobbs - BBC Radio Full-Cast Drama Series - cheops.zip
    C:\Documents and Settings\HP_Owner\Shared\Show all of today.zip
    C:\Documents and Settings\HP_Owner\Shared\SpiderMan 3[2007]DvDrip AC3[Eng]-FLAiTE.zip
    C:\Documents and Settings\HP_Owner\Shared\Symantec Norton Software keygen crack [incl 2008 versions].zip
    C:\Documents and Settings\HP_Owner\Shared\The Batman 503 Vertigo [Moonsong].zip
    C:\Documents and Settings\HP_Owner\Shared\The Brunettes - Structure & Cosmetics [2007].zip
    C:\Documents and Settings\HP_Owner\Shared\The Heartbreak Kid 2007 TS-mVs (A UKB-KvCD By Paulx1).zip
    C:\Documents and Settings\HP_Owner\Shared\The Heartbreak Kid TS XViD-mVs { www IPTorrents com }.zip
    C:\Documents and Settings\HP_Owner\Shared\Trance  House  Dance.zip
    C:\Documents and Settings\HP_Owner\Shared\Try our new site Snotr.zip
    C:\Documents and Settings\HP_Owner\Shared\TV Guide Magazine Fall Preview Issue 2007 -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\TV shows.zip
    C:\Documents and Settings\HP_Owner\Shared\Unsolved Problems in Mathematical Systems and Control Theory PDF -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\Updates for Mininova and Snotr.zip
    C:\Documents and Settings\HP_Owner\Shared\Upload a torrent.zip
    C:\Documents and Settings\HP_Owner\Shared\Volkswagen New Beetle Ragster Concept Hi Res 19 Wallpapers -LegalTorrents.zip
    C:\Documents and Settings\HP_Owner\Shared\WAR (2007) DivX.zip
    C:\Documents and Settings\HP_Owner\Shared\Whistler S02E02 HDTV XviD-NODLABS [eztv].zip
    C:\Documents and Settings\HP_Owner\Shared\Windows - Kids Games.zip
    C:\Documents and Settings\HP_Owner\Shared\Windows - Other.zip
    C:\Documents and Settings\HP_Owner\Shared\Windows - Security.zip
    C:\Documents and Settings\HP_Owner\Shared\Windows - Sound Editing.zip
    C:\Documents and Settings\HP_Owner\Shared\WINRAR Password Cracker v4 01 WinALL CRACKED-ENERGY.zip
    C:\Documents and Settings\HP_Owner\Shared\Your Ad Here.zip
    C:\Documents and Settings\HP_Owner\Shared\[a f k ] Lucky Star - 24 avi.zip
    C:\Documents and Settings\HP_Owner\Shared\[Ayu] Umisho - 12 [6AF5C7DD] mkv.zip
    C:\Documents and Settings\HP_Owner\Shared\[Exclusive] Armin Van Buuren Presents A State of Trance Episode 320.zip
    C:\Documents and Settings\HP_Owner\Shared\[Exclusive] Fedde Le Grand - Essential Mix 09-23-07 Electro House Session.zip
    C:\Documents and Settings\HP_Owner\Shared\[Genjo] Blue Drop - 01 [XviD][7C1A7942] avi.zip
    C:\Documents and Settings\HP_Owner\Shared\[mp3-vrb-2007]Sugababes - Change[colombo-bt.org].zip
    C:\Documents and Settings\HP_Owner\Shared\[NDS]Mitsukete Keroro Gunsou Machigai Sagashi Daisakusen de arimasu[JAP][ESPALNDS com] zip.zip
    C:\Documents and Settings\HP_Owner\Shared\[P-O] Pokemon Diamond & Pearl 31 'The Grass-Type Is Always Greener!' [CN-AXQ-usotsuki] [87450FD6.zip
    C:\Documents and Settings\HP_Owner\Shared\[PC] Medal of Honor Airborne Update 1 1 [dopeman].zip
    C:\Documents and Settings\HP_Owner\Shared\[yesy] Magical Girl Lyrical Nanoha StrikerS - 25 [xvid mp3][A135DAD3] avi.zip
    C:\Documents and Settings\john\Desktop\games, music and gm6\UUV130zip.zip
    C:\EVERYTHING\music\(live) flight of the masked bandito 16.rar
    C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
    D:\I386\Apps\APP04719\src\CompaqPresario_Spring06.exe
    D:\I386\Apps\APP04719\src\HPPavillion_Spring06.exe
    [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please include the results of OTMoveIt and the requested DSS logs in your reply.
~ Octagonal ~

#7 Jls900

Jls900
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 06 May 2008 - 10:59 AM

Dude, all those things in HP_owner/shared aren't mine at all, I cant believe i've never noticed these before.

I'm guessing the virus downloaded all this illegal crap on my computer. Thats pretty scary. Can i just delete everything in the moved folder or is that not a good idea?

Well here are the logs, first is the MovedFiles log:

C:\Documents and Settings\HP_Owner\Desktop\junk\family-feud-online-party-setup.exe moved successfully.
C:\Documents and Settings\HP_Owner\Desktop\junk\internet_macro.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\(AniRena)[BSS] Kawaii! JeNny - 01 [640x480 XviD][MP3][3F52722A] avi.zip >
C:\Documents and Settings\HP_Owner\Shared\(AniRena)[BSS] Kawaii! JeNny - 01 [640x480 XviD][MP3][3F52722A] avi.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\- Select one -.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\2007 - Serj Tankian - Elect the Dead (3 songs).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\25 Hi Res Wallpapers of the Ford Mustang GTR Concept -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\50 Most Download CSS Website Templates From OSWD -LegalTorrents.zip moved successfully.
File/Folder C:\Documents and Settings\HP_Owner\Shared\50 Most Popular Fonts (Grafitti, Handwritten, Horror, & More -LegalTorrents.zip not found.
C:\Documents and Settings\HP_Owner\Shared\=Demonoid com= -The Best Clean Proper Windows XP Pro SP2 CORP (untouched) and key passes all wga ch.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Advanced search.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Amazing Peugeot Quark Concept Hi Res 10 Wallpapers -LegalTorrents.zip moved successfully.
File/Folder C:\Documents and Settings\HP_Owner\Shared\Analytic Geometry for Colleges, Universities & Schools eBooK -LegalTorrents.zip not found.
C:\Documents and Settings\HP_Owner\Shared\Art in Needlework Classic eBooK -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Audio books.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Avatar 3x03 The Painted Lady subt esp SC avi.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Avril Lavigne - Hot (Music Video ).zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\Bee Movie [2007] All Res Wallpapers -LegalTorrents.zip >
C:\Documents and Settings\HP_Owner\Shared\Bee Movie [2007] All Res Wallpapers -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Bigfish Games + Burger Shop + Precracked + Indianboy 2007.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\BricoPack Vista Inspirat Ultimate 2 (Vista Desktop Theme) -LegalTorrents.zip moved successfully.
File/Folder C:\Documents and Settings\HP_Owner\Shared\Brooks & Dunn - Cowboy Town (2007).zip not found.
C:\Documents and Settings\HP_Owner\Shared\Browse categories.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Chinese Shangai 2007 F1 (STAR-SPORTS)vppa100.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Chinese Shangai 2007 F1 Grand Prix Star sports.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Consumer Reports Magazine - October, 2007 pdf.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\Cops S20E06 HDTV XviD-STFU [eztv].zip >
C:\Documents and Settings\HP_Owner\Shared\Cops S20E06 HDTV XviD-STFU [eztv].zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Copyright policy.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Country Western.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\David Guetta Club FG Radio FG SAT 09-26-2007.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Deana Carter - The Chain (2007 - ADVANCE).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Ferrari F430 Scuderia Hi Res Wallpapers -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\FIFA 08 PAL FRENCH PS2DVD SWAPFiXED-RiPLEY.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\FIFA08 by Negresco 7.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\FIFA08 v1 0 No DVD Crack Eng rar.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Fifteen Thousand Useful Phrases eBooK PDF Format-LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Gregorian Masters of Chant Chapter VI (2007)(320KB).zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\greys anatomy s04e02 hdtv vostfr-LBP [all-series com].zip >
C:\Documents and Settings\HP_Owner\Shared\greys anatomy s04e02 hdtv vostfr-LBP [all-series com].zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Greys Anatomy.zip moved successfully.
File/Folder C:\Documents and Settings\HP_Owner\Shared\Henley's Twentieth Century Formulas Recipes, Formulas & More -LegalTorrents.zip not found.
File/Folder C:\Documents and Settings\HP_Owner\Shared\Heroes S02E01 & S02E02 VOSTFR HDTV XVID avi rar.zip not found.
C:\Documents and Settings\HP_Owner\Shared\Heroes S02E03 HDTV XviD-XOR.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Honda (Remix) New Concept Car 2007 20 Hi Res Wallpapers -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\How To Live With Your Teen-Ager 1953 eBooK -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Ice Spiders 2007 DVDRip XviD-VoMiT { www IPTorrents com }.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\IKEA 2008 Catalog 372 Pages -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Introduction to Infinite Series eBooK -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Jaguar R Coupe Concept 20 Hi Res Wallpapers -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\James Clerk Maxwell and Modern Physics eBooK -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Kaspersky 7 0 0 125 (working) + keygen.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Kelly Brook Sexy Picture Collection.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\La Vengeance dans la peau.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Les fils du vent french dvdrip.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\MadTV S13E04 Most Wanted PDTV XviD-2HD [eztv].zip >
C:\Documents and Settings\HP_Owner\Shared\MadTV S13E04 Most Wanted PDTV XviD-2HD [eztv].zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Mercedes Mclaren SLR Roadster 20 Hi Res Wallpapers -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Mitsubishi Lancer EVO Prototype X 20 Hi Res Wallpapers -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Mobile Suit Gundam 00 - 01 mkv.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\narracao08br exe.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\National Heads Up Poker Championship 2007 Season 3 HDTV XviD COMPLETE.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Need For Speed - Porsche Unleashed rar (this 1 is clean).zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\nero 8 with serial and keygen[www.btscene.com].zip >
C:\Documents and Settings\HP_Owner\Shared\nero 8 with serial and keygen[www.btscene.com].zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Nero-8 1 1 0 + keygen rarw.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Nintendo DS.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\PC World November 2007 (FULL VERSION 168 pages).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\PDFTools Version 1 3 -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Planet Terror FRENCH DVDRiP XviD(MFG).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Pokemon Diamond and Pearl - 1031 - The Grass-Type Is Always Greener! {C_P}.avi.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Prepared Foods Magazine 2007 -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Prison Break S03E03 VOSTF by Crystall avi.zip moved successfully.
File/Folder C:\Documents and Settings\HP_Owner\Shared\Prison Break S03E04 Good Fences (Sneak Peak & Trailer Only).zip not found.
C:\Documents and Settings\HP_Owner\Shared\Prison Break.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Privacy policy.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Propellerheads Reason v4 0.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\PSP Game HotPixel English UMDFULL CSO245MB.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\Robin Hood S02E01 HDTV XviD-BiA [eztv].zip >
C:\Documents and Settings\HP_Owner\Shared\Robin Hood S02E01 HDTV XviD-BiA [eztv].zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Sara Evans - Greatest Hits (2007 - ADVANCE).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Search cloud.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Search options.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Shanghai Kiss 2007 DVDRip XviD-VoMiT (HAYDEN PANETTIERE!).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Sherlock Holmes - With Carleton Hobbs - BBC Radio Full-Cast Drama Series - cheops.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Show all of today.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\SpiderMan 3[2007]DvDrip AC3[Eng]-FLAiTE.zip >
C:\Documents and Settings\HP_Owner\Shared\SpiderMan 3[2007]DvDrip AC3[Eng]-FLAiTE.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\Symantec Norton Software keygen crack [incl 2008 versions].zip >
C:\Documents and Settings\HP_Owner\Shared\Symantec Norton Software keygen crack [incl 2008 versions].zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\The Batman 503 Vertigo [Moonsong].zip >
C:\Documents and Settings\HP_Owner\Shared\The Batman 503 Vertigo [Moonsong].zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\The Brunettes - Structure & Cosmetics [2007].zip >
File/Folder C:\Documents and Settings\HP_Owner\Shared\The Brunettes - Structure & Cosmetics [2007].zip not found.
C:\Documents and Settings\HP_Owner\Shared\The Heartbreak Kid 2007 TS-mVs (A UKB-KvCD By Paulx1).zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\The Heartbreak Kid TS XViD-mVs { www IPTorrents com }.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Trance House Dance.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Try our new site Snotr.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\TV Guide Magazine Fall Preview Issue 2007 -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\TV shows.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Unsolved Problems in Mathematical Systems and Control Theory PDF -LegalTorrents.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Updates for Mininova and Snotr.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Upload a torrent.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Volkswagen New Beetle Ragster Concept Hi Res 19 Wallpapers -LegalTorrents.zip moved successfully.
File/Folder C:\Documents and Settings\HP_Owner\Shared\WAR (2007) DivX.zip not found.
< C:\Documents and Settings\HP_Owner\Shared\Whistler S02E02 HDTV XviD-NODLABS [eztv].zip >
C:\Documents and Settings\HP_Owner\Shared\Whistler S02E02 HDTV XviD-NODLABS [eztv].zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Windows - Kids Games.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Windows - Other.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Windows - Security.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Windows - Sound Editing.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\WINRAR Password Cracker v4 01 WinALL CRACKED-ENERGY.zip moved successfully.
C:\Documents and Settings\HP_Owner\Shared\Your Ad Here.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[a f k ] Lucky Star - 24 avi.zip >
C:\Documents and Settings\HP_Owner\Shared\[a f k ] Lucky Star - 24 avi.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[Ayu] Umisho - 12 [6AF5C7DD] mkv.zip >
C:\Documents and Settings\HP_Owner\Shared\[Ayu] Umisho - 12 [6AF5C7DD] mkv.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[Exclusive] Armin Van Buuren Presents A State of Trance Episode 320.zip >
C:\Documents and Settings\HP_Owner\Shared\[Exclusive] Armin Van Buuren Presents A State of Trance Episode 320.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[Exclusive] Fedde Le Grand - Essential Mix 09-23-07 Electro House Session.zip >
C:\Documents and Settings\HP_Owner\Shared\[Exclusive] Fedde Le Grand - Essential Mix 09-23-07 Electro House Session.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[Genjo] Blue Drop - 01 [XviD][7C1A7942] avi.zip >
C:\Documents and Settings\HP_Owner\Shared\[Genjo] Blue Drop - 01 [XviD][7C1A7942] avi.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[mp3-vrb-2007]Sugababes - Change[colombo-bt.org].zip >
C:\Documents and Settings\HP_Owner\Shared\[mp3-vrb-2007]Sugababes - Change[colombo-bt.org].zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[NDS]Mitsukete Keroro Gunsou Machigai Sagashi Daisakusen de arimasu[JAP][ESPALNDS com] zip.zip >
C:\Documents and Settings\HP_Owner\Shared\[NDS]Mitsukete Keroro Gunsou Machigai Sagashi Daisakusen de arimasu[JAP][ESPALNDS com] zip.zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[P-O] Pokemon Diamond & Pearl 31 'The Grass-Type Is Always Greener!' [CN-AXQ-usotsuki] [87450FD6.zip >
File/Folder C:\Documents and Settings\HP_Owner\Shared\[P-O] Pokemon Diamond & Pearl 31 'The Grass-Type Is Always Greener!' [CN-AXQ-usotsuki] [87450FD6.zip not found.
< C:\Documents and Settings\HP_Owner\Shared\[PC] Medal of Honor Airborne Update 1 1 [dopeman].zip >
C:\Documents and Settings\HP_Owner\Shared\[PC] Medal of Honor Airborne Update 1 1 [dopeman].zip moved successfully.
< C:\Documents and Settings\HP_Owner\Shared\[yesy] Magical Girl Lyrical Nanoha StrikerS - 25 [xvid mp3][A135DAD3] avi.zip >
C:\Documents and Settings\HP_Owner\Shared\[yesy] Magical Girl Lyrical Nanoha StrikerS - 25 [xvid mp3][A135DAD3] avi.zip moved successfully.
C:\Documents and Settings\john\Desktop\games, music and gm6\UUV130zip.zip moved successfully.
C:\EVERYTHING\music\(live) flight of the masked bandito 16.rar moved successfully.
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe moved successfully.
D:\I386\Apps\APP04719\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\Apps\APP04719\src\HPPavillion_Spring06.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_115127

Then main.txt

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-05-06 11:55:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2008-05-06 15:56:05 UTC - RP681 - Deckard's System Scanner Restore Point
68: 2008-05-05 01:53:02 UTC - RP680 - Installed SUPERAntiSpyware Free Edition
67: 2008-05-05 01:40:05 UTC - RP679 - ComboFix created restore point
66: 2008-05-04 15:20:28 UTC - RP678 - ComboFix created restore point
65: 2008-05-04 00:43:49 UTC - RP677 - Uniblue RegistryBooster


-- First Restore Point --
1: 2008-04-29 17:55:55 UTC - RP613 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:53 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\DOCUME~1\HP_Owner\Desktop\ANTI-V~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {38617DDB-E01A-48B6-B21D-89456E1B31A1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXRKExw - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8687 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&FB75CB&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&FB75CB&0&18A4
Service: RTL8023xp


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-04 23:22:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 23:22:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 21:53:44 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-04 21:53:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 21:53:04 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-05-04 21:52:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 11:19:33 68096 --a------ C:\WINDOWS\zip.exe
2008-05-04 11:19:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-04 11:19:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-04 11:19:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-04 11:19:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-04 11:19:33 98816 --a------ C:\WINDOWS\sed.exe
2008-05-04 11:19:33 80412 --a------ C:\WINDOWS\grep.exe
2008-05-04 11:19:33 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-03 21:14:38 0 d-------- C:\Program Files\Adware Away
2008-05-03 20:39:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-03 19:21:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 19:07:41 0 d-------- C:\New Folder
2008-05-01 16:26:06 0 d-------- C:\Program Files\Common Files\qkof
2008-05-01 16:26:05 0 d-------- C:\WINDOWS\qkof
2008-04-30 21:11:05 0 d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-04-30 14:30:20 0 d-------- C:\Program Files\Alwil Software
2008-04-30 14:00:32 0 d-------- C:\Program Files\Svconr
2008-04-29 13:53:16 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\MilkShape 3D 1.x.x
2008-04-29 13:52:30 0 d-------- C:\Program Files\MilkShape 3D 1.8.2
2008-04-11 19:15:20 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Anvil Studio


-- Find3M Report ---------------------------------------------------------------

2008-05-04 21:52:17 0 d-------- C:\Program Files\Common Files
2008-05-02 14:45:41 0 d-------- C:\Program Files\Plaxo
2008-04-29 19:00:51 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\gtk-2.0
2008-04-27 16:18:32 0 d-------- C:\Program Files\Steam
2008-04-24 13:40:23 0 d-------- C:\Program Files\AgeOfTime <AGEOFT~1>
2008-04-13 21:13:00 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2008-04-12 13:15:12 0 d-------- C:\Program Files\DominateGame
2008-04-08 11:38:02 0 d-------- C:\Program Files\AgeOfTime_0003
2008-03-25 09:57:34 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38617DDB-E01A-48B6-B21D-89456E1B31A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 07:35 PM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [09/21/2005 06:41 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 03:12 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe" [05/09/2006 08:24 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/05/2006 02:34 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [11/21/2006 01:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 05:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/12/2007 03:32 PM]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [4/22/2007 6:18:09 PM]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [3/7/2006 12:44:57 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRKExw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-05-06 11:57:31 ------------

finally heres extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3400+
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 446.48 MiB / 127.54 MiB
Pagefile Memory (total/avail): 1052.58 MiB / 732.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.96 MiB

C: is Fixed (NTFS) - 29.25 GiB total, 8.6 GiB free.
D: is Fixed (FAT32) - 8 GiB total, 2.42 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BD-60LRA0 - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB - D:
\PARTITION1 (bootable) - Installable File System - 29.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1169 [VPS 080505-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Blockland\\Blockland.exe"="C:\\Program Files\\Blockland\\Blockland.exe:*:Enabled:Blockland"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\john\\Desktop\\Copy of Copy of Blockland junk222\\blockLand.exe"="C:\\Documents and Settings\\john\\Desktop\\Copy of Copy of Blockland junk222\\blockLand.exe:*:Enabled:blockLand"
"C:\\Documents and Settings\\john\\Desktop\\Copy (2) of Copy of Blockland junk222\\blockLand.exe"="C:\\Documents and Settings\\john\\Desktop\\Copy (2) of Copy of Blockland junk222\\blockLand.exe:*:Enabled:blockLand"
"C:\\Documents and Settings\\john\\Desktop\\Main BL\\blockLand.exe"="C:\\Documents and Settings\\john\\Desktop\\Main BL\\blockLand.exe:*:Enabled:blockLand"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Program Files\\Yahoo! Games\\Tradewinds\\tradewinds.exe"="C:\\Program Files\\Yahoo! Games\\Tradewinds\\tradewinds.exe:*:Enabled:tradewinds"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Documents and Settings\\john\\Desktop\\AoTv3Patch\\AgeOfTime_0003\\AgeOfTime.exe"="C:\\Documents and Settings\\john\\Desktop\\AoTv3Patch\\AgeOfTime_0003\\AgeOfTime.exe:*:Enabled:AgeOfTime"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\AgeOfTime_0003\\AgeOfTime.exe"="C:\\Program Files\\AgeOfTime_0003\\AgeOfTime.exe:*:Enabled:AgeOfTime"
"C:\\Documents and Settings\\HP_Owner\\Desktop\\AgeOfTime\\AgeOfTime.exe"="C:\\Documents and Settings\\HP_Owner\\Desktop\\AgeOfTime\\AgeOfTime.exe:*:Enabled:AgeOfTime"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOHN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\JOHN
MAYA_SCRIPT_PATH=C:\PROGRAM FILES\NATURALMOTION\ENDORPHIN 2.6.1 LEARNING EDITION\RESOURCES\THIRD PARTY\SCRIPTS\MAYA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\VAIOXP\Libraries
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=JOHN
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
VAIO=C:\Program Files\VAIOXP\Libraries\
VAIOTOOLS=C:\Program Files\VAIOXP\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
daniel (admin)
john (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adware Away v3.1.4.7 --> "C:\Program Files\Adware Away\unins000.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Air Bubbles 1.0 --> "C:\Program Files\Air Bubbles\unins000.exe"
Amara - Flash Intro and Banner Builder --> "C:\Program Files\Amara - Flash Intro and Banner Builder\uninstall.exe"
Anvil Studio --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Anvil Studio\ST5UNST.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AstroPop Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\87B95621-8B77-4248-A17F-281B3DA1C34F\Uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio MP3 Editor 2.20 --> "C:\Program Files\Audio MP3 Editor\unins000.exe"
Audiosurf Beta --> "C:\Program Files\Audiosurf\unins000.exe"
Aurora Media Workshop 3.3.18 --> "C:\Program Files\Aurora Media Workshop\unins000.exe"
AV Voice Changer Software 6.0 --> C:\PROGRA~1\AVVCS6~1.0\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0\INSTALL.LOG
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AWicons Pro --> C:\Program Files\AWicons Pro\uninstall.exe C:\Program Files\AWicons Pro\uninstall.log
Barnyard Invasion from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5253F22E-D4B6-49B7-9106-28D9C5395F22\Uninstall.exe"
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502\Uninstall.exe"
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47298745-7194-4142-AFDA-8BE2EDFDF82E\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
BOWEP setup --> C:\bowep\disk1\Uninstal.exe
CB Model Pro 1.0 beta --> "C:\Program Files\CB Model Pro\unins000.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dog2 Screen Saver --> C:\WINDOWS\dog2.scr /u
DominateGame 20050929 (dominate) --> C:\PROGRA~1\DOMINA~1\Setup.exe /remove
Ease Audio Converter 3.70 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Easy Icon Maker 3.0 --> "C:\Program Files\Easy Icon Maker\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Family Feud --> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FamilyFeudOnlineParty (remove only) --> "C:\Program Files\iWin.com\FamilyFeudOnlineParty\Uninstall.exe"
Fiddler2 (remove only) --> "C:\Program Files\Fiddler2\uninst.exe"
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Fraps --> "C:\Fraps\uninstall.exe"
Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe"
Fun Morph 2.3 --> "C:\Program Files\Zeallsoft\Fun Morph\unins000.exe"
Game Maker 5.3A --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker5\UnInst.log" "/APPNAME=Game Maker 5.3A"
Game Maker 6.1 --> C:\Program Files\Game_Maker6\Uninstal.exe
Game Maker 7.0 --> C:\Program Files\Game_Maker7\Uninstal.exe
Game Maker 7.0 BETA --> C:\Program Files\Game_Maker7\Uninstal.exe
Game Maker 7.0 BETA2 --> C:\Program Files\Game_Maker7\Uninstal.exe
Gobby 0.4.1 --> "C:\Program Files\Gobby\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
gtkmm Runtime Environment 2.8 --> C:\Program Files\Common Files\GTK\2.0\gtkmm-uninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe" /uninstall
HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Overview --> "C:\WINDOWS\unins000.exe"
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\010D7E30-8019-4477-AE7C-BFBBDE570CB9\Uninstall.exe"
Internet Macros V4.30 --> "C:\Program Files\InternetMacros\unins000.exe"
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe"
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lemonade Tycoon 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D5213E54-5A45-4DB4-80FB-D55B98303F0B\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E2A4EA31-80A1-4460-9510-631AF4D6A636\Uninstall.exe"
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveSwif lite 2.1 (Remove only) --> "C:\Program Files\LiveSwif\LiveSwif lite 2.1\Uninst.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MilkShape 3D 1.8.2 --> "C:\Program Files\MilkShape 3D 1.8.2\uninstall.exe"
MixPad --> C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
Move Networks Player for Firefox --> "C:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (1.5) --> C:\Program Files\firefoxold\uninstall\uninstall.exe /ua "1.5 (en-US)"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
NaturalMotion endorphin 2.6.1 --> "C:\Program Files\NaturalMotion\endorphin 2.6.1 Learning Edition\unins000.exe"
Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Plasma Pong v1.3b --> "C:\Program Files\Plasma Pong\unins000.exe"
Plaxo Toolbar for Outlook (with AIM Enhancements) --> C:\Program Files\Plaxo\2.13.1.3\uninstall.exe
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Polar Golfer from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe"
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
Puzzle Express from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BA910432-2C22-4BB8-9D13-46170F52C5AC\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Real Desktop 1.15 --> "C:\Program Files\Real Desktop\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordPad Sound Recorder --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
Remove IntelliMover Demo --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
SCRABBLE from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D3203C96-6C76-43D6-A3D0-5DD6A0732E83\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shooting Stars Pool from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\14DD9322-0AAE-4DA4-90A9-EB42CF296127\Uninstall.exe"
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\703E3900-69DA-47C9-9768-C6514098F149\Uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
Super Granny from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
The GIMP 2.2.13 --> "C:\Program Files\GIMP-2.0\unins000.exe"
The Jazz Midi Sequencer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JazzWare\Uninst.isu"
Tradewinds (remove only) --> "C:\Program Files\Yahoo! Games\Tradewinds\Uninstall.exe"
Tradewinds 2 (remove only) --> "C:\Program Files\Sandlot\Tradewinds 2\Uninstall.exe"
Tradewinds 2 Free Trial --> C:\PROGRA~1\TRADEW~1\UNWISE.EXE C:\PROGRA~1\TRADEW~1\INSTALL.LOG
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
TweakWindow --> "C:\Program Files\TweakWindow\unins000.exe"
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VAIOXP --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Versal FileDownload ActiveX Control Trial Version --> C:\Program Files\Universal\UFileDownloadD\USetup.exe
Video To Audio Cutter 1.00 --> "C:\Program Files\Hifisoftware\Video To Audio Cutter\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Voice and Speech Recognition Software --> MsiExec.exe /I{CE2E3388-7FF1-481A-80AA-52573E63E3EE}
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Waver Version 2.95 --> "C:\Program Files\Flop\Waver\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zuma Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C29C53B5-0143-459F-99B5-137E484A78D9\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4408 / Error
Event Submitted/Written: 05/05/2008 03:44:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ageoftime.exe, version 0.0.0.0, faulting module ageoftime.exe, version 0.0.0.0, fault address 0x00049198.
Processing media-specific event for [ageoftime.exe!ws!]

Event Record #/Type4407 / Error
Event Submitted/Written: 05/05/2008 00:13:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ageoftime.exe, version 0.0.0.0, faulting module ageoftime.exe, version 0.0.0.0, fault address 0x00049198.
Processing media-specific event for [ageoftime.exe!ws!]

Event Record #/Type4401 / Error
Event Submitted/Written: 05/05/2008 03:19:22 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application inkball.exe, version 1.0.2201.0, faulting module inkball.exe, version 1.0.2201.0, fault address 0x0000b53d.
Processing media-specific event for [inkball.exe!ws!]

Event Record #/Type4400 / Warning
Event Submitted/Written: 05/05/2008 03:19:21 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature' failed during request for component '{A4AD656D-72E9-43A7-9DD0-E5F6AF438E72}'

Event Record #/Type4399 / Warning
Event Submitted/Written: 05/05/2008 03:19:21 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature', component '{9F47ECA8-A740-EC80-1AE2-C48048D83AA4}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Journal Viewer\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type72413 / Error
Event Submitted/Written: 05/06/2008 11:40:37 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Event Record #/Type72412 / Error
Event Submitted/Written: 05/06/2008 11:40:35 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Event Record #/Type72411 / Error
Event Submitted/Written: 05/06/2008 11:40:35 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Event Record #/Type72410 / Error
Event Submitted/Written: 05/06/2008 11:40:35 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.

Event Record #/Type72409 / Error
Event Submitted/Written: 05/06/2008 11:40:35 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-05-06 11:57:31 ------------

#8 Octagonal

Octagonal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 07 May 2008 - 07:21 AM

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

Folder::

Driver::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
In your next post include the VundoFix results, Combofix.txt, a fresh HijackThis log and let me know how the computer is behaving.
~ Octagonal ~

#9 Jls900

Jls900
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 07 May 2008 - 04:41 PM

VundoFix did not find any infected files it said, and heres the ComboFix and HJT logs.

ComboFix 08-05-01.3 - HP_Owner 2008-05-07 13:10:18.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.139 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-07 11:52 . 2008-05-07 11:52 <DIR> d-------- C:\VundoFix Backups
2008-05-06 11:55 . 2008-05-06 11:55 <DIR> d-------- C:\Deckard
2008-05-06 11:51 . 2008-05-06 11:51 <DIR> d-------- C:\_OTMoveIt
2008-05-04 23:22 . 2008-05-04 23:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 23:22 . 2008-05-04 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 21:53 . 2008-05-04 21:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 21:53 . 2008-05-04 21:53 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-05-04 21:53 . 2008-05-04 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-04 21:52 . 2008-05-04 21:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 21:14 . 2008-05-03 21:16 <DIR> d-------- C:\Program Files\Adware Away
2008-05-03 20:39 . 2008-05-03 20:39 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-03 19:51 . 2008-05-03 19:54 221 --a------ C:\WINDOWS\wininit.ini
2008-05-03 19:21 . 2008-05-03 19:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 19:21 . 2008-05-03 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 19:07 . 2008-05-03 19:07 <DIR> d-------- C:\New Folder
2008-05-01 16:26 . 2008-05-01 16:26 <DIR> d-------- C:\WINDOWS\qkof
2008-05-01 16:26 . 2008-05-03 18:12 <DIR> d-------- C:\Program Files\Common Files\qkof
2008-04-30 21:11 . 2008-04-30 21:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-04-30 14:30 . 2008-04-30 14:30 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-30 14:00 . 2008-04-30 14:00 <DIR> d-------- C:\Program Files\Svconr
2008-04-30 13:06 . 2008-04-30 14:22 109,771 --a------ C:\WINDOWS\BM38027741.xml
2008-04-29 13:53 . 2008-04-29 13:59 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\MilkShape 3D 1.x.x
2008-04-29 13:52 . 2008-04-29 13:52 <DIR> d-------- C:\Program Files\MilkShape 3D 1.8.2
2008-04-17 14:20 . 2008-05-07 01:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 14:20 . 2008-04-17 14:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 19:15 . 2008-04-11 19:15 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Anvil Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 16:02 --------- d-----w C:\Program Files\AgeOfTime
2008-05-04 17:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 18:45 --------- d-----w C:\Program Files\Plaxo
2008-04-29 23:00 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\gtk-2.0
2008-04-27 20:18 --------- d-----w C:\Program Files\Steam
2008-04-17 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\YoYoGames
2008-04-14 01:13 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\BitTorrent
2008-04-12 17:15 --------- d-----w C:\Program Files\DominateGame
2008-04-08 15:38 --------- d-----w C:\Program Files\AgeOfTime_0003
2008-03-25 13:57 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-09-24 17:05 803 ----a-w C:\Documents and Settings\john\Application Data\waver_2.95.dat
2006-08-21 19:26 519 ----a-w C:\Documents and Settings\john\coindata.dat
2006-06-14 17:15 778 ----a-w C:\Documents and Settings\john\sktvars.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-04_11.39.53.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 15:30:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 15:46:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-07 15:46:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38617DDB-E01A-48B6-B21D-89456E1B31A1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 15:32 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 06:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 03:12 49152]
"HostManager"="C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe" [2006-05-09 20:24 50760]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-05 02:34 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 13:38 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-04-22 18:18:09 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-03-07 12:44:57 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRKExw]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1144115754\\ee\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Blockland\\Blockland.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Documents and Settings\\john\\Desktop\\Copy of Copy of Blockland junk222\\blockLand.exe"=
"C:\\Documents and Settings\\john\\Desktop\\Copy (2) of Copy of Blockland junk222\\blockLand.exe"=
"C:\\Documents and Settings\\john\\Desktop\\Main BL\\blockLand.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Yahoo! Games\\Tradewinds\\tradewinds.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Documents and Settings\\john\\Desktop\\AoTv3Patch\\AgeOfTime_0003\\AgeOfTime.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\AgeOfTime_0003\\AgeOfTime.exe"=
"C:\\Documents and Settings\\HP_Owner\\Desktop\\AgeOfTime\\AgeOfTime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME
*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 13:14:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-07 13:18:58
ComboFix-quarantined-files.txt 2008-05-07 17:18:15
ComboFix2.txt 2008-05-05 01:48:39
ComboFix3.txt 2008-05-04 15:40:22

Pre-Run: 9,118,187,520 bytes free
Post-Run: 9,154,801,664 bytes free

161 --- E O F --- 2008-04-11 05:39:20

And heres the new Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:34 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Owner\Desktop\Anti-virus stoof\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {38617DDB-E01A-48B6-B21D-89456E1B31A1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144115754\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXRKExw - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8753 bytes


And as for my computers behavior, it appears to me that all the symptoms of the malware are gone. Its been running as it was before, I'm not sure whether its still hiding in my computer and will show up again later though.

#10 Octagonal

Octagonal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 08 May 2008 - 06:37 AM

Let's install the updated version of Java and do a few clean-ups.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {38617DDB-E01A-48B6-B21D-89456E1B31A1} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O20 - Winlogon Notify: cbXRKExw - C:\WINDOWS\
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Close HijackThis

Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Just to be sure that these folders are gone.

Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b]C:\Program Files\QdrPack
    C:\Program Files\Viewpoint
    [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post a fresh HijackThis log for me to review.

I notice that you also have two other log-in accounts on that system. Could you please log in with each of those accounts and scan with HijackThis and post the results of the scans. Title each of the scans with "Log from John" and "Log from Daniel"

Please post the OTMoveIt2 results and the 3 HijackThis logs in your next reply.
~ Octagonal ~

#11 Octagonal

Octagonal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 18 May 2008 - 07:01 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
~ Octagonal ~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users