PDA

View Full Version : help me please



kushums
2007-07-01, 11:46
:sick: and tired of this vundo spyware please help


Logfile of HijackThis v1.99.1
Scan saved at 1:45:19 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\jbihrpmi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {240804B7-27BD-42F0-B3EB-E847074EC498} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\update.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\update.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183271380109
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\jbihrpmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Shaba
2007-07-02, 12:13
Hi kushums

1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

kushums
2007-07-02, 19:57
hey thanks a lot bud i aprediate the help





2006-12-07 20:23 147456 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir
2007-04-10 10:30 91648 --a------ C:\Qoobox\Quarantine\C\WINDOWS\inf\kbdb32.dll.vir
2007-04-11 20:20 123 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\desktop.ini.vir
2007-04-11 20:21 15009 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\HP_Owner\APPLIC~1\Microsoft\20509.dat.vir
2007-05-03 17:04 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\HP_Owner\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-05-09 13:14 32768 --a------ C:\Qoobox\Quarantine\C\WINDOWS\NOTEDAD.EXE.vir
2007-05-12 17:20 436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-06-06 10:35 618496 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir
2007-06-09 13:13 1230528 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\update.exe.vir
2007-06-29 23:26 36352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\poolsv.exe.vir
2007-06-29 23:30 0 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
2007-06-29 23:30 20 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode.vir
2007-06-29 23:30 5 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr.vir
2007-06-29 23:30 79872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\FOPN.sys.vir
2007-06-29 23:31 1815 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\HP_Owner\APPLIC~1\WinAntiSpyware 2007\Logs\update.log.vir
2007-06-29 23:40 122900 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jbihrpmi.exe.vir
2007-07-01 17:59 36864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\Explorer.exe.vir
2007-07-02 09:47 1098 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
2007-07-02 09:47 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf


Folder PATH listing for volume HP_PAVILION
Volume serial number is 1C37-0926
C:\QOOBOX
\---Quarantine
+---C
| +---Documents and Settings
| | \---All Users
| | \---Documents
| | \---Settings
| | desktop.ini.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | | \---WinAntiSpyware 2007
| | | \---Data
| | | Abbr.vir
| | | ProductCode.vir
| | |
| | \---HP_Owner
| | \---APPLIC~1
| | +---Macromedia
| | | \---Flash Player
| | | \---macromedia.com
| | | \---support
| | | \---flashplayer
| | | \---sys
| | | \---#www.broadcaster.com
| | | settings.sol.vir
| | |
| | +---Microsoft
| | | 20509.dat.vir
| | |
| | \---WinAntiSpyware 2007
| | \---Logs
| | update.log.vir
| |
| +---Program Files
| | \---Common Files
| | \---WinAntiSpyware 2007
| | err.log.vir
| | uwas7cw.exe.vir
| | WAS7Mon.exe.vir
| |
| \---WINDOWS
| | NOTEDAD.EXE.vir
| | poolsv.exe.vir
| | wr.txt.vir
| |
| +---inf
| | kbdb32.dll.vir
| |
| \---system32
| | Explorer.exe.vir
| | jbihrpmi.exe.vir
| | update.exe.vir
| |
| \---drivers
| FOPN.sys.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
services_DomainService.reg.cf





Logfile of HijackThis v1.99.1
Scan saved at 09:56, on 2007-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\ComboFix\catchme.cfexe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {240804B7-27BD-42F0-B3EB-E847074EC498} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\update.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183280723531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183280716781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Shaba
2007-07-02, 20:02
Hi

Please post also contents of c:\ComboFix.txt :)

kushums
2007-07-02, 20:04
ok sorry here it is

HP_Owner" - 2007-07-02 9:44:51 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\HP_Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\3KJQ6T6G\www.broadcaster.com
C:\DOCUME~1\HP_Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\HP_Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\HP_Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\HP_Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\HP_Owner\APPLIC~1\Microsoft\20509.dat
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\Common Files\{1C370~1
C:\Program Files\Common Files\{1C370~2
C:\Program Files\Common Files\{3C370~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\WINDOWS\inf\kbdb32.dll
C:\WINDOWS\notedad.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\jbihrpmi.exe
C:\WINDOWS\system32\update.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 09:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 21:15 <DIR> dr-h----- C:\DOCUME~1\HP_Owner\APPLIC~1\SecuROM
2007-07-01 21:14 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-07-01 21:08 <DIR> d-------- C:\Program Files\Tomb Raider - Anniversary
2007-07-01 13:26 <DIR> d-------- C:\Program Files\Activision
2007-06-30 23:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-30 23:41 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-30 23:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-06-30 23:39 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-30 23:32 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-30 23:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-29 23:37 4,628 --a------ C:\WINDOWS\system32\ldqdxkjy.exe
2007-06-29 19:33 <DIR> d-------- C:\Program Files\Nero
2007-06-29 19:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-29 15:43 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Ahead
2007-06-29 11:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-28 22:46 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-28 21:50 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll
2007-06-28 21:50 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2007-06-28 21:50 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2007-06-28 21:50 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-28 21:50 16,877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys
2007-06-28 21:50 <DIR> d-------- C:\Program Files\XviD
2007-06-28 21:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-28 12:36 <DIR> d-------- C:\WINDOWS\speech
2007-06-28 12:36 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-06-28 12:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-06-27 13:29 <DIR> d-------- C:\WINDOWS\Lhsp
2007-06-27 00:11 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-06-25 09:51 2,048 --a------ C:\WINDOWS\winrmv.exe
2007-06-20 19:14 <DIR> d-------- C:\Program Files\Driver-Soft
2007-06-18 22:58 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-06-18 21:14 <DIR> d-------- C:\Program Files\DivX
2007-06-18 10:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-06-17 15:04 <DIR> d-------- C:\WINDOWS\nview
2007-06-17 14:58 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-17 14:58 <DIR> d-------- C:\NVIDIA
2007-06-16 11:18 <DIR> C:\WINDOWS\Mafia
2007-06-16 11:18 <DIR> C:\Program Files\Mafia
2007-06-07 12:10 20,480 --a------ C:\WINDOWS\system32\ac3config.exe
2007-06-05 21:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-03 21:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 10:29 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ArtificialStudios


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 16:47:45 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-07-01 20:34:36 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 18:08:13 -------- d-----w C:\Program Files\QuickTime
2007-06-28 19:36:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\dvdcss
2007-06-28 19:35:43 -------- d-----w C:\Program Files\Google
2007-06-17 20:37:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 03:21:16 -------- d-----w C:\Program Files\RegCure
2007-06-01 22:08:26 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Image Zone Express
2007-05-27 21:21:38 117,158 ----a-w C:\WINDOWS\hpoins11.dat
2007-05-27 21:16:26 -------- d-----w C:\Program Files\Common Files\HP
2007-05-27 21:12:46 -------- d-----w C:\Program Files\HP
2007-05-27 21:12:46 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-27 02:06:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\HP
2007-05-15 07:32:27 -------- d-----w C:\Program Files\Common Files\Real
2007-05-15 07:32:16 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Real
2007-05-14 19:58:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-14 14:54:53 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-14 05:16:41 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\MusicIP
2007-05-14 05:07:01 -------- d-----w C:\Program Files\Symantec
2007-05-14 03:57:36 -------- d-----w C:\Program Files\Microsoft Works
2007-05-14 03:48:28 3,884 ----a-w C:\WINDOWS\viassary-hp.reg
2007-05-14 03:40:27 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Symantec
2007-05-14 03:40:14 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-05-14 03:38:39 50 ----a-w C:\AUTOEXEC.BAT
2007-05-14 03:22:09 -------- d-----w C:\Program Files\Windows NT
2007-05-13 17:04:24 -------- d-----w C:\Program Files\Alcohol Soft
2007-05-11 19:19:02 -------- d-----w C:\Program Files\uTorrent
2007-05-10 22:16:24 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\BitTorrent
2007-05-09 23:42:11 1,024 ----a-w C:\WINDOWS\kadsaka.exe
2007-05-07 01:38:53 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\SpywareBot
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2004-12-23 18:41:04 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-18 05:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 01:05 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-07-03 02:49 C:\WINDOWS\ALCMTR.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-08 23:01]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"startkey"="C:\WINDOWS\system32\update.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
C:\WINDOWS\system32\update.exe s

Contents of the 'Scheduled Tasks' folder
2007-07-02 16:00:00 C:\WINDOWS\tasks\9ECA19D294B5A182.job
2007-07-01 14:41:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-30 03:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (YOUR-AE066C3A9B-HP_Owner).job
2007-07-02 16:51:38 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-28 10:00:00 C:\WINDOWS\tasks\RegCure.job
2007-07-02 10:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 09:51:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 9:53:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 09:53

--- E O F ---

Shaba
2007-07-02, 20:09
Hi

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {240804B7-27BD-42F0-B3EB-E847074EC498} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\update.exe

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system32\ldqdxkjy.exe
C:\WINDOWS\winrmv.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

kushums
2007-07-02, 23:11
"HP_Owner" - 2007-07-02 13:08:01 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\HP_Owner\My Documents\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ldqdxkjy.exe
C:\WINDOWS\winrmv.exe


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 09:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 21:15 <DIR> dr-h----- C:\DOCUME~1\HP_Owner\APPLIC~1\SecuROM
2007-07-01 21:08 <DIR> d-------- C:\Program Files\Tomb Raider - Anniversary
2007-07-01 13:26 <DIR> d-------- C:\Program Files\Activision
2007-06-30 23:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-30 23:41 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-30 23:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-06-30 23:39 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-30 23:32 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-30 23:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-29 19:33 <DIR> d-------- C:\Program Files\Nero
2007-06-29 19:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-29 15:43 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Ahead
2007-06-29 11:07 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-28 22:46 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-28 21:50 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll
2007-06-28 21:50 4,455 --a------ C:\WINDOWS\system\Winaspi.dll
2007-06-28 21:50 3,535 --a------ C:\WINDOWS\system\Wowpost.exe
2007-06-28 21:50 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-28 21:50 16,877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys
2007-06-28 21:50 <DIR> d-------- C:\Program Files\XviD
2007-06-28 21:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-28 12:36 <DIR> d-------- C:\WINDOWS\speech
2007-06-28 12:36 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\WinRAR
2007-06-28 12:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-06-27 13:29 <DIR> d-------- C:\WINDOWS\Lhsp
2007-06-27 00:11 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-06-20 19:14 <DIR> d-------- C:\Program Files\Driver-Soft
2007-06-18 22:58 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-06-18 21:14 <DIR> d-------- C:\Program Files\DivX
2007-06-18 10:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-06-17 15:04 <DIR> d-------- C:\WINDOWS\nview
2007-06-17 14:58 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-17 14:58 <DIR> d-------- C:\NVIDIA
2007-06-16 11:18 <DIR> C:\WINDOWS\Mafia
2007-06-16 11:18 <DIR> C:\Program Files\Mafia
2007-06-07 12:10 20,480 --a------ C:\WINDOWS\system32\ac3config.exe
2007-06-05 21:31 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-03 21:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 10:29 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\ArtificialStudios


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 16:47:45 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\uTorrent
2007-07-01 20:34:36 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 18:08:13 -------- d-----w C:\Program Files\QuickTime
2007-06-28 19:36:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\dvdcss
2007-06-28 19:35:43 -------- d-----w C:\Program Files\Google
2007-06-17 20:37:38 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-06-16 03:21:16 -------- d-----w C:\Program Files\RegCure
2007-06-01 22:08:26 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Image Zone Express
2007-05-27 21:21:38 117,158 ----a-w C:\WINDOWS\hpoins11.dat
2007-05-27 21:16:26 -------- d-----w C:\Program Files\Common Files\HP
2007-05-27 21:12:46 -------- d-----w C:\Program Files\HP
2007-05-27 21:12:46 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-27 02:06:23 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\HP
2007-05-15 07:32:27 -------- d-----w C:\Program Files\Common Files\Real
2007-05-15 07:32:16 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Real
2007-05-14 19:58:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-14 14:54:53 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-14 05:16:41 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\MusicIP
2007-05-14 05:07:01 -------- d-----w C:\Program Files\Symantec
2007-05-14 03:57:36 -------- d-----w C:\Program Files\Microsoft Works
2007-05-14 03:48:28 3,884 ----a-w C:\WINDOWS\viassary-hp.reg
2007-05-14 03:40:27 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Symantec
2007-05-14 03:40:14 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-05-14 03:38:39 50 ----a-w C:\AUTOEXEC.BAT
2007-05-14 03:22:09 -------- d-----w C:\Program Files\Windows NT
2007-05-13 17:04:24 -------- d-----w C:\Program Files\Alcohol Soft
2007-05-11 19:19:02 -------- d-----w C:\Program Files\uTorrent
2007-05-10 22:16:24 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\BitTorrent
2007-05-09 23:42:11 1,024 ----a-w C:\WINDOWS\kadsaka.exe
2007-05-07 01:38:53 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\SpywareBot
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2004-12-23 18:41:04 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-18 05:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 01:05 C:\WINDOWS\ALCWZRD.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-08 23:01]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe


Contents of the 'Scheduled Tasks' folder
2007-07-02 20:00:00 C:\WINDOWS\tasks\9ECA19D294B5A182.job
2007-07-01 14:41:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-30 03:00:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (YOUR-AE066C3A9B-HP_Owner).job
2007-07-02 17:18:59 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-28 10:00:00 C:\WINDOWS\tasks\RegCure.job
2007-07-02 10:00:00 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 13:08:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 13:08:58
C:\ComboFix-quarantined-files.txt ... 2007-07-02 13:08
C:\ComboFix2.txt ... 2007-07-02 10:30
C:\ComboFix3.txt ... 2007-07-02 09:53

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 13:10, on 2007-07-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183280723531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183280716781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Shaba
2007-07-03, 18:44
Hi

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report

kushums
2007-07-04, 02:49
hey thanks bud for putting up with me :)



KASPERSKY ONLINE SCANNER REPORT
2007-07-03 04:42
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 4/07/2007
Kaspersky Anti-Virus database records: 357449


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics
Total number of scanned objects 109367
Number of viruses found 21
Number of infected objects 64
Number of suspicious objects 2
Duration of the scan process 01:40:05

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech.zip/uzcx.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Surfcdromerrorflaw\Store new.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\1061dd5c-4ee18f0a/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\1061dd5c-4ee18f0a/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\1061dd5c-4ee18f0a/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\1061dd5c-4ee18f0a ZIP: infected - 3 skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-119cd026-244a3cb4.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-119cd026-244a3cb4.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-119cd026-244a3cb4.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-119cd026-244a3cb4.zip ZIP: infected - 3 skipped

C:\Documents and Settings\HP_Owner\Application Data\uploadoption\bak\linkfastcdrom.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Application Data\uploadoption\BiasRefMath.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Application Data\uploadoption\uwvhxhil.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007070220070703\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20070702-132836.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\QooBox\Quarantine\C\WINDOWS\inf\kbdb32.dll.vir Infected: Virus.Win32.Agent.x skipped

C:\QooBox\Quarantine\C\WINDOWS\poolsv.exe.vir Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jbihrpmi.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ldqdxkjy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\update.exe.vir Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP103\A0043969.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP103\A0043970.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP103\A0043971.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP106\A0044963.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP106\A0044986.exe Infected: Trojan.Win32.Small.mw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP112\A0047226.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP129\A0050589.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP129\A0050590.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP129\A0051363.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP130\A0052007.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP130\A0052008.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP130\A0052781.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP131\A0053422.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP131\A0053423.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP131\A0054203.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP132\A0054844.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP132\A0054845.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP132\A0055625.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060886.exe Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060889.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060894.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060895.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060896.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060896.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0063869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065011.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065012.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066081.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066082.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066085.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066086.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066087.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066111.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069216.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069217.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069218.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069219.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069221.dll Infected: Virus.Win32.Agent.x skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069223.exe Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0070242.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP146\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{95F90237-263A-405A-9C0A-17B3105C9058}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_49c.dat Object is locked skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP146\change.log Object is locked skipped

Scan process completed.

kushums
2007-07-04, 02:51
heres the hi jack

Logfile of HijackThis v1.99.1
Scan saved at 04:47, on 2007-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183280723531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183280716781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Shaba
2007-07-04, 11:53
Hi

Please Download NoLop to your desktop from one of the links below...
Link 1 (http://www.spywareedge.net/nolop/NoLop.exe)
Link 2 (http://www.spywaretimes.com/Tools/Download/Anti-malwareTools/NoLop!/)
Link 3 (http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get16)
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it.
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx (http://www.boletrice.com/downloads/mscomctl.ocx) to your system32 folder then rerun the program. --

kushums
2007-07-05, 02:09
Hey thanks again bud, if you were not from finland id give you some free starbucks. question what do i do with the quarintine files from combo fix ?:bigthumb:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\HP_Owner\Desktop
[2007-07-04]
[03:53:29]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\9ECA19D294B5A182.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Google Updater
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Mailfrontier -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Muvee Technologies
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Surfcdromerrorflaw
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Wildtangent
C:\Documents and Settings\All Users\Application Data\Winantivirus Pro 2007
C:\Documents and Settings\Application Data\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Apple Computer
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec
C:\Documents and Settings\Hp_owner\Application Data\Adobe
C:\Documents and Settings\Hp_owner\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Ahead
C:\Documents and Settings\Hp_owner\Application Data\Apple Computer
C:\Documents and Settings\Hp_owner\Application Data\Artificialstudios
C:\Documents and Settings\Hp_owner\Application Data\Bittorrent
C:\Documents and Settings\Hp_owner\Application Data\Divx
C:\Documents and Settings\Hp_owner\Application Data\Dvdcss
C:\Documents and Settings\Hp_owner\Application Data\Funwebproducts
C:\Documents and Settings\Hp_owner\Application Data\Google
C:\Documents and Settings\Hp_owner\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Hp
C:\Documents and Settings\Hp_owner\Application Data\Identities
C:\Documents and Settings\Hp_owner\Application Data\Image Zone Express
C:\Documents and Settings\Hp_owner\Application Data\Intermute
C:\Documents and Settings\Hp_owner\Application Data\Intervideo
C:\Documents and Settings\Hp_owner\Application Data\Jasc
C:\Documents and Settings\Hp_owner\Application Data\Leadertech
C:\Documents and Settings\Hp_owner\Application Data\Macromedia
C:\Documents and Settings\Hp_owner\Application Data\Microsoft
C:\Documents and Settings\Hp_owner\Application Data\Motive
C:\Documents and Settings\Hp_owner\Application Data\Mozilla
C:\Documents and Settings\Hp_owner\Application Data\Msninstaller
C:\Documents and Settings\Hp_owner\Application Data\Musicip
C:\Documents and Settings\Hp_owner\Application Data\Myspace
C:\Documents and Settings\Hp_owner\Application Data\Pegasys Inc
C:\Documents and Settings\Hp_owner\Application Data\Real
C:\Documents and Settings\Hp_owner\Application Data\Sampleview -- EMPTY Directory
C:\Documents and Settings\Hp_owner\Application Data\Securom
C:\Documents and Settings\Hp_owner\Application Data\Sonic
C:\Documents and Settings\Hp_owner\Application Data\Spywarebot
C:\Documents and Settings\Hp_owner\Application Data\Sun
C:\Documents and Settings\Hp_owner\Application Data\Symantec
C:\Documents and Settings\Hp_owner\Application Data\Uploadoption
C:\Documents and Settings\Hp_owner\Application Data\Utorrent
C:\Documents and Settings\Hp_owner\Application Data\Vlc
C:\Documents and Settings\Hp_owner\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Ahead
C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Networkservice\Application Data\Microsoft



Logfile of HijackThis v1.99.1
Scan saved at 04:07, on 2007-07-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183280723531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183280716781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Shaba
2007-07-05, 11:50
Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache
C:\QooBox\Quarantine\

Delete these:

C:\Documents and Settings\All Users\Application Data\Surfcdromerrorflaw
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Wildtangent
C:\Documents and Settings\All Users\Application Data\Winantivirus Pro 2007
C:\Documents and Settings\Hp_owner\Application Data\Funwebproducts
C:\Documents and Settings\Hp_owner\Application Data\Spywarebot

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report

kushums
2007-07-06, 03:14
alright heres the kasperksky

KASPERSKY ONLINE SCANNER REPORT
2007-07-05 17:11
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 5/07/2007
Kaspersky Anti-Virus database records: 358728


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics
Total number of scanned objects 91476
Number of viruses found 20
Number of infected objects 51
Number of suspicious objects 0
Duration of the scan process 01:35:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\HP_Owner\Application Data\MySpace\IM\Logs\MySpaceIM-20070704-075832.log Object is locked skipped

C:\Documents and Settings\HP_Owner\Application Data\uploadoption\bak\linkfastcdrom.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Application Data\uploadoption\BiasRefMath.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Application Data\uploadoption\uwvhxhil.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007070420070705\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\History\History.IE5\MSHist012007070520070706\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF569C.tmp Object is locked skipped

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20070704-035858.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP103\A0043969.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP103\A0043970.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP103\A0043971.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP106\A0044963.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP106\A0044986.exe Infected: Trojan.Win32.Small.mw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP112\A0047226.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP129\A0050589.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP129\A0050590.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP129\A0051363.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP130\A0052007.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP130\A0052008.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP130\A0052781.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP131\A0053422.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP131\A0053423.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP131\A0054203.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP132\A0054844.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP132\A0054845.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP132\A0055625.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060886.exe Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060887.exe Infected: Trojan.Win32.StartPage.ahg skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060889.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060893.exe Infected: Trojan.Win32.StartPage.ahg skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060894.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060895.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060896.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0060896.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0063869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065008.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065011.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065012.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0065013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066081.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066082.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066085.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066086.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066087.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP142\A0066111.exe Infected: Trojan-Downloader.Win32.Agent.bfw skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069216.exe Infected: Trojan.Win32.Pakes skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069217.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069218.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069219.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069221.dll Infected: Virus.Win32.Agent.x skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0069223.exe Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP145\A0070242.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP149\A0072256.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP149\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{95F90237-263A-405A-9C0A-17B3105C9058}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat Object is locked skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP149\change.log Object is locked skipped

Scan process completed.

kushums
2007-07-06, 03:15
and heres my hijack


Logfile of HijackThis v1.99.1
Scan saved at 17:14, on 2007-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\scanner.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=en_us&c=q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183280723531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183280716781
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Shaba
2007-07-06, 11:47
Hi

Delete this folder:

C:\Documents and Settings\HP_Owner\Application Data\uploadoption

Empty Recycle Bin

Otherwsie looking good :)

Still problems?

Shaba
2007-07-12, 12:06
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.