PDA

View Full Version : Can't run Spybot OR Kaspersky. Here's the HJT log. PLEASE HELP!!



LoneWolf1038
2008-01-01, 18:42
Hi,

Thank goodness for you wonderful volunteers! I really need help here!

I have a computer that is so slow, I could probably do the work with pencil and paper quicker! It appears that the winlogon.exe file is using ALOT of the CPU, so everything else is crawling along at a snail's pace.

I thought I could just do a sys restore, but ALL the restore points I had were totally gone. I use SystemSuite, so figured there would be restore logs in there also that I could use. They had all mysteriously disappeared too!

I used to have Spybot S&D on my puter, but when I went to use it, the exe file mysteriously could not be found, so I uninstalled it, re-d/l a new copy (twice now) and installed. I can't run Spybot S&D because there is no .exe file even with the new install!

I can't d/l the Kaspersky scan. Page comes up "page not available".

I used MalwareBot earlier and removed a BUNCH of malware, but it still did not fix the problem.

I was able to d/l HJT.exe and run it. Took no time at all to do...I really thought it would take HOURS, but it took probably 2 minutes tops! Here's the log file....PLEASE HELP ME!! Tell me what to do, and I will do my best to do it (if this machine will let me! :rolleyes:)

Thanks in advance for ALL the help!!! You guys rock!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:37 AM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ABIT\ABITEQ\abiteq.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\InterVideo\IMCSvr\IMCSvr.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MalwareBot\MalwareBot.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\InterVideo\WinDVD Media Center\SchSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: PatentHunter - {BCB2344B-3D5B-46d7-861B-A8F27E4FE602} - C:\Program Files\PatentWizard, LLC\PatentHunter3\PHToolBand.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [ABITEQ] C:\Program Files\ABIT\ABITEQ\abiteq.exe -M
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMCServerAutoStart] "C:\Program Files\InterVideo\IMCSvr\IMCSvr.exe"
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD Media Center\SchSvr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://game1.pogo.com
O15 - Trusted Zone: http://www.pogo.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149897145093
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.peryourhealth.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O16 - DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} (CLaunchPrint Object) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DirectX Service (DirectWycz) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TabletService - Unknown owner - C:\WINDOWS\system32\Tablet.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 13372 bytes

LoneWolf1038
2008-01-03, 03:14
I found another link that would actually load Kaspersky, so I d/l it, and scanned C drive. I have not put anything into D drive in a long time, and this problem started just a few days ago...so I didn't do D.

It tells me that I have 11 viruses and 31 infected objects. I don't understand! I have V-Com System Suite, and apparently it has been skipping over these things!

Anyway, here's the Kaspersky Log.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 02, 2008 8:06:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501636
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
C:\
Scan Statistics
Total number of scanned objects 250276
Number of viruses found 11
Number of infected objects 31
Number of suspicious objects 0
Duration of the scan process 06:50:57

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\directx.exe.QUAR00 Infected: Backdoor.Win32.Rukap.gen skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\directx.exe.QUAR01 Infected: Backdoor.Win32.Rukap.gen skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\IEXPLORE.EXE.QUAR00 Infected: Backdoor.Win32.Rukap.gen skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\IEXPLORE.EXE.QUAR01 Infected: Backdoor.Win32.Rukap.gen skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\IEXPLORE.EXE.QUAR02 Infected: Backdoor.Win32.Rukap.gen skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\mdm.exe.QUAR00 Infected: Trojan-Spy.Win32.Delf.lh skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\msntb.dll.QUAR00 Infected: Trojan-Spy.Win32.Delf.lh skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\setup.exe.QUAR00 Infected: Trojan-Proxy.Win32.Horst.xc skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\setup.exe.QUAR01 Infected: Trojan-Proxy.Win32.Horst.xc skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\setup.exe.QUAR02 Infected: Trojan-Proxy.Win32.Horst.xc skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\setup.exe.QUAR03 Infected: Trojan-Proxy.Win32.Horst.xc skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\setup.exe.QUAR04 Infected: Trojan-Proxy.Win32.Horst.xc skipped
C:\Documents and Settings\Midge\Application Data\VCOM\SystemSuite\Quarantine\svchost.exe.QUAR00 Infected: P2P-Worm.Win32.Kapucen.ac skipped
C:\Documents and Settings\Midge\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Midge\Desktop\Holding Tank\Slot Machines Mastery Discover The Secrets That Casino Owner Are Hiding From You Make Big Cash Playing the Slots.zip/Slot Machines Mastery Discover The Secrets That Casino Owner Are Hiding From You Make Big Cash Playing the Slots.exe Infected: Trojan.Win32.Delf.ys skipped
C:\Documents and Settings\Midge\Desktop\Holding Tank\Slot Machines Mastery Discover The Secrets That Casino Owner Are Hiding From You Make Big Cash Playing the Slots.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Midge\Desktop\Misc. Business Stuff\Invention, etc\Patent And Invention Know-How How to get your new product or invention on the marketing fast.exe Infected: Trojan.Win32.Delf.ys skipped
C:\Documents and Settings\Midge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Midge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Midge\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Midge\Local Settings\History\History.IE5\MSHist012008010220080103\index.dat Object is locked skipped
C:\Documents and Settings\Midge\Local Settings\Temp\NER4D2.tmp\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Midge\Local Settings\Temp\NeroDemo12518\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Midge\Local Settings\Temp\NeroDemo12550\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Midge\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Midge\ntuser.dat Object is locked skipped
C:\Documents and Settings\Midge\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\iTouch\iTouch.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\Program Files\MalwareBot\MalwareBot.exe -boot Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\Program Files\VCOM\SystemSuite\checksum.dat Object is locked skipped
C:\Program Files\VCOM\SystemSuite\MXFwIMMF.dat Object is locked skipped
C:\Program Files\VCOM\SystemSuite\MXFwTMMF.dat Object is locked skipped
C:\Program Files\VCOM\SystemSuite\rawpacket.log Object is locked skipped
C:\Program Files\VCOM\SystemSuite\security.log Object is locked skipped
C:\Program Files\VCOM\SystemSuite\traffic.log Object is locked skipped
C:\Program Files\VCOM\SystemSuite\UninstallEngine\UndoLogs\F_75B55B0001C799AD000DD467.fiz/DDEC8.nd2/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Program Files\VCOM\SystemSuite\UninstallEngine\UndoLogs\F_75B55B0001C799AD000DD467.fiz/DDEC8.nd2/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Program Files\VCOM\SystemSuite\UninstallEngine\UndoLogs\F_75B55B0001C799AD000DD467.fiz/DDEC8.nd2 Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Program Files\VCOM\SystemSuite\UninstallEngine\UndoLogs\F_75B55B0001C799AD000DD467.fiz ZIP: infected - 3 skipped
C:\Program Files\VCOM\SystemSuite\xacl.cfg Object is locked skipped
C:\Swsetup\Monitors\SP29916\hpinsx64.exe Infected: Virus.Win32.Tenga.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{911ABF73-A94F-4337-9122-86228D3DCDFE}\RP2\A0000018.exe Infected: Trojan-Downloader.Win32.Bagle.hi skipped
C:\System Volume Information\_restore{911ABF73-A94F-4337-9122-86228D3DCDFE}\RP2\A0000088.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\System Volume Information\_restore{911ABF73-A94F-4337-9122-86228D3DCDFE}\RP2\A0001099.exe Infected: Trojan-Downloader.Win32.Bagle.hh skipped
C:\System Volume Information\_restore{911ABF73-A94F-4337-9122-86228D3DCDFE}\RP2\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\InstallShield32.exe/data0002 Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\WINDOWS\system32\InstallShield32.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.

ndmmxiaomayi
2008-01-10, 18:39
Hi,

Please post a new HijackThis log if you still need help.

In addition, please do the following:

Please download and install CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim).
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.

In your next reply, please post:

A new HijackThis log
CCleaner install.txt

LoneWolf1038
2008-01-12, 00:55
Thanks for the reply. I solved a few of the problems, but not all of them! It seems to run decent, but I can not boot into safe mode, all the restore points have disappeared, and it keeps telling me there are 86 window updates....all which fail when I try to install them. Both logs will not fit on one post, so I will post one here, and another on the next post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:21 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\InterVideo\IMCSvr\IMCSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ABIT\ABITEQ\abiteq.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: PatentHunter - {BCB2344B-3D5B-46d7-861B-A8F27E4FE602} - C:\Program Files\PatentWizard, LLC\PatentHunter3\PHToolBand.dll
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMCServerAutoStart] "C:\Program Files\InterVideo\IMCSvr\IMCSvr.exe"
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ABITEQ] C:\Program Files\ABIT\ABITEQ\abiteq.exe -M
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149897145093
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.peryourhealth.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O16 - DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} (CLaunchPrint Object) - http://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: TabletService - Unknown owner - C:\WINDOWS\system32\Tablet.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 13845 bytes

LoneWolf1038
2008-01-12, 00:56
CC CLEANER LOG

ABBYY FineReader 5.0 Sprint Plus
ABITEQ
Absolute Poker Basic
Access Manager 2
Acoustica CD/DVD Label Maker
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Ahead Nero Burning ROM
Amazon Cover Downloader
AMI Up2Date
AOL Instant Messenger
AOL Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
AVS DVD Player version 2.2
Batch Update
Belarc Advisor 7.1
Bible Data Type System Files
Blubster 2.6.9
Bodog Casino
Bodog Poker Version 2.9.0.51
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CCScore
Clause Visualizer
Common System Files
Concord WinFax Plugin v3.0
ConvertXtoDVD 2.0.0.99 RC
CoolMoon ToDo 0.9.3
Creative Audio Console
Creative PlayCenter
Creative Recorder
Dealio Toolbar
DefilerPak 1.22 (Remove Only)
DocuCom PDF Core Library
DocuCom PDF Driver
DScaler 4.1.15
DVD Cover Gold
DVD Cover Searcher
DVD Decrypter (Remove Only)
DVD Region+CSS Free 5.9.8.3
DVD Ripper Wizard
DVD Shrink 3.2
DVD to VCD AVI DivX Converter v3.2 (build 062)
DVDFab Decrypter 2.9.8.3
DVDFab HD Decrypter 3.2.1.0
DVDInfoPro
EasyCleaner
eMule
EPSON Copy Utility 3
EPSON Perf 4180 Guide
EPSON PhotoCenter
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Family Tree Maker
Family Tree Maker 2008
Film Factory
Five Card Deluxe
Flash4D Bonus Intro
Flash4D Version 2-4
FlashMenu
Flip Words v2.0
FTDI USB Serial Converter Drivers
Full Tilt Poker.Net
Fusion
GetRight Pro
Gold Miner
Good Keywords v2.0.072406
Google Earth
Google Toolbar for Internet Explorer
GoToMyPC
Graphic Workshop Professional 3
Graphical Query Editor
Gutterball 2
HijackThis 2.0.2
Homescan Internet Transporter
Hotfix for Windows XP (KB915865)
HP eServices Local Prints and Save
IBP & ARELIS 9.6
iDailyDiary 3.20
IE New Window Maximizer 2.4
IncrediMail JunkFilter Plus
IncrediMail Xe
InterVideo WinDVD Media Center
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Jewel Quest Solitaire
Kaspersky Online Scanner
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lame ACM MP3 Codec
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LimeWire PRO 4.12.3
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LLS Resource Driver
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.71
Logitech Resource Center
Macromedia Shockwave Player
Market Research Wizard
MediaInfo 0.7.5.4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Microsoft WSE 3.0
Microsoft® Winter Fun Pack 2004 for Windows® XP
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.11)
MPEG-VCR
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Nero 7 Ultra Edition
Nero Fast CD-Burning Plug-in
neroxml
netbrdg
NVIDIA Drivers
OEB Resource Driver
OE-Mail Recovery 1.7.6
OfotoXMI
OmniFormat
P.I.M. II Plug-In
PaperPort 9.0
PaperPort Printer Driver
PatentHunter
PatentWizard 2.0
PDF Resource Driver
Pdf995
PdfEdit995
PerfectDisk
Photo Organizer
Plato Video Converter 5.23
Precast 1.2 (Build 20060630)
Presto! BizCard 4.1 Eng
Print Lab Series
PurePlay Poker
Quicken 2006
QuickTime
Real Alternative 1.48
RealPlayer
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Remove Toolbar Buddy 4.0.4
Replicant DVD
ScanToWeb
Scrapbook Factory Deluxe 3.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Sentence Diagramming
Serif PagePlus SE 1.0
SFR
SFR2
SHASTA
skin0001
SKINXSDK
Smart Link 56K Voice Modem
SnagIt 8
Sound Blaster Audigy
SoundFont Showcase
SoundTaxi 1.2.5
Spybot - Search & Destroy
SSC Service Utility v4.10
staticcr
StockTicker
SUPERAntiSpyware Free Edition
SureThing CD Labeler Deluxe 4
Symantec Technical Support Web Controls
System Requirements Lab
SystemSuite 7 Professional
Tablet
The Logo Creator v4
The Lost City of Gold
The Print Shop
tooltips
Treasure Machine
Trendyflash Site Builder
TurboTax Premier 2005
TurboTax Premier Investments 2006
Video Camera Drivers V1.0
Video Vault
Virtual Earth 3D (Beta)
VPRINTOL
Wal-Mart Music Downloads Store
WebFldrs XP
WexTech AnswerWorks
WinAVIVideoConverter
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinMPG VideoConvert 6.5
WinRAR archiver
WIRELESS
Word Monaco (remove only)
Word Wizard Deluxe
WYSIWYG Web Builder 5.0
Xvid 1.1.2 final uninstall
Yahoo! SiteBuilder
Z 39.50 Library
Zoran Video Camera Drivers V1.0

ndmmxiaomayi
2008-01-12, 09:42
Hi,

Step 1

Click on Start > Control Panel and double click on Add/Remove Programs.
Locate Absolute Poker Basic and click on Change/Remove button to uninstall it.
Repeat for these programs: Blubster 2.6.9
Bodog Casino
Bodog Poker Version 2.9.0.51
Dealio Toolbar
Full Tilt Poker.Net Close Add/Remove Programs and Control Panel. Restart your computer.

The reason why I had you to uninstall Blubster because this program is infected with adware.

Take a look here - http://www.blubster.com/download/

The free version of Blubster will bring about popup advertisements even though it says that the program has no spyware or adware.

You had Dealio Toolbar installed, an adware program that comes bundled with Blubster.

In future, before installing any P2P programs, please check the list of clean and infected P2P programs at Malware Removal (http://p2p.malwareremoval.com/) and Spyware Info (http://www.spywareinfo.com/articles/p2p/).

Please also do not use any P2P programs while the cleaning is still going on. This will bring about re-infections and makes the cleaning even harder.

The risks of using a P2P program are stated in this Sourceforge website (http://aresgalaxy.sourceforge.net/p2prisks.htm) and Information Week article (http://www.informationweek.com/security/showArticle.jhtml?articleID=53200209&pgno=2&queryText=).

Please also read this sticky (http://forums.spybot.info/showthread.php?t=282).

As for the Poker programs, there's no way to tell if the Poker programs are clean. They are best removed.

Here's a list of safe Poker sites:

http://www.pokerstars.net/ - This is a free to use/play site.
http://www.pokerstars.com/ - This is the paid for version.

Here's a list of bad Poker sites:

http://malwareremoval.com/forum/viewtopic.php?f=4&t=23145

Step 2

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer (http://download.bleepingcomputer.com/sUBs/ComboFix.exe). Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware (http://www.forospyware.com/sUBs/ComboFix.exe)
Geeks to Go (http://subs.geekstogo.com/ComboFix.exe)

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

Combofix log (C:\Combofix.txt)
A new HijackThis log

ndmmxiaomayi
2008-01-18, 10:00
Hi,

It's been more than 5 days. How's everything going?

tashi
2008-01-26, 05:11
Thank you ndmmxiaomayi. :)