i have a hupigon13 trojan can you please help me




Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\jwtch32.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\otmspr.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\STOPzilla!\SZBlkLst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Microsoft netswitch] C:\WINDOWS\system32\jwtch32.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\buster\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [qigmk] "c:\documents and settings\buster\local settings\application data\qigmk.exe" qigmk
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\buster\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230732240093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1418E058-721F-4A8C-B35F-C1D17AF7B1B6}: NameServer = 192.168.0.1,192.168.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{1418E058-721F-4A8C-B35F-C1D17AF7B1B6}: NameServer = 192.168.0.1,192.168.0.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{1418E058-721F-4A8C-B35F-C1D17AF7B1B6}: NameServer = 192.168.0.1,192.168.0.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c97826feba565e) (gupdate1c97826feba565e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 11138 bytes

hi,

Your log is several days old. If you still need help, you can do this:

first disable Spybots tea timer until we are done. Like this:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

next:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O4 - HKLM\..\Run: [Microsoft netswitch] C:\WINDOWS\system32\jwtch32.exe

O4 - HKCU\..\Run: [qigmk] "c:\documents and settings\buster\local settings\application data\qigmk.exe" qigmk

Last; We will get a download to use. Its called combofix. There is a guide you need to read first. Read the guide, download combofix to your desktop, disable AV/anti-malware, doubleclick the icon to start, then follow the prompts. Post the Combofix log in reply:

The guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

hi thanks for your help, i done everything required but there was a problem,
i turned off all security including windows fire wall and ran combofix, the problem being that when combofix rebooted my pc they all stated again, will this be a problem??
anyway this is the resulting log

ComboFix 09-02-15.01 - buster 2009-02-15 22:27:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1439 [GMT 0:00]
Running from: c:\documents and settings\buster\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090215-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\buster\Local Settings\Application Data\skwow.dat
c:\documents and settings\buster\Local Settings\Application Data\skwow.exe
c:\documents and settings\buster\Local Settings\Application Data\skwow_nav.dat
c:\documents and settings\buster\Local Settings\Application Data\skwow_navps.dat
c:\program files\FunWebProducts
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0003B603
c:\program files\MyWebSearch\bar\Cache\0003CDFF
c:\program files\MyWebSearch\bar\Cache\0003D2D2.bin
c:\program files\MyWebSearch\bar\Cache\0003D458.bin
c:\program files\MyWebSearch\bar\Cache\0003D591.bin
c:\program files\MyWebSearch\bar\Cache\0003D727.bin
c:\program files\MyWebSearch\bar\Cache\0003D89E.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 22:30 . 2009-02-15 22:31 1,584 --a------ c:\windows\system32\drivers\kgpcpy.cfg
2009-02-14 20:23 . 2009-02-14 20:23 <DIR> dr-h----- c:\documents and settings\buster\Application Data\SecuROM
2009-02-13 22:22 . 2009-02-13 22:22 <DIR> d-------- c:\program files\CCleaner
2009-02-13 14:26 . 2009-02-13 14:26 <DIR> d-------- c:\program files\VeloceProd
2009-02-13 14:00 . 2009-02-13 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Uniblue
2009-02-12 15:12 . 2009-02-12 15:16 <DIR> d-------- C:\GTL
2009-02-11 12:12 . 2009-02-11 12:12 <DIR> d-------- c:\program files\SimBin
2009-02-11 11:13 . 2009-02-11 11:13 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-11 11:13 . 2009-02-11 11:13 <DIR> d-------- c:\program files\MoTeC
2009-02-11 11:13 . 2009-02-11 11:13 <DIR> d-------- c:\program files\Common Files\Thraex Software
2009-02-11 11:13 . 2009-02-11 11:13 <DIR> d-------- C:\MoTeC
2009-02-11 11:13 . 2009-02-11 11:13 223,825 --a------ c:\windows\rFactor Data Acquisition Plugin Uninstaller.exe
2009-02-11 10:37 . 2009-02-11 10:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-11 10:34 . 2009-02-11 10:34 <DIR> d-------- c:\program files\ERUNT
2009-02-10 18:44 . 2009-02-10 19:24 308,256 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-10 18:44 . 2009-02-10 19:24 12,832 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-10 18:44 . 2009-02-10 19:24 5,204 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-10 18:44 . 2009-02-10 19:24 2,276 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-10 18:15 . 2009-02-10 19:18 1,175 --a------ C:\rollback.ini
2009-02-10 18:06 . 2009-02-10 19:21 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-02-10 18:06 . 2009-02-10 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-02-10 02:27 . 2009-02-10 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-02-10 02:26 . 2009-02-10 02:26 <DIR> d-------- c:\program files\STOPzilla!
2009-02-10 02:26 . 2009-02-10 02:26 <DIR> d-------- c:\program files\Common Files\iS3
2009-02-10 02:26 . 2009-02-15 22:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-02-09 18:40 . 2009-02-15 22:10 162 --a------ c:\windows\pop.htm
2009-02-09 18:28 . 2009-02-09 18:28 278,984 --a------ c:\windows\system32\drivers\atksgt.sys
2009-02-09 18:28 . 2009-02-09 18:28 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-02-09 18:26 . 2009-02-11 15:05 <DIR> d-------- c:\program files\Playlogic
2009-02-09 02:43 . 2009-02-09 02:43 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-02-09 02:43 . 2009-02-09 02:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-02-09 00:05 . 2009-02-06 20:51 24,064 --a------ c:\windows\system32\jwtch32.exe
2009-02-07 14:11 . 2009-02-07 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-07 12:34 . 2009-02-07 13:48 4,096 --a------ c:\windows\system32\crash
2009-02-06 19:03 . 2009-02-07 01:42 <DIR> d-------- c:\documents and settings\buster\Application Data\DivX
2009-02-06 18:52 . 2009-02-06 19:00 <DIR> d-------- c:\program files\DivX
2009-02-05 19:53 . 2009-02-05 19:53 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-05 18:37 . 2009-02-05 18:48 <DIR> d-------- c:\program files\CrossLoop
2009-02-05 12:56 . 2009-02-13 22:54 <DIR> d-------- c:\program files\Steam
2009-02-04 19:55 . 2009-02-04 19:56 <DIR> d-------- c:\program files\Mixxx
2009-02-04 19:53 . 2009-02-04 19:53 <DIR> d-------- c:\program files\Smart-Shopper
2009-02-04 19:53 . 2009-02-04 20:46 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-02-04 19:53 . 2009-02-04 19:53 <DIR> d-------- c:\documents and settings\buster\Application Data\Smart-Shopper
2009-02-03 18:45 . 2009-02-03 18:45 <DIR> d-------- C:\games
2009-02-02 22:27 . 2009-02-02 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2009-02-02 04:31 . 2009-02-13 14:00 <DIR> d-------- c:\program files\Uniblue
2009-01-30 11:22 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-30 11:22 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-30 11:22 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-29 15:48 . 2009-02-15 22:31 <DIR> d-------- c:\documents and settings\buster\Tracing
2009-01-29 15:34 . 2009-01-29 15:34 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-29 15:34 . 2009-01-29 15:34 <DIR> d-------- c:\program files\Microsoft
2009-01-29 15:33 . 2009-01-30 13:21 <DIR> d-------- c:\program files\Windows Live
2009-01-29 15:26 . 2009-01-29 15:26 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-29 11:34 . 2009-01-29 11:34 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-28 15:26 . 2009-02-08 02:16 <DIR> d-------- c:\program files\TykaClient
2009-01-28 15:22 . 2009-01-28 15:22 <DIR> d-------- c:\documents and settings\buster\Application Data\teamspeak2
2009-01-28 15:21 . 2009-01-28 15:22 <DIR> d-------- c:\program files\Teamspeak2_RC2
2009-01-28 15:21 . 2009-01-28 15:21 34,064 --a------ c:\windows\system32\lhacm.acm
2009-01-23 01:11 . 2009-01-23 01:11 <DIR> d-------- c:\program files\Bethesda Softworks
2009-01-23 01:11 . 2009-01-23 01:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2009-01-23 01:10 . 2009-01-23 01:10 <DIR> d-------- c:\program files\MSBuild
2009-01-23 01:09 . 2009-01-23 01:09 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-23 01:08 . 2009-01-23 01:08 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-23 01:08 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-23 01:07 . 2009-01-23 01:07 <DIR> d-------- c:\windows\system32\xlive
2009-01-22 14:40 . 2009-01-22 14:40 <DIR> d-------- C:\Programmi
2009-01-21 18:14 . 2009-01-21 18:15 <DIR> d-------- c:\program files\MyProduct
2009-01-19 18:16 . 2009-01-19 18:17 <DIR> d-------- c:\program files\Euro Truck Simulator
2009-01-19 15:23 . 2009-01-19 15:24 <DIR> d-------- c:\program files\18 Wheels of Steel American Long Haul
2009-01-17 03:06 . 2009-01-17 03:06 <DIR> d-------- c:\program files\EA Games
2009-01-17 01:46 . 2009-01-17 01:46 376,235 --a------ C:\AnalysisLog.sr0
2009-01-17 01:46 . 2009-01-17 01:46 224,104 --a------ C:\AnalysisLogApi.sr1
2009-01-16 22:08 . 2009-02-12 00:25 <DIR> d-------- c:\program files\Google
2009-01-16 17:47 . 2009-01-16 17:47 12,774,363 --a------ c:\windows\Magical Flowers Screensaver.dat
2009-01-16 17:47 . 2009-01-16 17:47 466,944 --a------ c:\windows\Magical Flowers Screensaver.scr
2009-01-16 17:47 . 2009-01-16 17:47 180,224 --a------ c:\windows\UninstallWSST.exe
2009-01-16 17:47 . 2009-01-16 17:47 28,672 --a------ c:\windows\system32\ssconfig.exe
2009-01-16 17:47 . 2009-01-16 19:23 85 --a------ c:\windows\WSST_Screen_Saver.ini
2009-01-16 17:45 . 2009-01-16 17:45 <DIR> d-------- c:\program files\Free Abstractions Screensaver
2009-01-16 17:45 . 2007-07-01 12:25 2,103,064 --a------ c:\windows\system32\Free Abstractions Screensaver.scr
2009-01-16 17:45 . 2007-09-19 21:24 2,649 --a------ c:\windows\system32\Free Abstractions Screensaver.html
2009-01-16 15:57 . 2009-02-10 04:33 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-16 15:57 . 2009-01-16 15:57 <DIR> d-------- c:\documents and settings\buster\Application Data\SystemRequirementsLab
2009-01-15 02:18 . 2009-01-15 02:18 <DIR> d-------- c:\windows\Sun
2009-01-15 01:02 . 2008-04-13 18:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-15 01:02 . 2008-04-13 18:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 13:51 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-14 20:08 --------- d-----w c:\program files\Electronic Arts
2009-02-14 17:32 --------- d-----w c:\documents and settings\buster\Application Data\Azureus
2009-02-13 14:00 --------- d-----w c:\documents and settings\buster\Application Data\Uniblue
2009-02-11 11:13 --------- d-----w c:\program files\rFactor
2009-02-10 04:33 --------- d-----w c:\documents and settings\buster\Application Data\IMVUClient
2009-02-09 04:48 --------- d-----w c:\documents and settings\buster\Application Data\Skype
2009-02-09 02:48 --------- d-----w c:\documents and settings\buster\Application Data\skypePM
2009-02-09 02:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 17:15 --------- d-----w c:\program files\ATI
2009-02-07 14:07 --------- d-----w c:\program files\ATI Technologies
2009-02-05 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-05 19:53 --------- d-----r c:\program files\Skype
2009-01-29 16:56 --------- d-----w c:\program files\Vuze
2009-01-16 14:04 --------- d-----w c:\program files\Free Download Manager
2009-01-14 16:50 --------- d-----w c:\program files\GameSpy
2009-01-14 16:48 22,328 ----a-w c:\documents and settings\buster\Application Data\PnkBstrK.sys
2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 00:04 --------- d-----w c:\program files\BoostYourPC.com
2009-01-11 12:55 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-10 12:10 --------- d-----w c:\program files\AskBarDis
2009-01-10 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-01-10 12:06 --------- d-----w c:\program files\Java
2009-01-09 20:49 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-01-06 18:09 --------- d-----w c:\program files\AMD
2009-01-05 02:29 --------- d--h--w c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-01-05 02:26 --------- d-----w c:\program files\Stardock Games
2009-01-05 02:25 --------- d-----w c:\documents and settings\buster\Application Data\DAEMON Tools Pro
2009-01-05 02:25 --------- d-----w c:\documents and settings\buster\Application Data\DAEMON Tools Lite
2009-01-05 02:25 --------- d-----w c:\documents and settings\buster\Application Data\DAEMON Tools
2009-01-05 02:24 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-05 02:23 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-05 02:23 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-05 02:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-05 01:36 --------- d-----w c:\program files\Bullfrog
2009-01-04 21:32 --------- d-----w c:\program files\Sierra
2009-01-04 21:20 --------- d-----w c:\documents and settings\buster\Application Data\Leadertech
2009-01-04 21:15 --------- d-----w c:\program files\Atari
2009-01-04 20:45 --------- d-----w c:\program files\Core Design
2009-01-04 20:20 --------- d-----w c:\documents and settings\buster\Application Data\IMVU
2009-01-01 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-01-01 13:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-01-01 13:06 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-31 19:47 --------- d-----w c:\program files\Alwil Software
2008-12-31 17:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-12-31 17:25 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories
2008-12-31 16:40 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-12-31 16:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-12-31 16:22 --------- d-----w c:\program files\MSXML 4.0
2008-12-31 16:02 --------- d-----w c:\program files\Microsoft Games
2008-12-31 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 15:54 315,392 ----a-w c:\windows\HideWin.exe
2008-12-31 15:54 --------- d-----w c:\program files\Realtek
2008-12-31 15:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 15:18 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-31 14:59 --------- dc----w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-31 13:59 --------- d-----w c:\program files\NVIDIA Corporation
2008-12-31 13:59 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-31 13:59 --------- d-----w c:\documents and settings\buster\Application Data\InstallShield
2008-12-31 13:51 --------- d-----w c:\documents and settings\buster\Application Data\ATI
2008-12-31 13:47 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-12-31 13:40 --------- d-----w c:\program files\microsoft frontpage
2003-12-18 11:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 07:46 10,960 ----a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-10-22 9438488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 1260296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-29 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\rFactor\\rFactor.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TykaClient\\Tyka.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\rFactor\\rFactor Dedicated.exe"=
"c:\\Program Files\\rFactor\\Support\\HostingTest.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\buster2k\\race 07\\Race_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\buster2k\\race 07\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\buster2k\\race 07\\Config.exe"=

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2008-12-02 54656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-12-31 13696]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-01-10 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-01-10 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-31 89600]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S2 gupdate1c97826feba565e;Google Update Service (gupdate1c97826feba565e);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-16 133104]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
.
Contents of the 'Scheduled Tasks' folder

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-16 22:08]

2009-02-12 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

2009-02-13 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2009-01-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2009-02-13 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\buster\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
TCP: {1418E058-721F-4A8C-B35F-C1D17AF7B1B6} = 192.168.0.1,192.168.0.10
FF - ProfilePath - c:\documents and settings\buster\Application Data\Mozilla\Firefox\Profiles\5h6ycklp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 22:31:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(776)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-02-15 22:36:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 22:36:15

Pre-Run: 96,275,091,456 bytes free
Post-Run: 96,232,685,568 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

408 --- E O F --- 2009-02-11 19:50:23

hi,

ok thanks for the info.


when combofix rebooted my pc they all stated again, will this be a problemno, not a problem. Just want them disabled when combofix is running-- after the reboot they will start up again which you want to happen and is normal.

Rescan with hjt and post a new log.

What app is finding the hupigon13 trojan
on your computer?

thats a releaf... it was spybot that was detecting it but it all seems fine now,
i ran a boot check and it hasnt appeared so hopefully the nasty little bugger is gone, here is the hjt report.
thanks very much for your time i am very grateful


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:06:46, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Microsoft netswitch] C:\WINDOWS\system32\jwtch32.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\buster\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\buster\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230732240093
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1418E058-721F-4A8C-B35F-C1D17AF7B1B6}: NameServer = 192.168.0.1,192.168.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{1418E058-721F-4A8C-B35F-C1D17AF7B1B6}: NameServer = 192.168.0.1,192.168.0.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{1418E058-721F-4A8C-B35F-C1D17AF7B1B6}: NameServer = 192.168.0.1,192.168.0.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c97826feba565e) (gupdate1c97826feba565e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 10338 bytes

hi,

You have the latest version of Spybot and its up to date?
Lets get a file checked out.

To help show all files you can do this:

For XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

Next: navigate to the system32 dir. and see if you can spot this .exe:
jwtch32.exe

if so you can go to the website below, browse for the file on your computer then upload it using the send button. It will be scanned by many AV. You can copy/paste the results in your reply.

The website:
http://www.virustotal.com/

hi bad news its back.. all my scans were clear last night and when i booted this morning its raised its ugly head. here is the results for jwtch



Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File jwtch32.exe received on 02.16.2009 13:51:47 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/39 (5.13%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.16 -
AhnLab-V3 2009.2.14.0 2009.02.16 -
AntiVir 7.9.0.79 2009.02.16 -
Authentium 5.1.0.4 2009.02.15 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.16 SHeur2.QPP
BitDefender 7.2 2009.02.16 -
CAT-QuickHeal 10.00 2009.02.16 -
ClamAV 0.94.1 2009.02.16 -
Comodo 978 2009.02.15 -
DrWeb 4.44.0.09170 2009.02.16 -
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6358 2009.02.14 -
F-Prot 4.4.4.56 2009.02.15 -
F-Secure 8.0.14470.0 2009.02.16 -
Fortinet 3.117.0.0 2009.02.16 -
GData 19 2009.02.16 -
Ikarus T3.1.1.45.0 2009.02.16 -
K7AntiVirus 7.10.582 2009.01.09 -
Kaspersky 7.0.0.125 2009.02.16 -
McAfee 5527 2009.02.15 -
McAfee+Artemis 5527 2009.02.15 -
Microsoft 1.4306 2009.02.16 -
NOD32 3856 2009.02.16 -
Norman 6.00.02 2009.02.13 -
nProtect 2009.1.8.0 2009.02.16 -
Panda 9.4.3.20 2009.02.15 -
PCTools 4.4.2.0 2009.02.16 -
Prevx1 V2 2009.02.16 Cloaked Malware
Rising 21.17.02.00 2009.02.16 -
SecureWeb-Gateway 6.7.6 2009.02.16 -
Sophos 4.38.0 2009.02.16 -
Sunbelt 3.2.1851.2 2009.02.12 -
Symantec 10 2009.02.16 -
TheHacker 6.3.2.2.258 2009.02.16 -
TrendMicro 8.700.0.1004 2009.02.16 -
VBA32 3.12.8.12 2009.02.16 -
ViRobot 2009.2.16.1609 2009.02.16 -
VirusBuster 4.5.11.0 2009.02.15 -
Additional information
File size: 24064 bytes
MD5...: 8941487891555539a5e74a9db170fe7a
SHA1..: 1109437e578320c2c83bab6eaa244f08d967dd81
SHA256: f1ab3450dd33c52d652558da32ddba9f4b789c9624596f1cac1d48bc1eb6ff19
SHA512: 6ad8901d2ad9d5e9ce681b37e9f7a2ff035d981e5fda19225b703375d709e69d
a82ee1b90ee18ffd705ee97db2ed91ba68b9e676e7defcdea0798d550f4c2182
ssdeep: 384:jcwepeFjVwfNCgRblaq9wslMVZZ5NAkZI2vzAo:jQcjVwkgRhaqADZ5NAk
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x498c899f (Fri Feb 06 19:03:59 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16ac 0x1800 7.17 0ff28321d587d0f20a2e1a870486a45c
.data 0x3000 0x4084 0x4200 4.56 05f5fe4b12348ffdc768ce0a796f43c5
.rsrc 0x8000 0x120 0x200 1.87 3798d44280fcfa796c91c5e0be8ad16f

( 3 imports )
> kernel32.dll: CreateMutexA, GetLastError, GetModuleHandleA, LoadLibraryA, GetProcAddress, Sleep, FreeLibrary, ExitProcess, RtlZeroMemory, RtlMoveMemory, CreateFileA, WriteFile, CloseHandle, TerminateThread, TerminateProcess, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, FlushFileBuffers
> user32.dll: DialogBoxParamA, LoadIconA, SendMessageA, SetDlgItemTextA, EndDialog, GetClassNameA, GetWindowThreadProcessId, ShowWindowAsync
> comctl32.dll: InitCommonControls

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=26A8A65D0096DF3F5E5B008C5CEAAB0078B7EEBC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=26A8A65D0096DF3F5E5B008C5CEAAB0078B7EEBC</a>

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Is Spybot up to date on its files? Post what spy bot is flagging as malware after a scan please.

hi... ive got spybot search and destroy 1.6.0 and ive set it to check for updates upon start up

sorry i read your last post wrong, ive got
adviva x 1
doubleclick x 1
hupigon13 x 1
mediaplex x 2

hi,

Two of the four look like cookies. The hupigon13 must be a false positive. You would have a lot more showing up in the combofix log. You fix the hupigon13 and it shows up after a reboot and rescan? Why dont you do a online scan for another opinion:

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

This topic has been closed due to inactivity.

As it has been five days or more since your last post, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.