Please Help again, same type different PC

V

Vince Vespertino

New member
Hello,

I hope that someone can help me with my daughters PC this time. It looks like the virtumomde virus again. Your help, as before, is greatly appreciated.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-10-02 07:13
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 2/10/2007
Kaspersky Anti-Virus database records: 426153
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 728480
Number of viruses found: 34
Number of infected objects: 99
Number of suspicious objects: 3
Duration of the scan process: 08:24:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.1/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS00B223D2-4095-486F-BADD-6D7B4E28F1FC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS03D2429B-B100-4FE6-8B21-B2A412CD0BC6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS04D404CA-C17C-46DF-8452-0534B5DB204E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0AFF89CA-73D7-4CBB-81BE-B3BE4B1725EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0B140BAA-C6DC-4190-BC5E-4E397083AB83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E3B34DF-0738-438F-8C21-235EBB5D690E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS10738459-899F-4523-85E5-8377788C0CA7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS136C43C2-5631-40F6-B002-DA102A1AA102.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS174363C3-D3F9-4CC4-B23B-B0AE89C59BC9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS180F0F2D-500B-4086-8EF3-ECC375D81C2D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A6DFB01-8F64-403C-88BC-505900DF6E75.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B412D42-4863-4FDD-AE97-182FDB297779.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BFF01DB-45A6-4561-8CD3-86ACC9E14691.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2425892C-E820-4656-83B2-4B95F60C0F22.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A4B4E54-3A9B-49DD-8FF8-A846AAA0FC40.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2B53195E-8B79-4FFA-94DC-57A9858867B4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3052F9FC-D0BF-4634-ABEE-AF6084B70326.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS36806A33-39A2-4F5B-9D93-9B158005464F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS37F025D1-6158-4CDD-84A8-E1EA938EC40A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3A935E52-2598-42BA-86E0-C96942037D8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3B2702A9-BBF8-4176-B2EA-A56904037782.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3C9CEEC2-A766-4233-9A12-DC84014B2EF3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4585E727-8E46-42BE-B65C-99E0393F4D77.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4796822D-60B1-41E0-9467-3DC81CE7283C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4A3D7884-B9F8-439C-970C-AF5BC03A2A82.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EE972E3-9F58-46F7-995A-6C5D9AE909AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS50E366CD-04F3-4C87-889B-C56276DD5A62.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS53414FBA-B97D-42EB-BFE6-D0C0115C52FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS548DDB14-F0D9-429D-8DA1-D23A983F8A53.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5A8B826F-0A03-4A08-8333-2E7BDFCF60AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6072C0ED-1400-4FA7-8D89-0DA1E298BC63.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6115C9A0-F6DA-40CD-838F-F6C880FD4E13.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS627DCB8F-C279-49A2-8B04-DDCC0DE6E980.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS63B3020D-D5B0-479E-BE8C-3F4E2E75DF11.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS649B69A8-1FAE-4E1B-A07A-97CEB3F197C6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS64B4B302-359E-42F4-93E0-EBA4EB7588BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS685FAC71-DE14-4B82-99C8-9F3E85F4AD33.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6A5259EA-A9C1-4778-BCE7-BC117CE90B0E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D902DC2-2E0E-40B5-866E-4FB106D21DB5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FF734DE-633C-4CBA-B148-9ECCB4D1CD27.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS717726A3-5B6D-45BC-A848-A2629358BC8B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS743D7EFC-8E3F-4676-A089-4F9839B1D9C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS74D6E3A0-8211-4224-897A-0C8F1F75477C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS774D4F20-DB37-4896-B2C0-B981F55ED665.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS793303DA-9545-4B8F-88A8-28A2AB1096DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS812C2D0B-2276-4E7D-83FB-EAE0CD850B71.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8265FD0B-3205-4BDD-96AE-0C12F41B82A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS83F2B33C-E413-44DD-89B2-025CA73FCFAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8436651F-113B-4755-9C1C-95697A8DCD25.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS859EA34C-6CDB-4C1C-8D1F-384FB8311B80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A786068-0A7E-4003-9616-A2C7D6E9F3AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS932A4313-05A7-4142-B3FA-A69267F16AEB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9536CDB3-6773-4E1C-B13D-1F0E7E38E647.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS95C64514-7994-4D3D-8195-D4D86B7604C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS986F65B7-D85A-4FED-A412-15F7B9F7260C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9944D404-2F68-4866-AAD9-E7EB90F79969.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A93AF1C-B047-4079-A46A-93239D7B6A0C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D279552-CC36-4835-88FD-7FF80D0B0C84.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D719C10-99A7-4D52-ABE4-A7CEB6A979C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA20CE82E-C4EE-43E3-9D0F-BF436D416672.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA47B5206-FDC8-4BA8-9914-50F82AC69DB7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA62079AE-3238-4672-9668-8BC39C5A8555.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABE24B83-C28A-49C5-BB37-3BFEC6EB34EB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1F99EDC-FA84-4458-A904-9F8143BB42E5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9029618-6514-4D9B-9AE0-7407FD1294B9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBDDBE6EC-5B1F-4E28-AE06-65DEE63A465F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBECEA029-5EB6-4740-A010-5DEEB9515931.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC686BB65-5F74-4B78-9F23-AAD9B00F4974.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA6F455C-F7F7-4319-A3A6-F2E3BA147928.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCDE90F6A-C375-4DAF-A884-E1424D181E10.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCDF7B6AB-0F2C-4C9D-869C-BD6FD03065D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD7469061-E217-4C8E-8772-D9CD785328B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD913579A-A0CA-4A4D-9BC6-E9D0E270A192.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFE7209A-73EB-4294-A8D1-45C610D673ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE0784DFF-A7D8-4E66-8412-42D6E09381C6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1292A38-8A8A-4228-9055-FFD3635137B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE26880EC-C757-425C-B9BF-70F370940400.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3AF0F7D-F13C-49CD-BAD9-00F67D570189.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE590EC45-D43F-4EB7-B0D0-A235F11693EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6165664-9950-4C51-B29F-61DA3A175448.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE628F79B-1BD2-4262-99C1-0794B33F162A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE8726E5E-F44A-41E8-A479-9DB24398933D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE99FAC85-B5CB-41C8-9537-4F7DAC165307.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSED4787CD-55F4-40A8-8E62-A5F44931DE15.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEDD0609E-2A90-4840-9D34-930291BDFC04.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3A6888C-4E1F-4407-BF32-1C3B31136490.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6B0FEC7-7255-426E-9DCA-4E0470069A1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC6DF8D1-8779-4266-86FD-7F2C41DC91DA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFFB85D2C-BB89-45E9-B7FB-7FF74A55D20E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\skinnybone\Application Data\Webroot\Spy Sweeper\Logs\071001170531.ses Object is locked skipped
C:\Documents and Settings\skinnybone\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\skinnybone\Desktop\catchme.zip/pmnno.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped
C:\Documents and Settings\skinnybone\Desktop\catchme.zip/wvuusrr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\skinnybone\Desktop\catchme.zip ZIP: infected - 2 skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbdam Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbdao Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbeam Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbeao Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbm Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\dbvmh.ht1 Object is locked skipped
 
remaining Kaspersky log

C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\fii.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\fiih.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\hp Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\rpm.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Google\Google Desktop\f0897d9dc68e\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Temp\pvrejkhu.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\skinnybone\Local Settings\Temp\~DF293D.tmp Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\4N7FU4DL\image[1].htm Infected: Trojan-Downloader.VBS.Agent.p skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\62UDX1SM\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\62UDX1SM\WinAntiVirusPro2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\AB8F9EFQ\iesecuritytool[2] Infected: not-virus:Hoax.JS.Agent.a skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\AB8F9EFQ\image[1].htm Infected: Trojan-Downloader.VBS.Agent.p skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\AB8F9EFQ\mw_setup[1].exe/data0007 Infected: not-a-virus:FraudTool.Win32.MalwareWipe.d skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\AB8F9EFQ\mw_setup[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\FFDVFTCO\ErrorSafeFreeInstallW[1].cab/UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\FFDVFTCO\ErrorSafeFreeInstallW[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\GHIJKHIN\adfcook[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\KPMNOTQV\idien[1] Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\KZ2R89EZ\stats[1].htm Infected: Trojan-Downloader.VBS.Agent.n skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\KZ2R89EZ\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\KZ2R89EZ\_affvm[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.op skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\M98TQLW5\_affvm[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.op skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\MPGDIXGN\kcehc_eicooc20070702[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\MPGDIXGN\kcehc_eicooc[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\19f06c7b227aa4a7cb7eef3d59a4dbc3[1] Infected: Trojan.Win32.Agent.avi skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\is68089[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\snapsnet[1].exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\snapsnet[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\thinksnet[1].exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\yazzlesnet[1].exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\NQFXTLNB\yazzlesnet[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\QH2XUHOR\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\W1YZ4523\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\W1YZ4523\WinAntiVirusPro2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\skinnybone\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\skinnybone\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\DOCUME~1\Guest\APPLIC~1\winantispyware2007freeinstall[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\qoobox\Quarantine\C\Program Files\TTX.exe.vir Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\asjgyqxb.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B1\chkq22011.exe.vir/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B1\chkq22011.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bshvuawh.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dxsdypmr.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gdjuvgir.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gwvhvled.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ikssqkmn.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ldblvrgf.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pktboxeq.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\plrbnxto.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qhnacdob.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\srouahmd.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sysqfogy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vpndhtwv.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wbagnfcn.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\win\w71.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wlyjtseq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP477\A0034258.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP477\A0034325.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP477\A0034335.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP477\A0034336.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046355.exe Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046357.exe Infected: not-a-virus:FraudTool.Win32.AntivirusGolden.3460 skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046359.exe Infected: not-a-virus:FraudTool.Win32.MalwareWipe.d skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046363.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046367.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046369.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046370.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP483\A0046395.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047942.exe Infected: Trojan-Downloader.Win32.Zlob.ayz skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047943.EXE Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047944.dll Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.a skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047945.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047946.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047947.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047948.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047949.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047950.exe Infected: Trojan-Downloader.Win32.Zlob.ayz skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047951.exe Infected: Trojan-Downloader.Win32.Zlob.ayz skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047952.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047953.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0047954.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP520\A0048203.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048818.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048825.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048826.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048827.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048828.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048829.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048830.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048831.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048832.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048833.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048834.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048835.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048836.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048837.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048838.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\A0048839.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{D4570988-6ED1-4CC3-80FF-4ADC37F89602}\RP559\change.log Object is locked skipped
C:\VundoFix Backups\acfbmqxa.exe.bad Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\VundoFix Backups\pmnno.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.af skipped
C:\VundoFix Backups\wvuusrr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{06B8CF0B-92EC-4330-9DB1-037F0DACD76C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\druidy_redux.exe Infected: Trojan.Win32.Kolweb.j skipped
C:\WINDOWS\system32\durvily.dll Infected: Trojan.Win32.Kolweb.b skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kXWERs4Y.exe Infected: Trojan.Win32.Agent.avi skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
HJT Log

I've renamed the HJT.EXE to Something.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04, on 2007-10-02
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\something.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {5909C662-0B85-2425-A19C-73D58A22BA99} - (no file)
O2 - BHO: (no name) - {016CB750-FE76-4BE9-88EB-2824DBDC3E90} - C:\WINDOWS\System32\pmnno.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [WorkFlow] D:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [{5B-B0-07-7F-ZN}] "c:\windows\system32\dwdsrngt.exe" CHD003
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cqvk] "C:\Documents and Settings\skinnybone\Application Data\s?curity\?vchost.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{6435B07F-09E5-1033-0603-041025200001}] "C:\Program Files\Common Files\{6435B07F-09E5-1033-0603-041025200001}\Update.exe" te-110-12-0000213
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190868535640
O20 - AppInit_DLLs: ?#A C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: pmnno - C:\WINDOWS\System32\pmnno.dll
O20 - Winlogon Notify: wvuusrr - C:\WINDOWS\SYSTEM32\wvuusrr.dll
O22 - SharedTaskScheduler: (no name) - {951a98d0-dad6-4a77-8280-a494279a884b} - (no file)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5135 bytes
 
Hello Vince Vespertino and welcome to the Forums :)

You're infected..

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable SpySweeper's realtime protection.
  • Open Spysweeper and click on Options
  • Choose Program Options and uncheck "load at windows startup".
  • On the left click "shields" and then uncheck everything.
  • Uncheck "home page shield".
  • Uncheck "automatically restore default without notification".
  • Exit the program.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
CF Log

Hello Mr_Jak3 and thank you for your reply.

ComboFix 07-10-07.2 - skinnybone 2007-10-07 18:08:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.106 [GMT -7:00]
Running from: C:\Documents and Settings\skinnybone\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\wvuusrr.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-02 07:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-02 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-02 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-10-02 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-01 17:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-01 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-01 16:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-26 21:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 20:54 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-26 20:25 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2007-09-26 20:25 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-09-26 20:25 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2007-09-26 20:18 <DIR> d-------- C:\VundoFix Backups
2007-09-26 17:08 92,224 --a------ C:\WINDOWS\system32\krnl386.exe
2007-09-26 17:08 35,648 --a------ C:\WINDOWS\system32\ntio411.sys
2007-09-26 17:08 35,424 --a------ C:\WINDOWS\system32\ntio412.sys
2007-09-26 17:08 34,560 --a------ C:\WINDOWS\system32\ntio804.sys
2007-09-26 17:08 34,560 --a------ C:\WINDOWS\system32\ntio404.sys
2007-09-26 17:08 33,840 --a------ C:\WINDOWS\system32\ntio.sys
2007-09-26 17:08 245,760 --a------ C:\WINDOWS\system32\wow32.dll
2007-09-26 17:08 23,040 --a------ C:\WINDOWS\system32\vdmdbg.dll
2007-09-26 17:08 13,312 --a------ C:\WINDOWS\system32\ntvdmd.dll
2007-09-26 16:44 593,408 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2007-09-26 16:38 <DIR> d-------- C:\WINDOWS\system32\bits
2007-09-26 16:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-26 16:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-26 16:05 285,184 --a------ C:\WINDOWS\system32\kerberos.dll
2007-09-26 16:02 64,512 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll
2007-09-26 16:02 1,350,144 --a------ C:\WINDOWS\system32\query.dll
2007-09-26 16:02 1,350,144 -----c--- C:\WINDOWS\system32\dllcache\query.dll
2007-09-26 16:00 238,592 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-09-26 15:59 493,056 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-09-26 15:55 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-09-26 15:55 316,928 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-09-26 15:55 140,288 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-09-26 15:55 128,000 --a------ C:\WINDOWS\system32\itss.dll
2007-09-26 15:55 103,936 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-09-26 15:52 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2007-09-26 15:52 92,160 -----c--- C:\WINDOWS\system32\dllcache\cscdll.dll
2007-09-26 15:52 433,152 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-09-26 15:52 166,656 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2007-09-26 15:50 53,760 --a------ C:\WINDOWS\system32\authz.dll
2007-09-14 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-14 10:48 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-14 10:48 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-14 10:48 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-09-14 10:48 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-14 10:48 13,952 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-09-14 10:48 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-09-14 10:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-09-14 10:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-26 21:38 --------- d-------- C:\Program Files\BigFix
2007-09-26 21:05 --------- d-------- C:\Program Files\ICQ
2007-09-26 20:06 --------- d-------- C:\Program Files\Norton AntiVirus
2007-09-26 20:06 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-26 19:58 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-26 19:50 --------- d-------- C:\Program Files\LimeWire
2007-09-26 19:50 --------- d-------- C:\Program Files\FilmLoop Player
2007-09-26 19:49 --------- d-------- C:\Program Files\Lavasoft
2007-09-14 11:46 --------- d-------- C:\Program Files\PestCapture
2007-08-15 11:00 --------- d-------- C:\Documents and Settings\Guest\Application Data\Webroot
2007-08-15 11:00 --------- d-------- C:\Documents and Settings\Guest\Application Data\FilmLoop
2007-08-08 09:43 25664 --a------ C:\WINDOWS\system32\kXWERs4Y.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
2006-01-24 16:07 220672 --a------ C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A8FB8EB3-183B-4598-924D-86F0E5E37085}"= C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll [2006-01-24 16:07 220672]

[HKEY_CLASSES_ROOT\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[HKEY_CLASSES_ROOT\PeoplePal Toolbar]
[HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]
[HKEY_CLASSES_ROOT\PeoplePal Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"WorkFlow"="D:\Install\WorkFlow.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-03 08:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03]
"{5B-B0-07-7F-ZN}"="c:\windows\system32\dwdsrngt.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"AIM"="C:\Program Files\aim\aim.exe" []
"Cqvk"="C:\Documents and Settings\skinnybone\Application Data\s?curity\?vchost.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=?
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;C:\WINDOWS\System32\DRIVERS\LSPMUSB.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\System32\DRIVERS\ucdnt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-06 19:46:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-02 07:01:06 C:\WINDOWS\Tasks\At1.job"
"2007-10-02 16:01:00 C:\WINDOWS\Tasks\At10.job"
"2007-10-02 17:01:00 C:\WINDOWS\Tasks\At11.job"
"2007-10-02 18:01:00 C:\WINDOWS\Tasks\At12.job"
"2007-10-02 19:01:00 C:\WINDOWS\Tasks\At13.job"
"2007-10-02 20:01:00 C:\WINDOWS\Tasks\At14.job"
"2007-10-02 21:01:00 C:\WINDOWS\Tasks\At15.job"
"2007-10-02 22:01:00 C:\WINDOWS\Tasks\At16.job"
"2007-10-02 23:01:00 C:\WINDOWS\Tasks\At17.job"
"2007-10-02 00:05:13 C:\WINDOWS\Tasks\At18.job"
"2007-10-08 01:01:28 C:\WINDOWS\Tasks\At19.job"
"2007-10-02 08:01:05 C:\WINDOWS\Tasks\At2.job"
"2007-10-02 02:01:05 C:\WINDOWS\Tasks\At20.job"
"2007-10-02 03:01:04 C:\WINDOWS\Tasks\At21.job"
"2007-10-02 04:01:07 C:\WINDOWS\Tasks\At22.job"
"2007-10-02 05:01:07 C:\WINDOWS\Tasks\At23.job"
"2007-10-02 06:01:06 C:\WINDOWS\Tasks\At24.job"
"2007-10-02 09:01:03 C:\WINDOWS\Tasks\At3.job"
"2007-10-02 10:01:00 C:\WINDOWS\Tasks\At4.job"
"2007-10-02 11:01:02 C:\WINDOWS\Tasks\At5.job"
"2007-10-02 12:01:00 C:\WINDOWS\Tasks\At6.job"
"2007-10-02 13:01:00 C:\WINDOWS\Tasks\At7.job"
"2007-10-02 14:01:00 C:\WINDOWS\Tasks\At8.job"
"2007-10-02 15:01:45 C:\WINDOWS\Tasks\At9.job"
"2007-07-16 07:00:12 C:\WINDOWS\Tasks\wrSpySweeper_4A7E725A6C3A4851B713C6DEBA80057F.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 18:15:03
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 18:16:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 18:16
.
--- E O F ---
 
HJT Log

I am also including a fresh HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:28 PM, on 10/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\something.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {5909C662-0B85-2425-A19C-73D58A22BA99} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [WorkFlow] D:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [{5B-B0-07-7F-ZN}] "c:\windows\system32\dwdsrngt.exe" CHD003
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cqvk] "C:\Documents and Settings\skinnybone\Application Data\s?curity\?vchost.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190868535640
O20 - AppInit_DLLs: ?#A C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: (no name) - {951a98d0-dad6-4a77-8280-a494279a884b} - (no file)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4738 bytes
 
Hi again and sorry for the delay.

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:

PeoplePal
PeoplePC

and any other programs you didn't install or don't recognize - if your not sure please ask first

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\kXWERs4Y.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
C:\Program Files\PeoplePC

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

[-HKEY_CLASSES_ROOT\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[-HKEY_CLASSES_ROOT\PeoplePal Toolbar]
[-HKEY_CLASSES_ROOT\TypeLib\{994D628D-4D22-4DB9-B6DB-F7D9F1635817}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{5B-B0-07-7F-ZN}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cqvk"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
new logs

Hello Mr_Jak3 and thank you again for getting back to me.

I could not find entries in "add/remove programs" in control panel for PeoplePC or PeoplePal. I ran the CFScript as you instructed. The first time the CF screen just sat there after a reboot. I terminated the program after about an hour and ran it again. It worked the second time a spat out the log. However, after I ran ComboFix the second time, the program did not require a system reboot. I do not know if this is important or not, just thought I would mention.

Additionally, after running the ComboFix, the PeoplePC toolbar in IE program is not longer present. I take this as a good thing?

The logs you requested:

ComboFix 07-10-07.2 - skinnybone 2007-10-09 15:30:57.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.99 [GMT -7:00]
Running from: C:\Documents and Settings\skinnybone\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\skinnybone\Desktop\CFScript.txt
* Created a new restore point

FILE::
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\kXWERs4Y.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-02 07:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-02 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-02 07:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-10-02 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-01 17:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-01 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-01 16:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-26 21:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-26 20:54 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-26 20:25 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2007-09-26 20:25 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-09-26 20:25 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2007-09-26 20:18 <DIR> d-------- C:\VundoFix Backups
2007-09-26 17:08 92,224 --a------ C:\WINDOWS\system32\krnl386.exe
2007-09-26 17:08 35,648 --a------ C:\WINDOWS\system32\ntio411.sys
2007-09-26 17:08 35,424 --a------ C:\WINDOWS\system32\ntio412.sys
2007-09-26 17:08 34,560 --a------ C:\WINDOWS\system32\ntio804.sys
2007-09-26 17:08 34,560 --a------ C:\WINDOWS\system32\ntio404.sys
2007-09-26 17:08 33,840 --a------ C:\WINDOWS\system32\ntio.sys
2007-09-26 17:08 245,760 --a------ C:\WINDOWS\system32\wow32.dll
2007-09-26 17:08 23,040 --a------ C:\WINDOWS\system32\vdmdbg.dll
2007-09-26 17:08 13,312 --a------ C:\WINDOWS\system32\ntvdmd.dll
2007-09-26 16:44 593,408 -----c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2007-09-26 16:38 <DIR> d-------- C:\WINDOWS\system32\bits
2007-09-26 16:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-26 16:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-26 16:05 285,184 --a------ C:\WINDOWS\system32\kerberos.dll
2007-09-26 16:02 64,512 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll
2007-09-26 16:02 1,350,144 --a------ C:\WINDOWS\system32\query.dll
2007-09-26 16:02 1,350,144 -----c--- C:\WINDOWS\system32\dllcache\query.dll
2007-09-26 16:00 238,592 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-09-26 15:59 493,056 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-09-26 15:55 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-09-26 15:55 316,928 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-09-26 15:55 140,288 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-09-26 15:55 128,000 --a------ C:\WINDOWS\system32\itss.dll
2007-09-26 15:55 103,936 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-09-26 15:52 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2007-09-26 15:52 92,160 -----c--- C:\WINDOWS\system32\dllcache\cscdll.dll
2007-09-26 15:52 433,152 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-09-26 15:52 166,656 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2007-09-26 15:50 53,760 --a------ C:\WINDOWS\system32\authz.dll
2007-09-14 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-14 10:48 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-14 10:48 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-14 10:48 20,480 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-09-14 10:48 20,480 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-14 10:48 13,952 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-09-14 10:48 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-09-14 10:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-09-14 10:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 14:41 --------- d-------- C:\Program Files\Google
2007-09-26 21:38 --------- d-------- C:\Program Files\BigFix
2007-09-26 21:05 --------- d-------- C:\Program Files\ICQ
2007-09-26 20:06 --------- d-------- C:\Program Files\Norton AntiVirus
2007-09-26 20:06 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-26 19:58 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-26 19:50 --------- d-------- C:\Program Files\LimeWire
2007-09-26 19:50 --------- d-------- C:\Program Files\FilmLoop Player
2007-09-26 19:49 --------- d-------- C:\Program Files\Lavasoft
2007-09-14 11:46 --------- d-------- C:\Program Files\PestCapture
2007-08-15 11:00 --------- d-------- C:\Documents and Settings\Guest\Application Data\Webroot
2007-08-15 11:00 --------- d-------- C:\Documents and Settings\Guest\Application Data\FilmLoop
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-19 22:54 1521464 --a------ C:\WINDOWS\WRSetup.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_18.15.36.53 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2007-10-09 21:54:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-09 21:54:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 49,152 2007-10-09 21:54:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 16,384 2007-10-08 01:14:40 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-08 01:14:40 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 49,152 2007-10-08 01:14:40 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorkFlow"="D:\Install\WorkFlow.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\aim\aim.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=?
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\System32\Drivers\SSFS0BB8.SYS
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;C:\WINDOWS\System32\DRIVERS\LSPMUSB.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\System32\DRIVERS\ucdnt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-06 19:46:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-07-16 07:00:12 C:\WINDOWS\Tasks\wrSpySweeper_4A7E725A6C3A4851B713C6DEBA80057F.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 15:32:34
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-09 15:33:53
C:\ComboFix-quarantined-files.txt ... 2007-10-09 15:33
C:\ComboFix2.txt ... 2007-10-07 18:16
.
--- E O F ---
 
new hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:06 PM, on 10/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\something.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {5909C662-0B85-2425-A19C-73D58A22BA99} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O4 - HKLM\..\Run: [WorkFlow] D:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190868535640
O20 - AppInit_DLLs: ?#A
O22 - SharedTaskScheduler: (no name) - {951a98d0-dad6-4a77-8280-a494279a884b} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 3761 bytes
 
Hi again :)

We'll continue...

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: ?#AO22 - SharedTaskScheduler: (no name) - {951a98d0-dad6-4a77-8280-a494279a884b} - (no file)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot the computer in Normal Mode,
  • Post the Cure-it report and a fresh HijackThis log
 
Logs

Hello Mr_Jak3,

This first log is what Dr Web produced, HJT log follows:

image[1].htm;C:\Documents and Settings\skinnybone\Local Settings\Temporary Internet Files\Content.IE5\AB8F9EFQ;Trojan.DownLoader.30252;Deleted.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:05 PM, on 10/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\something.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: (no name) - {5909C662-0B85-2425-A19C-73D58A22BA99} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorkFlow] D:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190868535640
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 3241 bytes
 
Ok looks very good now :)

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R3 - URLSearchHook: (no name) - {5909C662-0B85-2425-A19C-73D58A22BA99} - (no file)


You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:
You don't have an antivirus on your computer, you must install one antivirus. Otherwise you'll get infected again.

These are good (free) antiviruses:
Restart the computer and post a one more HijackThis log.
 
New HJT

Hello MR_Jak3,

This PC does have a purchased copy of SpySweeper. Does SpySweeper not have a firewall?

As a reminder, when we started this process, you had me disable SpySweeper so as to not interfere with removal.

Here is the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:39 AM, on 10/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\HijackThis\something.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorkFlow] D:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190868535640
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 3092 bytes
 
Hello :)

You can enable SpySweeper now.

SpySweeper isn't an antivirus program and it doesn't include a firewall. You'll need to install on firewall and one antivirus immediately :bigthumb:
 
Hopefully you can help

Hello Mr_Jak3,

Thank you so much for your help. The PC is running well except for one problem that may or not be related to the infection you assisted me with.

While trying to install XP SP2, I recieve an "Access is Denied" error and the upgrade process reverses.

I've researched the issue and found that there seems to be a problem with an entry in the registry: "HKey_Local_Machine\SYSTEM\CurrentControlSet\Services\ssdpsrv\\DependOnService".

First of all, there is no DependOnService entry in the "ssdpsrv" folder in the registry.

Second, there are many subfolders to the "ssdpsrv" folder which look very suspicious to me. These subfolders have names that consist a running sequence of symbols and numbers.

For instance, the first subfolder is called, \$%&'()*+,-.

the next is called, \$%&'()*+,-./

the last one is called, \$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'(

Can you help or least point me in the proper direction?
 
Hopefully you can help

Hello Mr_Jak3,

Thank you so much for your help. The PC is running well except for one problem that may or not be related to the infection you assisted me with.

While trying to install XP SP2, I recieve an "Access is Denied" error and the installation process reverses.

I've researched the issue and found that there seems to be a problem with an entry in the registry: "HKey_Local_Machine\SYSTEM\CurrentControlSet\Services\ssdpsrv\\DependOnService".

First of all, there is no DependOnService entry in the "ssdpsrv" folder in the registry.

Second, there are many subfolders to the "ssdpsrv" folder which look very suspicious to me. These subfolders have names that consist a running sequence of symbols and numbers.

For instance, the first subfolder is called, \$%&'()*+,-.

the next is called, \$%&'()*+,-./

the last one is called, \$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'(

Can you help or least point me in the proper direction?
 
Ok I made some research and this might have to do with registry permissions.

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe

Click Start then Run
Type in regedit
Click Ok.

In left pane of registry editor, Navigate to:

Hkey_Local_Machine\SYSTEM\CurrentControlSet\Services\ssdpsrv

click once on the key name to highlight it and click on the Permission menu option under Edit. Uncheck Allow inheritible permissions and press copy. Click on everyone and put a checkmark in full control, press apply and ok.

Restart the computer and try installing SP2 again :)
 
same result

Hi Mr_Jak3,

I have followed your instruction and have encountered the same result.

In the permissions menu are listed 4 users, Administrators, Creator Owner, System and Users.

When the Creator Owner user is selected, I select Full Control. When I hit apply, the check marks go away from the Full Control and Read selections.

Any ideas on what I can do next?
 
Hmm ok we'll do some research :)

Please post the contents of this text file to here:

C:\WINDOWS\setupapi.log
 
setupapi log

Hi Mr_Jak3,

I had already enabled verbose logging so the registry info you may be looking for should be here:

[SetupAPI Log]
OS Version = 5.1.2600 Service Pack 1
Platform ID = 2 (NT)
Service Pack = 1.0
Suite = 0x0300
Product Type = 1
Architecture = x86
[2007/10/15 09:15:15 1492.476 Driver Install]
#-019 Searching for hardware ID(s): display\in-kch-8xx-chipsets
#-018 Searching for compatible ID(s): display\in-kch-8xx-chipsets
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [KCH.Device] in "c:\windows\inf\oem3.inf".
#I320 Class GUID of device remains: {D07AF4AC-3BED-458D-9A68-380F23572661}.
#I060 Set selected driver.
[2007/10/15 09:15:16 1492.480 Driver Install]
#-019 Searching for hardware ID(s): display\in-sb-8xx-platforms
#-018 Searching for compatible ID(s): display\in-sb-8xx-platforms
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [SoftBIOS.Device] in "c:\windows\inf\oem2.inf".
#I320 Class GUID of device remains: {D07AF4AC-3BED-458D-9A68-380F23572661}.
#I060 Set selected driver.
[2007/10/15 09:15:18 1492.514 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_14f1&dev_2f20&subsys_200014f1&rev_00,pci\ven_14f1&dev_2f20&subsys_200014f1,pci\ven_14f1&dev_2f20&cc_078000,pci\ven_14f1&dev_2f20&cc_0780
#-018 Searching for compatible ID(s): pci\ven_14f1&dev_2f20&rev_00,pci\ven_14f1&dev_2f20,pci\ven_14f1&cc_078000,pci\ven_14f1&cc_0780,pci\ven_14f1,pci\cc_078000,pci\cc_0780
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [ModemX] in "c:\windows\inf\oem0.inf".
#I320 Class GUID of device remains: {4D36E96D-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:19 1492.518 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_1039&subsys_30488086&rev_81,pci\ven_8086&dev_1039&subsys_30488086,pci\ven_8086&dev_1039&cc_020000,pci\ven_8086&dev_1039&cc_0200
#-018 Searching for compatible ID(s): pci\ven_8086&dev_1039&rev_81,pci\ven_8086&dev_1039,pci\ven_8086&cc_020000,pci\ven_8086&cc_0200,pci\ven_8086,pci\cc_020000,pci\cc_0200
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [XP_D110K.ndi] in "c:\windows\inf\oem19.inf".
#I320 Class GUID of device remains: {4D36E972-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:20 1492.522 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_244e&subsys_00000000&rev_81,pci\ven_8086&dev_244e&subsys_00000000,pci\ven_8086&dev_244e&rev_81,pci\ven_8086&dev_244e,pci\ven_8086&dev_244e&cc_060400,pci\ven_8086&dev_244e&cc_0604
#-018 Searching for compatible ID(s): pci\ven_8086&cc_060400,pci\ven_8086&cc_0604,pci\ven_8086,pci\cc_060400,pci\cc_0604
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [INTEL_PCI] in "c:\windows\inf\ich4core.inf".
#I320 Class GUID of device remains: {4D36E97D-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:22 1492.528 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24c0&subsys_00000000&rev_01,pci\ven_8086&dev_24c0&subsys_00000000,pci\ven_8086&dev_24c0&rev_01,pci\ven_8086&dev_24c0,pci\ven_8086&dev_24c0&cc_060100,pci\ven_8086&dev_24c0&cc_0601
#-018 Searching for compatible ID(s): pci\ven_8086&cc_060100,pci\ven_8086&cc_0601,pci\ven_8086,pci\cc_060100,pci\cc_0601
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [INTEL_ISAPNP] in "c:\windows\inf\ich4core.inf".
#I320 Class GUID of device remains: {4D36E97D-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:22 1492.534 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24c2&subsys_53528086&rev_01,pci\ven_8086&dev_24c2&subsys_53528086,pci\ven_8086&dev_24c2&cc_0c0300,pci\ven_8086&dev_24c2&cc_0c03
#-018 Searching for compatible ID(s): pci\ven_8086&dev_24c2&rev_01,pci\ven_8086&dev_24c2,pci\ven_8086&cc_0c0300,pci\ven_8086&cc_0c03,pci\ven_8086,pci\cc_0c0300,pci\cc_0c03
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [INTEL_USB] in "c:\windows\inf\ich4usb.inf".
#I320 Class GUID of device remains: {36FC9E60-C465-11CF-8056-444553540000}.
#I060 Set selected driver.
[2007/10/15 09:15:23 1492.540 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24c3&subsys_53528086&rev_01,pci\ven_8086&dev_24c3&subsys_53528086,pci\ven_8086&dev_24c3&cc_0c0500,pci\ven_8086&dev_24c3&cc_0c05
#-018 Searching for compatible ID(s): pci\ven_8086&dev_24c3&rev_01,pci\ven_8086&dev_24c3,pci\ven_8086&cc_0c0500,pci\ven_8086&cc_0c05,pci\ven_8086,pci\cc_0c0500,pci\cc_0c05
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [NO_DRV] in "c:\windows\inf\ich4core.inf".
#I320 Class GUID of device remains: {4D36E97D-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:23 1492.546 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24c4&subsys_53528086&rev_01,pci\ven_8086&dev_24c4&subsys_53528086,pci\ven_8086&dev_24c4&cc_0c0300,pci\ven_8086&dev_24c4&cc_0c03
#-018 Searching for compatible ID(s): pci\ven_8086&dev_24c4&rev_01,pci\ven_8086&dev_24c4,pci\ven_8086&cc_0c0300,pci\ven_8086&cc_0c03,pci\ven_8086,pci\cc_0c0300,pci\cc_0c03
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [INTEL_USB] in "c:\windows\inf\ich4usb.inf".
#I320 Class GUID of device remains: {36FC9E60-C465-11CF-8056-444553540000}.
#I060 Set selected driver.
[2007/10/15 09:15:24 1492.552 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24c5&subsys_02088086&rev_01,pci\ven_8086&dev_24c5&subsys_02088086,pci\ven_8086&dev_24c5&cc_040100,pci\ven_8086&dev_24c5&cc_0401
#-018 Searching for compatible ID(s): pci\ven_8086&dev_24c5&rev_01,pci\ven_8086&dev_24c5,pci\ven_8086&cc_040100,pci\ven_8086&cc_0401,pci\ven_8086,pci\cc_040100,pci\cc_0401
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [AC97AUD] in "c:\windows\inf\oem23.inf".
#I320 Class GUID of device remains: {4D36E96C-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
#-124 Doing copy-only install of "PCI\VEN_8086&DEV_24C5&SUBSYS_02088086&REV_01\3&267A616A&0&FD".
#W313 Copy target "C:\WINDOWS\System32\a3d.dll" is also a Delete target, forcing COPYFLG_NODECOMP.
#W313 Copy target "C:\WINDOWS\System32\Audio3D.dll" is also a Delete target, forcing COPYFLG_NODECOMP.
[2007/10/15 09:15:26 1492.556 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24c7&subsys_53528086&rev_01,pci\ven_8086&dev_24c7&subsys_53528086,pci\ven_8086&dev_24c7&cc_0c0300,pci\ven_8086&dev_24c7&cc_0c03
#-018 Searching for compatible ID(s): pci\ven_8086&dev_24c7&rev_01,pci\ven_8086&dev_24c7,pci\ven_8086&cc_0c0300,pci\ven_8086&cc_0c03,pci\ven_8086,pci\cc_0c0300,pci\cc_0c03
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [INTEL_USB] in "c:\windows\inf\ich4usb.inf".
#I320 Class GUID of device remains: {36FC9E60-C465-11CF-8056-444553540000}.
#I060 Set selected driver.
[2007/10/15 09:15:26 1492.562 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_24cb&subsys_53528086&rev_01,pci\ven_8086&dev_24cb&subsys_53528086,pci\ven_8086&dev_24cb&cc_01018a,pci\ven_8086&dev_24cb&cc_0101
#-018 Searching for compatible ID(s): pci\ven_8086&dev_24cb&rev_01,pci\ven_8086&dev_24cb,pci\ven_8086&cc_01018a,pci\ven_8086&cc_0101,pci\ven_8086,pci\cc_01018a,pci\cc_0101
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [intelide] in "c:\windows\inf\ich4ide.inf".
#I320 Class GUID of device remains: {4D36E96A-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:27 1492.570 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_2560&subsys_00000000&rev_01,pci\ven_8086&dev_2560&subsys_00000000,pci\ven_8086&dev_2560&rev_01,pci\ven_8086&dev_2560,pci\ven_8086&dev_2560&cc_060000,pci\ven_8086&dev_2560&cc_0600
#-018 Searching for compatible ID(s): pci\ven_8086&cc_060000,pci\ven_8086&cc_0600,pci\ven_8086,pci\cc_060000,pci\cc_0600
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [NO_DRV] in "c:\windows\inf\845g.inf".
#I320 Class GUID of device remains: {4D36E97D-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:28 1492.576 Driver Install]
#-019 Searching for hardware ID(s): pci\ven_8086&dev_2562&subsys_53528086&rev_01,pci\ven_8086&dev_2562&subsys_53528086,pci\ven_8086&dev_2562&cc_030000,pci\ven_8086&dev_2562&cc_0300
#-018 Searching for compatible ID(s): pci\ven_8086&dev_2562&rev_01,pci\ven_8086&dev_2562,pci\ven_8086&cc_030000,pci\ven_8086&cc_0300,pci\ven_8086,pci\cc_030000,pci\cc_0300
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [i845G] in "c:\windows\inf\oem1.inf".
#I320 Class GUID of device remains: {4D36E968-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:41 1492.708 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_0545&pid_810a&rev_0500,usb\vid_0545&pid_810a
#-018 Searching for compatible ID(s): usb\class_ff&subclass_ff&prot_ff,usb\class_ff&subclass_ff,usb\class_ff
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [Xirlink.Device.Composite] in "c:\windows\inf\oem31.inf".
#I320 Class GUID of device remains: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}.
#I060 Set selected driver.
[2007/10/15 09:15:42 1492.714 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_0545&pid_810a&rev_0500,usb\vid_0545&pid_810a
#-018 Searching for compatible ID(s): usb\class_ff&subclass_ff&prot_ff,usb\class_ff&subclass_ff,usb\class_ff
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [Xirlink.Device.Composite] in "c:\windows\inf\oem31.inf".
#I320 Class GUID of device remains: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}.
#I060 Set selected driver.
[2007/10/15 09:15:42 1492.720 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_0545&pid_810a&rev_0500&mi_00,usb\vid_0545&pid_810a&mi_00
#-018 Searching for compatible ID(s): usb\class_ff&subclass_ff&prot_ff,usb\class_ff&subclass_ff,usb\class_ff
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [Xirlink.Device] in "c:\windows\inf\oem31.inf".
#I320 Class GUID of device remains: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}.
#I060 Set selected driver.
[2007/10/15 09:15:44 1492.724 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_0545&pid_810a&rev_0500&mi_00,usb\vid_0545&pid_810a&mi_00
#-018 Searching for compatible ID(s): usb\class_ff&subclass_ff&prot_ff,usb\class_ff&subclass_ff,usb\class_ff
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [Xirlink.Device] in "c:\windows\inf\oem31.inf".
#I320 Class GUID of device remains: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}.
#I060 Set selected driver.
[2007/10/15 09:15:46 1492.746 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_0d64&pid_3108&rev_0100,usb\vid_0d64&pid_3108
#-018 Searching for compatible ID(s): usb\class_08&subclass_05&prot_00,usb\class_08&subclass_05,usb\class_08
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [USBSTOR_CBI] in "c:\windows\inf\oem32.inf".
#I320 Class GUID of device remains: {36FC9E60-C465-11CF-8056-444553540000}.
#I060 Set selected driver.
[2007/10/15 09:15:46 1492.754 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_1915&pid_2236&rev_0132,usb\vid_1915&pid_2236
#-018 Searching for compatible ID(s): usb\class_ff&subclass_ff&prot_ff,usb\class_ff&subclass_ff,usb\class_ff
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [PRISM_USB] in "c:\windows\inf\oem26.inf".
#I320 Class GUID of device remains: {4D36E972-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:47 1492.758 Driver Install]
#-019 Searching for hardware ID(s): usbprint\canonip150039e6,canonip150039e6
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [CNM_0214XP] in "c:\windows\inf\oem29.inf".
#I320 Class GUID of device remains: {4D36E979-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
[2007/10/15 09:15:48 1492.762 Driver Install]
#-019 Searching for hardware ID(s): usbprint\hewlett-packarddeskje09c,hewlett-packarddeskje09c
#-199 Executing "C:\WINDOWS\SoftwareDistribution\Download\fec3752563e444ecc6182e8b7e8bd110\update\update.exe" with command line: update\update.exe /si /ParentInfo:a31a4355718bc740bcc13e3d52cf5e6f
#I063 Selected driver installs from section [HPVDJ89E.GPD.ICM] in "c:\windows\inf\ntprint.inf".
#I320 Class GUID of device remains: {4D36E979-E325-11CE-BFC1-08002BE10318}.
#I060 Set selected driver.
 
You must log in or register to reply here.
Back
Top