Computer Virus (combofix Log & Hijackthis Log Included)[INACTIVE]

intocomputing2 · October 24, 2007

My computer has recently caught a virus, I'm not quite sure how (although leaving my little brother play and download files without restrictions may have something to do with it) in any case I'm not sure to what extent is the computer infected, but when I started to do some work in it I found it with a "hazard" wallpaper on the screen, all the icns on my desktop selected simultaneously, and whenever I need to browse the web, avast detects viruses, bombarding me with messages that don't stop even now as I'm writing this post, these are the names of the files infected as shown by avast but it can't remove itself:

C:\DocumentsandSettings\USERNAME\LocalSettings\Temp\ac82t2\m

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\main-installer

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\msmdev.dll

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\nsduo.dll

C:\DocumentsandSettings\USERNAME\Locals~1\Temp\ac82t2\rmv.exe

Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:17:28 PM, on 10/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\pfi\AdAwarefi\aawservice.exe

D:\Avastfi\aswUpdSv.exe

D:\Avastfi\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\a-squaredfi\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

D:\Avastfi\ashMaiSv.exe

D:\Avastfi\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\program files\support.com\client\bin\tgcmd.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Avastfi\ashDisp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

D:\pfi\PG2fi\PeerGuardian2\pg2.exe

C:\WINDOWS\explorer.exe

D:\FIREFO~1\FIREFOX.EXE

D:\pfi\Hijackthisfi\HJTInstall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspkfxt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\pfi\SpyBotfi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {57A3B35B-DFD7-6AA7-4166-03ED08EB8586} - C:\Program Files\vlkavjuf\ejvjuavk.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: The htunistock - {C58A4487-4C2E-45E4-9E3A-52B3A23CC396} - C:\WINDOWS\htunistock.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avast!] D:\Avastfi\ashDisp.exe

O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe

O4 - HKLM\..\Run: [spySweeper] "D:\SpySweeper\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [hqnyngzy] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hqnyngzy.dll"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZINIOD~2.EXE /hide

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1616857178-868086227-519551471-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Charlie')

O4 - HKUS\S-1-5-21-1616857178-868086227-519551471-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Charlie')

O4 - HKUS\S-1-5-21-1616857178-868086227-519551471-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Charlie')

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = D:\MOxp\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MOxp\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112054684937

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC122E3-FB03-4F71-BC6D-15EE27DB6307}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{B821443B-D772-4392-A6BF-28E93BD36F8D}: NameServer = 85.255.115.99,85.255.112.90

O17 - HKLM\System\CCS\Services\Tcpip\..\{E81F8FAA-3870-4552-889C-58ACA6128947}: NameServer = 85.255.115.99,85.255.112.90

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O21 - SSODL: hostctrl - {DFA49579-2F21-4B21-A2A3-1B1D8262477B} - C:\WINDOWS\hostctrl.dll

O21 - SSODL: hstsys - {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll (file missing)

O21 - SSODL: msmhost - {CBA7093B-A31A-4A4B-AA8F-DD33DED46BFB} - C:\WINDOWS\msmhost.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squaredfi\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\pfi\AdAwarefi\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avastfi\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Avastfi\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avastfi\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avastfi\ashWebSv.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 11745 bytes

I haven't lost any data yet from the comp since I can still access it. However, having the computer infected is a problem especially since I can't surf the web as I normally would. Can anyone offer some advise? as to how should I proceed, I was thinking of reinstalling windows but unfortunately my PC didn't come with recovery discs, instead it has the OS in a certain partition that I'm not quite sure how to access. Help solving the virus problem would be appreciated, thanks in advance.

Edited November 3, 2007 by intocomputing2

rmurphy · October 26, 2007

Hi intocomputing2, and welcome to BestTechie! I'm Ryan, and I'll be helping you with your computer.

OK, since you have an avast!, let's make sure it is updated, then use it to run a boot time scan.

== Update avast! ==

Right click on the a in the taskbar and select Updating, then select Program.

Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.

== Schedule a Boot-Time Scan ==

After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.

After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.

Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
Next, choose:
- Scan all local disks
- scan archive files

Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes

Your computer will then restart, and avast! will perform the scan prior to Windows loading.

IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.

== Request logs ==

Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

intocomputing2 · October 27, 2007

Avast's log:

10/21/2007 02:19

Scan of all local drives

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP801\A0578398.exe is infected by Win32:Zlob-ABA [Trj], Deleted

File C:\WINDOWS\nsduo.dll is infected by Win32:Trojan-gen {Other}, Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP800\A0578282.exe is infected by Win32:Agent-KKD [Trj], Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP800\A0578283.exe is infected by Win32:Agent-KKD [Trj], Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP811\A0579362.exe is infected by Win32:Agent-KKD [Trj], Deleted

File D:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP811\A0579363.exe is infected by Win32:Agent-KKD [Trj], Deleted

Number of searched folders: 7314

Number of tested files: 102205

Number of infected files: 6

----------------------------------------

10/26/2007 21:13

Scan of all local drives

File C:\Documents and Settings\Uno\Local Settings\Temp\NeroDemo11237\Cab\D7907462.cab\backitup\it-NBLinux.mo Error 42125 {ZIP archive is corrupted.}

File C:\Program Files\Online Services\AT&T Worldnet Setup\fscommand\wnsonyv.exe\Wise0024.bin Error 42146 {Installer archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\AppendixA.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\AppendixB.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\Chapter05.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\Chapter10.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\Chapters\Chapter11.pdf Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP847\A0612845.exe\C++ For Cs And Engr\SamplePgms2005\CsExamples\Cs13c\Cs13c.cpp Error 42125 {ZIP archive is corrupted.}

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP860\A0617621.dll is infected by Win32:Trojan-gen {Other}, Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618790.dll is infected by Win32:Trojan-gen {Other}, Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618791.dll is infected by Win32:Agent-LTS [Trj], Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618799.dll is infected by Win32:Agent-LTS [Trj], Moved to chest

File C:\System Volume Information\_restore{47E7117B-18F3-4A10-B47C-105BED1BFF9B}\RP861\A0618800.dll is infected by Win32:Trojan-gen {Other}, Moved to chest

File D:\Unused icons\AOL Instant Messenger\AIM.exe\%MAINDIR%\MiniBugTransporter.EXE\Wise0008.bin\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest

File D:\Unused icons\AOL Instant Messenger\AIM.exe\%MAINDIR%\MiniBugTransporter.EXE\Wise0008.bin is infected by Win32:Adware-gen [Adw], Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}

Number of searched folders: 7318

Number of tested files: 293065

Number of infected files: 7

Uninstall list:

3D Groove Playback Engine

AC3Filter (remove only)

Ad-Aware 2007

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.0

Adobe Reader Japanese Fonts

Adobe Shockwave Player

Advanced Media Extension v1.5

Age of Empires II

Agere Systems AC'97 Modem

Art Explosion Publisher Pro Silver Edition

a-squared Free 2.0

AT&T Worldnet Setup

ATI Control Panel

ATI Display Driver

avast! Antivirus

BitTorrent 4.0.1

Borland C++ 5.02

Canon MP Drivers

Canon MP Toolbox 4.1

CCleaner (remove only)

Click to DVD 1.3

Crimson Editor (remove only)

Dell Photo Printer 720

DivX

DivX Content Uploader

DivX Player

DivX Web Player

Drag'n Drop CD+DVD

Drift City

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVgate Plus

FLV Player 1.3.3

HandyBits File Shredder

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

ijji - Gunz

ijji Auto Installer

ImgBurn (Remove Only)

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

J2SE Runtime Environment 5.0 Update 6

jetAudio

Joost 0.10.9

Learn2 Player (Uninstall Only)

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

MagChat 1.0.9

Memory Stick Formatter

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internet Print Services

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Outlook MUI (Spanish) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Office XP Standard for Students and Teachers

Microsoft Reader

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Works 7.0

MoodLogic

Mozilla Firefox (2.0.0.8)

MSN Music Assistant

Music Visualizer Library 1.4.00

NoteTab Light (Remove only)

NVIDIA Windows 2000/XP Display Drivers

OpenMG Limited Patch 3.2-03-02-21-08

OpenMG Limited Patch 3.2-03-03-18-01

OpenMG Limited Patch 3.2-03-04-14-02

OpenMG Secure Module 3.2

PC Inspector File Recovery

PeerGuardian 2.0

PictureGear Studio 2.0

PowerDVD

Quicken 2003 New User Edition

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Shareaza version 2.2.1.0

Shockwave

SonicStage 1.6.00

Sony Certificate PCH

Sony Digital Voice Editor 2

Sony Video Shared Library

Spybot - Search & Destroy 1.4

Trillian

Turbo Tax Offer

Unreal Tournament 2004 Demo

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

VAIO BrightColor Wallpaper

VAIO Help and Support

VAIO Media 2.6

VAIO Media Integrated Server 2.6

VAIO Media Redistribution 2.6

VAIO Registration

VAIO Support

VAIO Survey Standalone

VAIO System Information

VideoLAN VLC media player 0.8.6

Viewpoint Media Player

Vodei Multimedia Processor 2.10

WebVideo Support

Welcome to VAIO life

Winamp (remove only)

WinAVIVideoConverter

Windows Installer 3.1 (KB893803)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 9 Hotfix [see KB885492 for more information]

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2

WinRAR archiver

Yahoo! Messenger

Zinio Reader

Edited October 27, 2007 by intocomputing2

rmurphy · October 27, 2007

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

-Ryan

intocomputing2 · October 27, 2007

ComboFix log:

ComboFix 07-10-23.2 - Uno 2007-10-27 2:05:33.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -4:00]

Running from: C:\Documents and Settings\Uno\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data.\hqnyngzy.dll

C:\Program Files\VideoAccessCodec

C:\Program Files\VideoAccessCodec\install.ico

C:\Program Files\VideoAccessCodec\Uninstall.exe

C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx

C:\WINDOWS\dat.txt

C:\WINDOWS\hostctrl.dll

C:\WINDOWS\msmhost.dll

C:\WINDOWS\nmcuninstall.exe

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

C:\WINDOWS\system32\{19FF1183-B106-4143-A3CD-9A45CFE213E6}.exe

C:\WINDOWS\system32\{37593053-D1CE-4077-8424-C98B25C5EDBD}.exe

C:\WINDOWS\system32\{49729B8C-852C-4157-90C6-78688BDC8BA8}.exe

C:\WINDOWS\system32\{EBF93E07-CB03-4A99-9A30-5163BF161524}.exe

C:\WINDOWS\system32\{F7428278-81A8-41B2-8B82-50193F8857C9}.exe

C:\WINDOWS\system32\{F79279E6-4A43-4BA9-9265-64FFB7ACBBDD}.exe

C:\WINDOWS\system32\{FC3C55AC-7917-4E94-B88D-4ADD9AC65426}.exe

.

((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))

.

2007-10-27 02:04 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-21 00:55 <DIR> d-------- C:\Program Files\vlkavjuf

2007-10-21 00:48 278,528 --a------ C:\WINDOWS\ntspkfxt.dll

2007-10-21 00:48 81,920 --a------ C:\WINDOWS\htunistock.dll

2007-10-19 17:20 <DIR> d-------- C:\Documents and Settings\Uno\Application Data\PowerChallenge

2007-10-11 20:39 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\PowerChallenge

2007-10-10 01:27 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-10-01 00:43 <DIR> d-------- C:\Documents and Settings\Uno\Application Data\Yahoo!

2007-09-29 21:42 <DIR> d---s---- C:\Documents and Settings\Charlie\UserData

2007-09-29 17:40 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\Yahoo!

2007-09-27 18:57 <DIR> d-------- C:\Documents and Settings\Charlie\Application Data\U3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-25 16:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 16:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 16:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 16:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 15:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-24 06:13 --------- d-----w C:\Documents and Settings\Uno\Application Data\uTorrent

2007-10-08 05:54 --------- d-----w C:\Program Files\Yahoo!

2007-09-27 22:56 --------- d-----w C:\Documents and Settings\Uno\Application Data\U3

2007-09-20 04:47 --------- d-----w C:\Program Files\Joost

2007-09-15 22:03 --------- d-----w C:\Program Files\Gpotato

2007-09-14 02:10 --------- d-----w C:\Documents and Settings\Charlie\Application Data\vlc

2007-09-13 01:17 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Viewpoint

2007-09-12 20:16 --------- d--h--w C:\Documents and Settings\Charlie\Application Data\ijjigame

2007-09-12 20:08 --------- d-----w C:\Documents and Settings\Charlie\Application Data\NHN Corporation

2007-09-12 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-09-12 20:02 --------- d-----w C:\Program Files\NHN USA

2007-09-10 16:36 --------- d-----w C:\Documents and Settings\Charlie\Application Data\Talkback

2007-09-07 04:10 --------- d-----w C:\Documents and Settings\Uno\Application Data\Nova Development

2007-09-07 03:57 --------- d-----w C:\Program Files\Common Files\Nova Development

2007-09-07 03:57 --------- d-----w C:\Program Files\Common Files\Crystal Decisions

2007-09-07 03:49 --------- d-----w C:\Program Files\Nova Development

2007-02-02 03:01 2,599,088 ----a-w C:\Program Files\Shockwave_Installer_Slim(3).exe

2006-12-29 04:30 528,315,413 ----a-w C:\Program Files\USAFlyff_6thSetup.exe

2006-12-04 02:34 317,248 ----a-w C:\Program Files\dxwebsetup.exe

2006-09-28 16:56 36,232 ----a-w C:\Documents and Settings\Uno\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57A3B35B-DFD7-6AA7-4166-03ED08EB8586}]

2007-10-21 00:55 110592 --a------ C:\Program Files\vlkavjuf\ejvjuavk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}"= C:\WINDOWS\htunistock.dll [2007-10-20 10:32 81920]

[HKEY_CLASSES_ROOT\CLSID\{C58A4487-4C2E-45E4-9E3A-52B3A23CC396}]

[HKEY_CLASSES_ROOT\htunistock.ToolBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]

[HKEY_CLASSES_ROOT\htunistock.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-16 14:22]

"nwiz"="nwiz.exe" [2003-07-16 14:22 C:\WINDOWS\system32\nwiz.exe]

"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2003-04-17 20:51]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]

"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 20:32]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 16:01]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 03:19]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 03:07]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 15:59 C:\WINDOWS\AGRSMMSG.exe]

"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]

"ATIModeChange"="Ati2mdxx.exe" []

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

"avast!"="D:\Avastfi\ashDisp.exe" [2007-10-25 11:20]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2003-03-17 14:52]

"SpySweeper"="D:\SpySweeper\Spy Sweeper\SpySweeper.exe" []

"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"NWEReboot"="" []

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"Zinio DLM"="C:\PROGRA~1\Zinio\ZINIOD~2.exe" [2005-03-15 14:53]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" []

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"hstsys"= {EE10C817-A6A2-45A8-B903-A8553ADBEA10} - C:\WINDOWS\hstsys.dll [ ]

S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys

S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command - G:\LaunchU3.exe -a

.

**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-27 02:13:39

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\win.old 696 bytes

C:\WINDOWS\Windows Update.log 280 bytes

C:\WINDOWS\WindowsShell.Manifest 749 bytes

C:\WINDOWS\WindowsUpdate.log 1664373 bytes

C:\WINDOWS\windowsxp-kb823559-x86-enu.exe 384288 bytes executable

C:\WINDOWS\windowsxp-kb823980-x86-enu.exe 1291040 bytes executable

C:\WINDOWS\winhelp.exe 256192 bytes

C:\WINDOWS\WINHELP.INI 874 bytes

C:\WINDOWS\winhlp32.exe 283648 bytes executable

C:\WINDOWS\wininit.ini 473 bytes

C:\WINDOWS\winnt.bmp 48680 bytes

C:\WINDOWS\winnt256.bmp 48680 bytes

C:\WINDOWS\WinSxS

C:\WINDOWS\WMFDist11.log 29592 bytes

C:\WINDOWS\wmp11.log 17540 bytes

C:\WINDOWS\wmsetup.log 373252 bytes

C:\WINDOWS\wmsetup10.log 2026 bytes

C:\WINDOWS\WMSysPr9.prx 316640 bytes

C:\WINDOWS\WMSysPrx.prx 299552 bytes

C:\WINDOWS\WRServices.dll 424960 bytes executable

C:\WINDOWS\WRUninstall.dll 478720 bytes executable

C:\WINDOWS\Wudf01000Inst.log 10891 bytes

C:\WINDOWS\xpsp1hfm.log 13320 bytes

C:\WINDOWS\yacs.log 1995 bytes

C:\WINDOWS\Zapotec.bmp 9522 bytes

C:\WINDOWS\_default.pif 707 bytes

scan completed successfully

hidden files: 26

**************************************************************************

.

Completion time: 2007-10-27 2:15:07 - machine was rebooted

.

--- E O F ---

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:19:43 AM, on 10/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\pfi\AdAwarefi\aawservice.exe

D:\Avastfi\aswUpdSv.exe

D:\Avastfi\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

D:\a-squaredfi\a-squared Free\a2service.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\program files\support.com\client\bin\tgcmd.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

D:\Avastfi\ashDisp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\Zinio\ZINIOD~2.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\Avastfi\ashMaiSv.exe

D:\Avastfi\ashWebSv.exe

D:\FireFoxfi\firefox.exe