My Hijackthis Log For Review[RESOLVED]

rmurphy · April 24, 2008

Let's get an antivirus installed since I didn't see one, and see if a boot time scan reveals anything.

== Install avast! 4 Home ==

Download Avast! 4 Home and get your free Registration Key.

Install avast!, and restart your computer if needed.

== Update avast! ==

Right click on the a in the taskbar and select Updating, then select Program.

Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.

== Schedule a Boot-Time Scan ==

After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.

After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.

Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
Next, choose:
- Scan all local disks
- scan archive files

Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes

Your computer will then restart, and avast! will perform the scan prior to Windows loading.

IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.

== Request logs ==

Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

magicsdevil · April 24, 2008

It seems the Avast scan stalled out around 65%.......... but here is the log it produced:

04/23/2008 21:55

Scan of all local drives

File C:\Documents and Settings\dcomito\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13449\[PECompact] is infected by Win32:PurityScan-BA [Trj]

Scanning aborted

Number of searched folders: 3543

Number of tested files: 37826

Number of infected files: 1

----------------------------------------

04/23/2008 22:21

Scan of all local drives

File C:\Crazy Zach\Data\MISSION\10\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\12\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\13\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\14\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\16\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\17\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\18\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\19\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\2\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\20\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\23\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\27\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\29\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\3\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\31\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\33\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\35\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\37\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\39\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\41\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\42\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\44\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\45\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\6\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\Data\MISSION\7\MISSION.LEV\MISSION Error 42129

File C:\Crazy Zach\InstallTiny Trucks.exe\Tiny Trucks.mfa Error 42126

File C:\Documents and Settings\dcomito\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13449\[PECompact]\[Embedded#FINGERPRINT] is infected by Win32:PurityScan-BA [Trj], Moved to chest

File C:\Documents and Settings\dcomito\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45440\[PECompact]\[Embedded#FINGERPRINT] is infected by Win32:PurityScan-BA [Trj], Moved to chest

File C:\Documents and Settings\dcomito\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.77323\[uPX] is infected by Win32:Rootkit-gen [Rtk], Moved to chest

File C:\Program Files\GunzInstaller.exe is infected by Win32:Keygen-G [Trj]

Scanning aborted

magicsdevil · April 24, 2008

Uninstall_list

.sol Editor 1.1.0.1

6000 Sound Effects

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Photoshop 7.0

Adobe Reader 8

Adobe Shockwave Player

Advanced GIF Animator 2.23

AGEIA PhysX v7.07.24

Armagetron Advanced 0.2.8.2.1.gcc

Audio Recorder for FREE v10.2

avast! Antivirus

BannedStory

Canon CanoScan Toolbox 4.1

Canon i960

Canon Utilities Easy-PhotoPrint

Canon Utilities Easy-PhotoPrint Plus

Canon Utilities PhotoStitch 3.1

Crashday

Crazy Machines

Crazy Machines II Demo

Delta Force

DIG Game Manager

Digital Media Converter 2.62

Disney Pirates of the Caribbean Online

Disney's Toontown Online

Disney's Toontown Online Test Server

Dream Flashsee v1.3

Easy GIF Animator 4.4

ebgcInfra

ebgcRes

ebgcSDK

Enhancement Browser Tools Gooochi

Frames

Fraps

Frets On Fire

Game Maker 7.0

Google Earth

Google SketchUp 6

Google Talk (remove only)

Google Toolbar for Firefox

Google Toolbar for Internet Explorer

GTA2

Guild Wars

Hang Reporting Tool

Hard Disk Scrubber v2.1

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

HyperCam 2

Intel® Extreme Graphics 2 Driver

J2SE Runtime Environment 5.0 Update 7

J2SE Runtime Environment 5.0 Update 9

Java SE Runtime Environment 6 Update 1

KartRider

Kaspersky Online Scanner

KODAK EASYSHARE Gallery Upload ActiveX Control

LEGO Digital Designer

LimeWire 4.16.7

Lyra Jukebox Applications

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Fireworks 8

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Macromedia Flash Player 8 Plugin

Macromedia FlashPaper 2

Macromedia FreeHand MXa

Malwarebytes' Anti-Malware

MapleStory

Marble Blast Gold

Mario Forever v 2.16 !

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Digital Image Suite 10

Microsoft GIF Animator

Microsoft Halo

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft IT Smartcard Utilities

Microsoft National Language Support Downlevel APIs

Microsoft Office FrontPage 2003

Microsoft Office Professional Edition 2003

Microsoft Platform SDK (R2) (3790.2075)

Microsoft Revenge of Arcade

Microsoft Rise Of Nations

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Express Edition - ENU

Mini Python Pack 1.5.1

MonkeyJam 3_050529

Mozilla Firefox (2.0.0.4)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

MusicmatchÂ® Jukebox

Norton Security Scan

PangYa (NtreevSoft)

Penguin Racers

Picasa 2

Pirates of the Caribbean Online's Desktop Galleon

Pivot Stickfigure Animator

project dogwaffle

Project64 1.6

Quartz AudioMaster Freeware

QuickTime

RasPatch

Reaction Engine SDK Demo (remove only)

RealArcade

RealPlayer

Realtek AC'97 Audio

Rhapsody Player Engine

Ricochet Lost Worlds

Ricochet Lost Worlds Recharged

SAPI 5.1

SecondLife (remove only)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Shrek® SuperSlam

Snail Mail

Snail Mail (remove only)

Soldier Front

STOIK Video Converter 2

Stop Motion Pro v6 Trial

Super Flash Player Manager 2.18

SuperVideoCap V5.5 Build 1800

Tamagotchi

The Games Factory 2

ThinkTanks Demo (remove only)

Tiny Trucks

Toribash 3.1

Torque Game Engine Demo (remove only)

Torque Warzone Demo (remove only)

TurboDemo 7.5 - Trial

U.B. Funkeys

Update for Windows XP (KB894391)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

VIA Rhine-Family Fast Ethernet Adapter

VIDEO GAME TYCOON : Gold Edition

WarRock

Winamp (remove only)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows Rights Management client

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

WinRAR archiver

Xenolith & MacroM@sh

Xfire (remove only)

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Toolbar

rmurphy · April 24, 2008

== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
LimeWire 4.16.7

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select NO.

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Close all Internet Explorer, Firefox, and Opera windows before continuing.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Clear System Restore==

Let's make a new restore point and clear the others:

Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer

Please reboot your computer before continuing.

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.

-Ryan

magicsdevil · April 25, 2008

Kaspersky Scan Report

KASPERSKY_ONLINE_SCANNER_REPORT.txt

magicsdevil · April 25, 2008

HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:54:12 PM, on 4/24/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 12061 bytes

magicsdevil · April 25, 2008

The computer seems to be running well. No popups. It is slow navigating the net, though.

Thanks!

rmurphy · April 25, 2008

Can you report the Kaspersky log if you still have it? Something along the way corrupted it, and I can't really work with it the way it is.

-Ryan

magicsdevil · April 25, 2008

magicsdevil · April 25, 2008

magicsdevil · April 25, 2008

Even with the

tags, I cannot get the scan log to post. So, I am attempting to add it as an attachment...........

magicsdevil · April 25, 2008

Latest scan log

k_report.txt

rmurphy · April 25, 2008

That looks good. Please post a new HiJack This log and let me know how the computer is running.

-Ryan

magicsdevil · April 25, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:06:13 AM, on 4/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe