Need Help With Trojan.zlob[INACTIVE]

[johntrojanzlob]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:33:43, on 07/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D18E08C5-AC41-43AE-B754-ADCA921BDDB4} - (no file)

O2 - BHO: (no name) - {D8ED03EE-A95D-4062-80AC-B824BCFD80FD} - C:\WINDOWS\system32\awtsQKbx.dll (file missing)

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PDM Agent] C:\Program Files\PDM\PDM.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/on...lidstateion.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: cbawxe.dll rnxkpv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 8264 bytes

i keep getting false security alerts

also i have downloaded all the recommended removal programs done a quick scan > removed done a full scan > removed,

rebooted and i still get the false alerts of trojan.zlob keylogger..

thefakealert.bmp

[Rorschach112]

Hello

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

• Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  
• Under File Age at the top, change it from 30 days to 90 days
  
• Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  
• Under Rootkit Search change it to Yes
  
• Under the Custom Scans box at the bottom left paste the following in
  %systemroot%\Prefetch\*.* /s
  %systemroot%\system32\drivers\*.dat
  %systemroot%\Temp\bca4e2da.$$$
  %systemroot%\Temp\ed47fa.$
  %systemroot%\Temp\fa56d7ec.$$$
  %systemroot%\System32\antiwpa.dll
  %PROGRAMFILES%\*crack*.
  %PROGRAMFILES%\*keygen*.
  %SYSTEMDRIVE%\*crack*.
  %SYSTEMDRIVE%\*keygen*.
  %SYSTEMDRIVE%\*.zip
  %SYSTEMDRIVE%\*.rar
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*.zip
  %systemroot%\*.rar
  %systemroot%\system32\*.zip
  %systemroot%\system32\*.rar
  %PROGRAMFILES%\*.zip
  %PROGRAMFILES%\*.rar
  %PROGRAMFILES%\*.exe
  %DESKTOP%\*.zip
  %DESKTOP%\*.rar
  %DESKTOP%\*.exe
  %PROGRAMFILES%\Common Files\*bak*.
  %systemroot%\SYSTEM32\*bak*.
  %PROGRAMFILES%\*bak*.
  %USERNAME%\*.zip
  %USERNAME%\*.rar
  %USERNAME%\*.exe
  %USERPROFILE%\*.zip
  %USERPROFILE%\*.rar
  %USERPROFILE%\*.exe
  %ALLUSERSPROFILE%\*.zip
  %ALLUSERSPROFILE%\*.rar
  %ALLUSERSPROFILE%\*.exe
  %APPDATA%\*.zip
  %APPDATA%\*.rar
  %APPDATA%\*.exe
  %ALLUSERSSTARTMENU%\*.zip
  %ALLUSERSSTARTMENU%\*.rar
  %ALLUSERSSTARTMENU%\*.exe
  %ALLUSERSSTARTUP%\*.zip
  %ALLUSERSSTARTUP%\*.rar
  %ALLUSERSSTARTUP%\*.exe
  %ALLUSERSPROGRAMS%\*.zip
  %ALLUSERSPROGRAMS%\*.rar
  %ALLUSERSPROGRAMS%\*.exe
  %ALLUSERSAPPDATA%\*.zip
  %ALLUSERSAPPDATA%\*.rar
  %ALLUSERSAPPDATA%\*.exe
  %APPDATA%\*.zip
  %APPDATA%\*.rar
  %APPDATA%\*.exe
  %QUICKLAUNCH%\*.zip
  %QUICKLAUNCH%\*.rar
  %QUICKLAUNCH%\*.exe
  %STARTUP%\*.zip
  %STARTUP%\*.rar
  %STARTUP%\*.exe
  %STARTMENU%\*.zip
  %STARTMENU%\*.rar
  %STARTMENU%\*.exe
  %MYDOCUMENTS%\*.zip
  %MYDOCUMENTS%\*.rar
  %MYDOCUMENTS%\*.exe
  %PROGRAMFILES%\Mozilla Firefox\plugins\*.*
  %PROGRAMFILES%\Internet Explorer\*.*
  %PROGRAMFILES%\Mozilla Firefox\*.zip /s
  %PROGRAMFILES%\Mozilla Firefox\*.rar /s
  %PROGRAMFILES%\Mozilla Firefox\*.exe /s
  %PROGRAMFILES%\Internet Explorer\*.zip /s
  %PROGRAMFILES%\Internet Explorer\*.rar /s
  %PROGRAMFILES%\Internet Explorer\*.exe /s
  %SYSTEMDRIVE%\*.dat
  %SYSTEMROOT%\*.dat
  %SYSTEMROOT%\*.sys
  %systemroot%\system32\drivers\*.exe /s
  %systemroot%\system32\drivers\*.zip /s
  %systemroot%\system32\drivers\*.rar /s
  %APPDATA%\*.sys
  %systemroot%\system32\serauth1.dll
  %systemroot%\system32\serauth2.dll
  %systemroot%\system32\sysaudio.sys
  %PROGRAMFILES%\*TinyProxy*.
  
  
• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

[johntrojanzlob]

here it is..

OTScanIt.Txt

[Rorschach112]

Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]

[unregister Dlls]

[Processes - Safe List]

YN -> aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe

YN -> avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe

YN -> avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe

YN -> avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe

YN -> avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe

YN -> superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe

YN -> teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe

[Registry - Safe List]

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

YN -> {D18E08C5-AC41-43AE-B754-ADCA921BDDB4} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]

YN -> {D8ED03EE-A95D-4062-80AC-B824BCFD80FD} [HKLM] -> %SystemRoot%\system32\awtsQKbx.dll [Reg Error: Value does not exist or could not be read.]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YN -> "AVG7_CC" -> [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP]

YN -> "PDM Agent" -> %ProgramFiles%\PDM\PDM.exe [C:\Program Files\PDM\PDM.exe]

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls

YN -> cbawxe.dll ->

YN -> rnxkpv.dll ->

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages

*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages

YY -> C:\WINDOWS\system32\awtsQKbx ->

< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages

[Files/Folders - Created Within 90 Days]

NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp

NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp

NY -> HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk

NY -> VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe

NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups

NY -> xfjodmwv.ini -> %SystemRoot%\System32\xfjodmwv.ini

NY -> hdngslrk.ini -> %SystemRoot%\System32\hdngslrk.ini

NY -> xbKQstwa.ini2 -> %SystemRoot%\System32\xbKQstwa.ini2

NY -> xbKQstwa.ini -> %SystemRoot%\System32\xbKQstwa.ini

[Empty Temp Folders]

[start Explorer]

[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

[johntrojanzlob]

[Processes - Safe List]

No active process named aawservice.exe was found!

No active process named avgamsvr.exe was found!

Process avgcc.exe killed successfully!

No active process named avgemc.exe was found!

No active process named avgupsvc.exe was found!

Unable to kill active process superantispyware.exe!

Process teatimer.exe killed successfully!

[Registry - Safe List]

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D18E08C5-AC41-43AE-B754-ADCA921BDDB4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18E08C5-AC41-43AE-B754-ADCA921BDDB4}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D8ED03EE-A95D-4062-80AC-B824BCFD80FD}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8ED03EE-A95D-4062-80AC-B824BCFD80FD}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PDM Agent deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:cbawxe.dll deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:rnxkpv.dll deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\awtsQKbx deleted successfully.

File not found.

[Files/Folders - Created Within 90 Days]

C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk moved successfully.

C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe moved successfully.

C:\VundoFix Backups folder moved successfully.

C:\WINDOWS\System32\xfjodmwv.ini moved successfully.

C:\WINDOWS\System32\hdngslrk.ini moved successfully.

C:\WINDOWS\System32\xbKQstwa.ini2 moved successfully.

C:\WINDOWS\System32\xbKQstwa.ini moved successfully.

[Empty Temp Folders]

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

RecycleBin -> emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12072008_165020

Files moved on Reboot...

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

Registry entries deleted on Reboot...

[Rorschach112]

Hello

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[johntrojanzlob]

malaware bytes results-

failed to report anything

kaspersky results-

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, December 7, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, December 07, 2008 09:20:51

Records in database: 1441946

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Files scanned: 55527

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 01:16:38

File name / Threat name / Threats count

C:\Documents and Settings\Administrator\javaplugin.exe Infected: Trojan.Win32.VB.hcw 1

The selected area was scanned.

[Rorschach112]

Hello

Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Administrator\javaplugin.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

  
  

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  
• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  

[johntrojanzlob]

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

File/Folder C:\Documents and Settings\Administrator\javaplugin.exe not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_Administrator\1080 scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

File delete failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\573d2567-47f9cc69 scheduled to be deleted on reboot.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_190537

Files moved on Reboot...

File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hsperfdata_Administrator\1080 not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\39\573d2567-47f9cc69 moved successfully.

log txt-

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrator at 2008-12-08 19:16:16

Microsoft Windows XP Professional Service Pack 2

System drive C: has 137 GB (90%) free of 153 GB

Total RAM: 446 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:34, on 08/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\service.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Administrator\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Windows Service] service.exe

O4 - HKLM\..\RunServices: [Windows Service] service.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/on...lidstateion.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 8081 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-27 262144]

{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\PROGRA~1\TEXTAL~1\TAForIE.dll [2007-08-25 658432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-11-14 919016]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"Windows Service"=C:\WINDOWS\service.exe [2008-11-01 49676]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-07-23 21738792]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-12-31 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=1

"DisableRegistrytools"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"

"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-08 19:16:16 ----D---- C:\rsit

2008-12-08 19:05:37 ----D---- C:\_OTMoveIt

2008-12-08 16:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-12-08 16:37:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-12-08 16:37:31 ----D---- C:\Program Files\MSXML 4.0

2008-12-08 16:33:30 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-07 19:26:47 ----RSH---- C:\WINDOWS\service.exe

2008-12-07 16:50:20 ----D---- C:\_OTScanIt

2008-12-07 15:32:55 ----D---- C:\Program Files\Trend Micro

2008-12-07 01:32:52 ----D---- C:\Program Files\SUPERAntiSpyware

2008-12-07 01:32:52 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-12-06 20:32:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-12-06 20:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-12-06 20:31:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-06 17:31:26 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-12-06 17:17:22 ----D---- C:\Program Files\Adobe Media Player

2008-12-06 17:12:22 ----D---- C:\Program Files\Common Files\Adobe AIR

2008-12-06 17:07:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2008-12-06 17:03:31 ----D---- C:\Program Files\Common Files\Macrovision Shared

2008-12-06 15:48:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Download Manager

======List of files/folders modified in the last 1 months======

2008-12-08 19:16:29 ----D---- C:\WINDOWS\Prefetch

2008-12-08 19:14:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype

2008-12-08 19:11:42 ----D---- C:\WINDOWS\Temp

2008-12-08 19:11:18 ----HD---- C:\WINDOWS\inf

2008-12-08 19:11:11 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-08 19:09:54 ----D---- C:\Program Files\Common Files\Symantec Shared

2008-12-08 19:08:55 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-08 17:18:38 ----D---- C:\WINDOWS\system32\CatRoot_bak

2008-12-08 17:18:38 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-08 16:44:06 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM

2008-12-08 16:43:18 ----D---- C:\WINDOWS

2008-12-08 16:41:04 ----D---- C:\WINDOWS\system32

2008-12-08 16:38:42 ----SHD---- C:\WINDOWS\Installer

2008-12-08 16:38:41 ----D---- C:\Config.Msi

2008-12-08 16:38:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-08 16:38:04 ----D---- C:\WINDOWS\system32\drivers

2008-12-08 16:38:00 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-08 16:37:57 ----A---- C:\WINDOWS\imsins.BAK

2008-12-08 16:37:32 ----D---- C:\WINDOWS\WinSxS

2008-12-08 16:37:31 ----RD---- C:\Program Files

2008-12-08 16:37:08 ----D---- C:\WINDOWS\Internet Logs

2008-12-08 16:32:44 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent

2008-12-08 16:28:38 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-12-08 16:26:09 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-08 16:24:20 ----D---- C:\Program Files\Norton Security Scan

2008-12-07 20:02:01 ----D---- C:\WINDOWS\Help

2008-12-07 01:33:03 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2008-12-07 01:32:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-12-07 00:25:41 ----RHD---- C:\$VAULT$.AVG

2008-12-07 00:15:30 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-06 20:21:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Google

2008-12-06 19:34:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

2008-12-06 19:31:39 ----D---- C:\Documents and Settings\Administrator\Application Data\DivX

2008-12-06 19:31:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Dev-Cpp

2008-12-06 19:31:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer

2008-12-06 17:23:43 ----D---- C:\Program Files\Adobe

2008-12-06 17:20:14 ----D---- C:\Program Files\Common Files\Adobe

2008-12-06 17:15:53 ----RSD---- C:\WINDOWS\Fonts

2008-12-06 17:12:22 ----D---- C:\Program Files\Common Files

2008-12-02 21:52:26 ----D---- C:\WINDOWS\Network Diagnostic

2008-11-22 01:59:52 ----D---- C:\Program Files\Full Tilt Poker

2008-11-22 00:05:22 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-16 20:34:57 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-02-27 821856]

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-02-27 4224]

R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-02-27 27776]

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-02-27 10760]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-12-31 36352]

R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-11-14 394952]

R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]

R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-02-27 4960]

R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-31 62336]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-10-12 41752]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-12-31 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-12-31 59392]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-12-31 20608]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-12-31 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-12-31 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-02-27 418816]

R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-02-27 49664]

R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-02-27 406528]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-11-14 75304]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-06 655624]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt-

info.txt logfile of random's system information tool 1.04 2008-12-08 19:16:39

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe

Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}

Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}

Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}

Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}

Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}

Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}

Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}

Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}

Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}

Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}

Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}

Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}

Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}

Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}

Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}

Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}

Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}

Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}

Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1

Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}

Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}

Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}

Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}

Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}

Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}

AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"

Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

Empire Earth - The Art of Conquest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9

Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"

FrostWire 4.13.5-->C:\Program Files\FrostWire\Uninstall.exe

Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}

Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress

Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf

Microsoft Speech SDK 5.1-->MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}

Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Norton Security Scan-->MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}

Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG

PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}

Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

TextAloud-->"C:\Program Files\TextAloud\unins000.exe"

Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf

ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O

ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: AVG 7.5.552

FW: ZoneAlarm Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0604

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"tvdumpflags"=8

-----------------EOF-----------------

[Rorschach112]

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [Windows Service] service.exe

O4 - HKLM\..\RunServices: [Windows Service] service.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O20 - AppInit_DLLs:

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\service.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

  
  

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Also post a new HJT log

[johntrojanzlob]

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\WINDOWS\service.exe moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_194505

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

[Rorschach112]

Post a new HJT log