Need help getting rid of VX2 Malware

[Chow]

I got the Adaware VX2 plugin and when I run it, it says my computer is clean of any VX2s, but when I run Spybot it says I do have one but it can't fix it.

Thanks for helping me out.

Logfile of HijackThis v1.99.1
Scan saved at 8:37:39 PM, on 12/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164493579203
O16 - DPF: {8EF0A8C9-C609-41ED-936D-598387519DF6} (Two4OnePrintControl Class) - http://2for1.com/downloads/2for1.cab
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[Chow]

I don't know how many pages back the analysts look so...

bump

[Ried]

Hello Chow,

I'm not seeing anything in this log--inlcuding McAfee in the running processes. Was this scan done from Safe Mode? If so, we need the scan to be completed from Normal Mode.

Where does Spybot detect VX2? If you can, please post that entry found by Spybot here.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply along with a new HijackThis log taken from Normal Mode.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[Chow]

computer - 06-12-04 21:36:11.54 Service Pack 1
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\computer\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\b.exe
d:\autorun.inf . . . . failed to delete


((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 ))))))))))))))))))))))))))))))))))


2006-12-04 21:39 <DIR> d-------- C:\WINNT
2006-12-04 21:38 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-04 03:00 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2006-12-03 03:17 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2006-12-03 03:17 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2006-12-03 03:17 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2006-12-02 22:09 <DIR> d-------- C:\Documents and Settings\computer\Application Data\vlc
2006-12-02 22:07 <DIR> d-------- C:\Program Files\VideoLAN
2006-12-02 19:05 98,816 --a------ C:\WINDOWS\SYSTEM32\dmstyle.dll
2006-12-02 19:05 974,848 --a------ C:\WINDOWS\SYSTEM32\dxdiag.exe
2006-12-02 19:05 83,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
2006-12-02 19:05 80,896 --a------ C:\WINDOWS\SYSTEM32\dpvsetup.exe
2006-12-02 19:05 8,192 --a------ C:\WINDOWS\SYSTEM32\d3d8thk.dll
2006-12-02 19:05 797,184 --a------ C:\WINDOWS\SYSTEM32\d3dim700.dll
2006-12-02 19:05 76,800 --a------ C:\WINDOWS\SYSTEM32\dmscript.dll
2006-12-02 19:05 733,184 --a------ C:\WINDOWS\SYSTEM32\qedwipes.dll
2006-12-02 19:05 7,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys
2006-12-02 19:05 68,096 --a------ C:\WINDOWS\SYSTEM32\dsdmoprp.dll
2006-12-02 19:05 68,096 --a------ C:\WINDOWS\SYSTEM32\dpnhupnp.dll
2006-12-02 19:05 64,512 --a------ C:\WINDOWS\SYSTEM32\amstream.dll
2006-12-02 19:05 63,768 --a------ C:\WINDOWS\SYSTEM32\dxdllreg.exe
2006-12-02 19:05 602,624 --a------ C:\WINDOWS\SYSTEM32\dx7vb.dll
2006-12-02 19:05 58,368 --a------ C:\WINDOWS\SYSTEM32\dmcompos.dll
2006-12-02 19:05 57,856 --a------ C:\WINDOWS\SYSTEM32\dpwsockx.dll
2006-12-02 19:05 53,248 --a------ C:\WINDOWS\SYSTEM32\devenum.dll
2006-12-02 19:05 524,800 --a------ C:\WINDOWS\SYSTEM32\qedit.dll
2006-12-02 19:05 5,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys
2006-12-02 19:05 48,512 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\stream.sys
2006-12-02 19:05 47,104 --a------ C:\WINDOWS\SYSTEM32\wstdecod.dll
2006-12-02 19:05 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2006-12-02 19:05 4,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys
2006-12-02 19:05 382,976 --a------ C:\WINDOWS\SYSTEM32\qdvd.dll
2006-12-02 19:05 377,856 --a------ C:\WINDOWS\SYSTEM32\dpnet.dll
2006-12-02 19:05 363,520 --a------ C:\WINDOWS\SYSTEM32\dsound.dll
2006-12-02 19:05 354,816 --a------ C:\WINDOWS\SYSTEM32\psisdecd.dll
2006-12-02 19:05 34,304 --a------ C:\WINDOWS\SYSTEM32\mciqtz32.dll
2006-12-02 19:05 33,280 --a------ C:\WINDOWS\SYSTEM32\dmloader.dll
2006-12-02 19:05 32,768 --a------ C:\WINDOWS\SYSTEM32\dpnhpast.dll
2006-12-02 19:05 3,072 --a------ C:\WINDOWS\SYSTEM32\dpnlobby.dll
2006-12-02 19:05 3,072 --a------ C:\WINDOWS\SYSTEM32\dpnaddr.dll
2006-12-02 19:05 28,160 --a------ C:\WINDOWS\SYSTEM32\dplaysvr.exe
2006-12-02 19:05 276,480 --a------ C:\WINDOWS\SYSTEM32\qdv.dll
2006-12-02 19:05 27,136 --a------ C:\WINDOWS\SYSTEM32\dmband.dll
2006-12-02 19:05 265,728 --a------ C:\WINDOWS\SYSTEM32\ddraw.dll
2006-12-02 19:05 24,064 --a------ C:\WINDOWS\SYSTEM32\ddrawex.dll
2006-12-02 19:05 230,400 --a------ C:\WINDOWS\SYSTEM32\dplayx.dll
2006-12-02 19:05 22,016 --a------ C:\WINDOWS\SYSTEM32\dpmodemx.dll
2006-12-02 19:05 203,264 --a------ C:\WINDOWS\SYSTEM32\dpvoice.dll
2006-12-02 19:05 194,560 --a------ C:\WINDOWS\SYSTEM32\mswebdvd.dll
2006-12-02 19:05 19,968 --a------ C:\WINDOWS\SYSTEM32\dpvacm.dll
2006-12-02 19:05 186,880 --a------ C:\WINDOWS\SYSTEM32\dsdmo.dll
2006-12-02 19:05 181,248 --a------ C:\WINDOWS\SYSTEM32\dmime.dll
2006-12-02 19:05 18,944 --a------ C:\WINDOWS\SYSTEM32\encapi.dll
2006-12-02 19:05 18,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
2006-12-02 19:05 18,432 --a------ C:\WINDOWS\SYSTEM32\dswave.dll
2006-12-02 19:05 177,152 --a------ C:\WINDOWS\SYSTEM32\qcap.dll
2006-12-02 19:05 16,896 --a------ C:\WINDOWS\SYSTEM32\msyuv.dll
2006-12-02 19:05 16,896 --a------ C:\WINDOWS\SYSTEM32\dpnsvr.exe
2006-12-02 19:05 16,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
2006-12-02 19:05 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mpe.sys
2006-12-02 19:05 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
2006-12-02 19:05 130,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
2006-12-02 19:05 13,312 --a------ C:\WINDOWS\SYSTEM32\msdmo.dll
2006-12-02 19:05 112,128 --a------ C:\WINDOWS\SYSTEM32\dpvvox.dll
2006-12-02 19:05 11,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bdasup.sys
2006-12-02 19:05 104,448 --a------ C:\WINDOWS\SYSTEM32\dmusic.dll
2006-12-02 19:05 100,864 --a------ C:\WINDOWS\SYSTEM32\dmsynth.dll
2006-12-02 19:05 10,880 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
2006-12-02 19:05 10,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
2006-12-02 19:05 1,294,336 --a------ C:\WINDOWS\SYSTEM32\dsound3d.dll
2006-12-02 19:05 1,230,336 --a------ C:\WINDOWS\SYSTEM32\msvidctl.dll
2006-12-02 19:05 1,227,776 --a------ C:\WINDOWS\SYSTEM32\quartz.dll
2006-12-02 19:05 1,189,888 --a------ C:\WINDOWS\SYSTEM32\dx8vb.dll
2006-12-02 19:05 1,179,648 --a------ C:\WINDOWS\SYSTEM32\d3d8.dll
2006-12-02 17:16 971,264 --a------ C:\WINDOWS\SYSTEM32\msgina.dll
2006-12-02 17:16 681,984 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-12-02 17:16 51,712 --a------ C:\WINDOWS\SYSTEM32\msasn1.dll
2006-12-02 17:16 260,608 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2006-12-02 17:16 136,704 --a------ C:\WINDOWS\SYSTEM32\schannel.dll
2006-12-02 17:15 947,472 --a------ C:\WINDOWS\SYSTEM32\msjava.dll
2006-12-02 17:15 63,248 --a------ C:\WINDOWS\SYSTEM32\javaprxy.dll
2006-12-02 17:15 49,424 --a------ C:\WINDOWS\SYSTEM32\clspack.exe
2006-12-02 17:15 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-12-02 17:15 404,752 --a------ C:\WINDOWS\SYSTEM32\javart.dll
2006-12-02 17:15 313,856 --a------ C:\WINDOWS\SYSTEM32\dx3j.dll
2006-12-02 17:15 286,992 --a------ C:\WINDOWS\SYSTEM32\vmhelper.dll
2006-12-02 17:15 21,264 --a------ C:\WINDOWS\SYSTEM32\msjdbc10.dll
2006-12-02 17:15 187,152 --a------ C:\WINDOWS\SYSTEM32\javacypt.dll
2006-12-02 17:15 172,304 --a------ C:\WINDOWS\SYSTEM32\jview.exe
2006-12-02 17:15 171,792 --a------ C:\WINDOWS\SYSTEM32\wjview.exe
2006-12-02 17:15 171,280 --a------ C:\WINDOWS\SYSTEM32\jit.dll
2006-12-02 17:15 154,384 --a------ C:\WINDOWS\SYSTEM32\msawt.dll
2006-12-02 17:15 15,120 --a------ C:\WINDOWS\SYSTEM32\jdbgmgr.exe
2006-12-02 17:15 139,536 --a------ C:\WINDOWS\SYSTEM32\javaee.dll
2006-12-02 17:15 113 --a------ C:\WINDOWS\SYSTEM32\zonedon.reg
2006-12-02 17:15 113 --a------ C:\WINDOWS\SYSTEM32\zonedoff.reg
2006-12-02 17:08 991,232 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2006-12-02 16:43 <DIR> d-------- C:\bios update
2006-12-02 16:03 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2006-12-02 16:03 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-12-02 15:44 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-02 15:22 361,984 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2006-12-02 15:22 159,232 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-12-02 15:11 89,600 --a------ C:\WINDOWS\SYSTEM32\comrepl.dll
2006-12-02 15:11 124,184 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2006-12-02 15:11 1,343,768 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2006-12-02 15:11 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-12-02 15:05 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2006-12-02 15:05 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2006-11-27 20:00 <DIR> d-------- C:\Program Files\uTorrent
2006-11-27 20:00 <DIR> d-------- C:\Documents and Settings\computer\Application Data\uTorrent
2006-11-26 10:22 <DIR> d-------- C:\Program Files\Serious Sam 2
2006-11-25 22:18 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-11-25 20:26 <DIR> d-------- C:\Program Files\ACW
2006-11-25 15:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-04 15:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-03 03:10 -------- d-------- C:\Program Files\Windows Media Player
2006-12-02 20:42 -------- d-------- C:\Program Files\World of Warcraft
2006-12-02 20:37 -------- d-------- C:\Program Files\hijackthis
2006-12-02 18:34 -------- d-------- C:\Program Files\Warcraft III
2006-12-02 16:16 -------- d-a------ C:\Program Files\Common Files
2006-12-02 15:24 -------- d-------- C:\Program Files\Movie Maker
2006-11-29 17:14 -------- d-------- C:\Program Files\Internet Explorer
2006-11-25 15:51 -------- d-------- C:\Program Files\Messenger
2006-11-25 15:49 -------- d-------- C:\Program Files\Windows NT
2006-11-25 15:49 -------- d-------- C:\Program Files\Outlook Express
2006-11-25 15:49 -------- d-------- C:\Program Files\NetMeeting
2006-11-25 15:49 -------- d-------- C:\Program Files\Common Files\System
2006-11-01 19:23 -------- d-------- C:\Program Files\iTunes
2006-11-01 19:22 -------- d-------- C:\Program Files\iPod
2006-11-01 19:21 -------- d-------- C:\Program Files\QuickTime
2006-11-01 19:19 -------- d-------- C:\Program Files\Apple Software Update
2006-10-25 13:10 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-25 13:10 -------- d-------- C:\Program Files\Ubisoft
2006-10-24 21:35 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-24 21:30 -------- d-------- C:\Program Files\SCCT
2006-10-24 21:04 -------- d-------- C:\Program Files\PowerISO
2006-10-23 09:38 -------- d-------- C:\Program Files\LimeWire
2006-10-23 09:14 43520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2006-10-23 08:32 611064 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2006-10-22 21:52 -------- d-------- C:\Documents and Settings\computer\Application Data\Sun
2006-10-22 12:22 888832 --a------ C:\WINDOWS\SYSTEM32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\SYSTEM32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\SYSTEM32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\SYSTEM32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\SYSTEM32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\SYSTEM32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\SYSTEM32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\SYSTEM32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\SYSTEM32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\SYSTEM32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\SYSTEM32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\SYSTEM32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\SYSTEM32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\SYSTEM32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\SYSTEM32\keystone.exe
2006-10-22 12:22 3994624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
2006-10-22 12:22 35840 --a------ C:\WINDOWS\SYSTEM32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\SYSTEM32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\SYSTEM32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\SYSTEM32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\SYSTEM32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\SYSTEM32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\SYSTEM32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\SYSTEM32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\SYSTEM32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\SYSTEM32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\SYSTEM32\nvapi.dll
2006-10-22 12:22 188416 --a------ C:\WINDOWS\SYSTEM32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\SYSTEM32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\SYSTEM32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\SYSTEM32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\SYSTEM32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\SYSTEM32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\SYSTEM32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\SYSTEM32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\SYSTEM32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\SYSTEM32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\SYSTEM32\nvcpluir.dll
2006-10-22 09:58 147456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2006-10-16 13:10 -------- d-------- C:\Documents and Settings\computer\Application Data\Apple Computer
2006-09-28 15:05 2414360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2006-09-28 15:05 237848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_4.dll
2006-09-28 15:04 68888 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll
2006-09-28 15:03 15128 --a------ C:\WINDOWS\SYSTEM32\x3daudio1_1.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\SYSTEM32\GEARAspi.dll
2006-09-12 22:09 1110528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-09 15:31 0 --a------ C:\WINDOWS\SYSTEM32\taskkill.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"nwiz"="nwiz.exe /install"
"Logitech Utility"="Logi_MwX.Exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CXMon"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"p2p networking"="p2pnetworking.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"p2p networking"="p2pnetworking.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_ControlCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iwctrl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\Agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\PSDrvCheck.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="c:\\program files\\mcafee.com\\vso\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VOBID]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InstantDrive"
"hkey"="HKLM"
"command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\\\InstantDrive\\InstantDrive.exe /remount"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTouch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (NGOFAMILY-computer).job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (NGOFAMILY-computer).job
C:\WINDOWS\tasks\McAfee.com Update Check (D4CDK231-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (computer).job
C:\WINDOWS\tasks\McAfee.com Update Check (computer).job
C:\WINDOWS\tasks\McAfee.com Update Check (computer).job

Completion time: 06-12-04 21:40:49.26

[Chow]

And I reran my hijack this and made sure it was on normal mode and it turned out the same.

[Ried]

Hello Chow,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on " Recommended actions" and then select " Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

-------------

Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:BFU).

Do not do anything with these yet.

-------------

Download the attached chow.zip file to your desktop.

Double click on the chow.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.


-----------------------------------

Reboot your computer in Safe Mode by doing the following:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

-----------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions" **Please ensure it is set to Quarantine
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware.

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.
-----------------------------------

Now, please go to Start > My Computer and navigate to the C:BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Beside the scriptline to execute field click the folder icon and select alcanshorty.bfu by double clicking on it.
• Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
• Click on see report. Then click Save report

Please include the following in your next reply:

AVG A/S results
Panda results
New HijackThis log

[Chow]

Hi Ried,

just wanted to let you know I will get around to doing your next set of instructions. I did the AVG Scan and it took over an hour and gave me a surprisingly couple hundred errors, but when I clicked the "Apply all actions" it froze. I haven't had time to run another scan yet but I will soon.

Thanks for going through all this effort to help me.

[Ried]

Hello Chow,

Try clearing your Firefox cookies first, then run AVG A-S again.

Clear Mozilla Firefox cookies:
Open the Mozilla Browser, (you do not need to be online to do this) Click Tools>Options>Privacy>Cookies>Clear

If it still freezes when applying all actions, just keep moving along to the rest of the instructions.

[Chow]

Logfile of HijackThis v1.99.1
Scan saved at 5:07:58 PM, on 12/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164493579203
O16 - DPF: {8EF0A8C9-C609-41ED-936D-598387519DF6} (Two4OnePrintControl Class) - http://2for1.com/downloads/2for1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\System32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[Chow]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:01:16 PM 12/11/2006

+ Scan result:



HKU\.DEFAULT\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\axuninstall.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wsaupdater.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iezset.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\msiaih.dll -> Adware.Ipend : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mskplb.dll -> Adware.Ipend : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\msnimk.gif -> Adware.Ipend : Cleaned with backup (quarantined).
C:\WINDOWS\IFinst25.exe -> Backdoor.Ifinst : Cleaned with backup (quarantined)
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP72\A0004396.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\t.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mseggo.gif -> Logger.Delf.dx : Cleaned with backup (quarantined).


::Report end

[Chow]

As for the Panda scan, I've run the scan 3 times but I always left my computer after starting the scan and whenever I come back the IE browser and the panda scan window are both gone. I'll try again soon and just sit at the computer.

[Ried]

Hi,

Try this online scanner instead:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[Chow]

Monday, December 11, 2006 9:09:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/12/2006
Kaspersky Anti-Virus database records: 250064
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 81341
Number of viruses found 20
Number of infected objects 31 / 0
Number of suspicious objects 2
Duration of the scan process 01:29:45

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip/BackWeb-8876480.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\computer\.jpi_cache\file\1.0\stat.class-7553e213-1234a467.class Infected: Trojan.Java.Nocheat skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-4996488e.zip/a.class Infected: Trojan.Java.ClassLoader.b skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-4996488e.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-4996488e.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\a.jar-7bb6a5c5-4996488e.zip ZIP: infected - 3 skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-5c7203e0.zip/RunString.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-5c7203e0.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-5c7203e0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-5c7203e0.zip/Colors.class Infected: Trojan-Downloader.Java.OpenStream.b skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\arch10213.jar-71d8e3fb-5c7203e0.zip ZIP: infected - 4 skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-6f603a79-5bc8798f.zip/Beyond.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-6f603a79-5bc8798f.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.m skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-6f603a79-5bc8798f.zip/VerifierBug.class Infected: Trojan.Java.Needy.c skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-6f603a79-5bc8798f.zip ZIP: infected - 3 skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-c2b9e19-1c9000ab.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-c2b9e19-1c9000ab.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-c2b9e19-1c9000ab.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\count.jar-c2b9e19-1c9000ab.zip ZIP: infected - 3 skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\javainstaller.jar-2f2e21ea-2e9a0eb8.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\javainstaller.jar-2f2e21ea-2e9a0eb8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\plugin.jar-4f71e0bb-7c14ee04.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\plugin.jar-4f71e0bb-7c14ee04.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\plugin.jar-4f71e0bb-7c14ee04.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c skipped
C:\Documents and Settings\computer\.jpi_cache\jar\1.0\plugin.jar-4f71e0bb-7c14ee04.zip ZIP: infected - 3 skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\cert8.db Object is locked skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\flashgot.log Object is locked skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\history.dat Object is locked skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\key3.db Object is locked skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\parent.lock Object is locked skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\search.sqlite Object is locked skipped
C:\Documents and Settings\computer\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\computer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Application Data\Mozilla\Firefox\Profiles\6dcwwvab.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\computer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\computer\Local Settings\History\History.IE5\MSHist012006121120061212\index.dat Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Temp\Perflib_Perfdata_5b8.dat Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Temp\Perflib_Perfdata_650.dat Object is locked skipped
C:\Documents and Settings\computer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\computer\ntuser.dat Object is locked skipped
C:\Documents and Settings\computer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0004620.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0004621.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0004622.exe Infected: not-a-virus:AdWare.Win32.EZula.ac skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0004623.dll Infected: not-a-virus:AdWare.Win32.Ipend skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\A0004624.dll Infected: not-a-virus:AdWare.Win32.Ipend skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP79\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{196BA621-C124-4F9A-BBD4-4D93B37C3E53}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{36A4C386-7B1F-496B-AA9E-D0C16B1FD122}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\msfdje.gif Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\WINDOWS\SYSTEM32\msglji.gif Infected: not-a-virus:AdWare.Win32.SearchAssistant.d skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

[Ried]

Please copy this page to Notepad and save to your desktop for reference.

***************************************************

Delete the following files:

C:\WINDOWS\SYSTEM32\ msfdje.gif
C:\WINDOWS\SYSTEM32\ msglji.gif

------------------------------

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
    Downloaded Applications
    Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

Is Spybot still detecting VX2? If so, can you please tell me the location?

[Chow]

Hey,

Thanks a lot for all the help. Spybot doesn't detect anything anymore, and after following all your instructions a lot of odd problems on my computer were fixed too.

Also, on your last set of instructions for me it says to go to Java in the control panel but I only have a "Java Plug-in" icon that brings up a window that doesn't have any of the things you say to do.

And, I'm just curious, how do you know all of these things and why do you help out others for free? You would be a really great computer technician.

Hehe sorry but another question: What computer maintaining programs do you use on your computer? I have spybot, adaware, and now AVG which works really nicely.

Anyways, you don't have to answer any of those questions if you don't want to, but I just want to say thank you very much. Your instructions were the easiest instructions to follow that I have ever had to follow (eh, bad wording sorry), and they were all very polite. I hope there's something I can do in return for all your amazing help, and thank you once again.

[Chow]

Quote:

Originally Posted by Chow

Hey,

Thanks a lot for all the help. Spybot doesn't detect anything anymore, and after following all your instructions a lot of odd problems on my computer were fixed too.

Also, on your last set of instructions for me it says to go to Java in the control panel but I only have a "Java Plug-in" icon that brings up a window that doesn't have any of the things you say to do.

And, I'm just curious, how do you know all of these things and why do you help out others for free? You would be a really great computer technician.

Hehe sorry but another question: What computer maintaining programs do you use on your computer? I have spybot, adaware, and now AVG which works really nicely.

Do you suggest getting SP2?

Anyways, you don't have to answer any of those questions if you don't want to, but I just want to say thank you very much. Your instructions were the easiest instructions to follow that I have ever had to follow (eh, bad wording sorry), and they were all very polite. I hope there's something I can do in return for all your amazing help, and thank you once again.

[Chow]

Oops... was editing the last post to stick in the SP2 question and did that on accident...

[Ried]

Hello Chow,

You're welcome, and your kind words are very much appreciated.

How do I know all this? Many hours of training, experience, and constant reading to keep up on the newest threats and latest methods of proper removal. The credit really goes to those experts who do the 'dirty work' and provide the information and specialty tools we often need to properly clean systems.

I use the same programs you mentioned above, as well as the programs I'll list for you in a moment.

Yes, please update to SP2 as many previous Windows vulnerabilities are 'corrected' with SP2. Microsoft has also stopped providing support for SP1.

Regarding your java, please do the following so I can better explain to you how to clear the cache:


Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.

------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links.


Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:


Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

Now navigate to C:\ie-spyad. Double click to open it.

• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically.

**Don't forget to post the uninstall_list.txt**

[Chow]

Ok, I'm getting to the HiJack this log uninstall_list.txt but first, when I try updating to SP2, the installation begins fine but then when the install wizard comes up it gets stuck at

"Please wait while setup inspects your current configuration, archives your current files and updates your files,"
"Creating cabinets,"
"Details: Running processes before install"

Those are all in the window in order from the highest to the lowest positioning. Sorry if its hard to picture. I started the installation last night and it just got stuck there so I thought it was just part of it that took really long, so I left it on overnight but it was still like that in the morning.

Yup... Well just wanted to stick that in here first since I have to close it to get to my desktop.

[Chow]

µTorrent
ACDSee
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0
Ahead Nero Burning ROM
America Online (Choose which version to remove)
Apple Software Update
AVG Anti-Spyware 7.5
BCM V.92 56K Modem
BitTornado 0.3.14
Britannica Ready Reference
CCleaner (remove only)
Combined Community Codec Pack 2006-01-18 (Remove Only)
DAO
Dell Photo AIO Printer 922
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
DVDSentry
EIA 5.0
Half-Life(R) 2
HijackThis 1.99.1
HP Photo Imaging Software
HP Photo Printing Software
HP Share-to-Web
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Q903235
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.1
Java Web Start
Kaspersky Online Scanner
Lavasoft VX2 Cleaner
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.75
Logitech Resource Center
Macromedia Flash Player 8
McAfee.com SecurityCenter
McAfee.com VirusScan Online
Medved QuoteTracker
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Data Access Components KB870669
Microsoft Encarta 96 Encyclopedia
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Small Business
Microsoft Picture It! Express 7.0
Microsoft Plus! Digital Media Edition
Modem Helper
Mozilla Firefox (2.0)
MyDVD
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
PowerDVD
PowerISO
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Sentinel System Driver
Shockwave
SoundMAX
Spybot - Search & Destroy 1.3
SpywareBlaster v3.5.1
Steam
Tom Clancy's Splinter Cell Chaos Theory
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows SA
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB885523
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
WordPerfect Office 11
World of Warcraft