Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need pc cleanup help after some cleaning
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-09-2008, 11:09 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Location: Mid-Missouri
Posts: 5
OS: WinXP Home SP2


Need pc cleanup help after some cleaning
I am doing my nephew a favor and trying to clean up his BADLY infected pc. I have run numerous scans including SpybotS&D, AdAware, AvastAV, AVG Anti-Spyware, online TrendMicro scan, and online Panda Activescan. Most had to be run in SafeMode. I had to download and burn an .iso boot CD that would allow me to delete an infected .dll file before Windows booted which caused access denied. I've also run the free Eusing Registry Cleaner in hopes of speeding up the boottime, but it is still very slow to load. A Celeron 1.3Ghz system with 256MB RAM. I have performed all Windows updates and installed Windows Defender. I even reinstalled Windows using the Repair option. It is still running very slowly and some scans find limited pieces of infection. Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:13 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198733508546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\HPSelect\profsywuylel.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Hewlett-Packard\profsywuylel.html

--
End of file - 6423 bytes

CAN YOU PLEASE REVIEW THIS and see if anything jumps out at you? The file I manually deleted outside of Windows was C:\WINDOWS\system32\cabine.dll. THANKS.
crazy_pc_lady is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-10-2008, 09:45 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista


Re: Need pc cleanup help after some cleaning
Hello crazy_pc_lady and welcome,

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply and we'll get started:

main.txt
an attached extra.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-10-2008, 06:40 PM   #3 (permalink)
Registered User
 
Join Date: Jan 2008
Location: Mid-Missouri
Posts: 5
OS: WinXP Home SP2


Question Re: Need pc cleanup help after some cleaning
Thanks for your prompt reply. Below and attached is the additional information you asked for. I thought I should also mention a couple of other things that may or may/not matter.

I ran a LOT of different programs to clean this up so I'm sorry I wasn't very specific in my first post. I also had a-squared malware remover installed, ran it once and uninstalled it b/c it was annoying.

I have been using a usb wireless network adapter to connect to dsl for updates and downloads. I will be uninstalling this before returning the pc to my nephew.

The BHO object that refers to the cabine.dll file that was deleted caused HJT to come up to a blank white screen and do nothing when I checked and tried to fix that item.

Could the fact that the system only has 256MB of RAM and I've installed SP2 and IE7 and done all the updates be some of the reason it runs so slow? Or do you think it is all spyware/malware/virus related?

Thanks in advance.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 19:26:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-01-11 01:26:45 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-01-11 01:24:54 UTC - RP4 - Software Distribution Service 3.0
3: 2008-01-11 01:09:19 UTC - RP3 - Software Distribution Service 3.0
2: 2008-01-10 03:52:24 UTC - RP2 - After clean
1: 2008-01-10 03:51:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:55 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198733508546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\HPSelect\profsywuylel.html
O24 - Desktop Component 1: (no name) - C:\Program Files\Hewlett-Packard\profsywuylel.html

--
End of file - 6274 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071228-221937-229 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20071228-222048-856 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20071228-222306-946 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080106-194753-302 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080106-194753-626 O2 - BHO: (no name) - {B8A9A434-68DB-4457-8F2D-38E678F503C1} - C:\WINDOWS\System32\xxptxxgt.dll (file missing)
backup-20080106-194753-875 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20080106-194855-977 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-193855-823 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-195031-199 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
backup-20080107-195031-230 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
backup-20080107-195031-415 O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
backup-20080107-195031-427 O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
backup-20080107-195031-772 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-195618-996 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-195953-424 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080107-200051-292 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll
backup-20080109-200000-140 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-200001-161 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
backup-20080109-200001-213 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080109-200001-398 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20080109-200001-566 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
backup-20080109-200003-593 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080109-200115-644 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-201558-414 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-201836-444 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-225515-770 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)
backup-20080109-230823-777 O2 - BHO: (no name) - {07A21E5B-E082-4B63-8CCE-EFC534DD934D} - C:\WINDOWS\System32\cabine.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 nnexavdc - c:\windows\system32\drivers\sfopkbcu.dat
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 BLKWGU(Belkin) (Belkin Wireless G USB Network Adapter(Belkin)) - c:\windows\system32\drivers\blkwgu.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CSRML (Windows Client/Server Runtime Management Layer) -
S2 Microsoft register shield -
S2 MSDisk (Network helper Service) -
S2 Performance Monitor -
S2 wms (Windows Management Service) -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-10 19:05:54 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-07-11 20:12:00 344 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1073876945.job


-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-10 19:08:40 0 d-------- C:\WINDOWS\LastGood
2008-01-09 21:31:19 0 d-------- C:\WINDOWS\network diagnostic
2008-01-09 21:02:49 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-07 20:18:08 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-01-06 21:51:07 0 d-------- C:\Program Files\Windows Defender
2008-01-06 19:11:14 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-06 19:01:22 0 d-------- C:\WINDOWS\Prefetch
2008-01-06 18:25:51 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-06 16:19:58 0 d-------- C:\Program Files\My Drivers
2008-01-06 14:40:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-06 14:40:07 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-30 22:27:58 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-12-30 21:40:17 0 d-------- C:\WINDOWS\peernet
2007-12-30 21:40:15 0 d-------- C:\WINDOWS\provisioning
2007-12-30 21:36:35 0 d-------- C:\WINDOWS\ServicePackFiles
2007-12-30 21:22:19 0 d-------- C:\WINDOWS\EHome
2007-12-30 15:51:20 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-30 15:50:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-30 14:44:45 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-28 20:41:18 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:18 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:17 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:17 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-12-28 20:41:16 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-12-28 20:41:08 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-12-28 20:41:07 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-12-28 20:41:07 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:06 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:06 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:05 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:04 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:04 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:03 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:02 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:01 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:41:01 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:40:59 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-28 20:28:43 0 d-------- C:\Program Files\MSXML 4.0
2007-12-28 20:26:55 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-28 20:26:55 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2007-12-27 00:03:18 0 d-------- C:\WINDOWS\system32\bits
2007-12-26 23:32:04 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-26 23:31:37 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-26 21:14:34 0 d-------- C:\Program Files\Trend Micro
2007-12-23 22:54:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-23 22:54:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 21:32:04 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-23 21:22:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-23 21:21:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-20 23:10:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-20 23:03:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-12-20 23:03:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 22:25:24 0 d-------- C:\WINDOWS\pss
2007-12-20 21:31:28 0 d-------- C:\Program Files\Alwil Software
2007-12-20 21:12:51 0 d-------- C:\Program Files\Lavasoft
2007-12-20 21:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-20 20:04:07 0 d-------- C:\Program Files\EliteProtector
2007-12-20 20:04:02 163709 --a------ C:\Documents and Settings\Administrator\Application Data\antivirus.exe
2007-12-20 20:02:21 402944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys <Not Verified; Belkin Corporation; Wireless G USB Network Adapter>
2007-12-20 19:58:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 19:57:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-20 19:55:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-20 19:55:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-20 19:55:33 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-20 19:55:33 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-20 19:55:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-20 19:55:33 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-20 19:55:33 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-20 19:55:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-20 19:55:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-12-20 19:55:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-12-20 19:55:32 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-01-09 20:36:06 0 d-------- C:\Program Files\Common Files
2008-01-09 20:34:39 0 d-------- C:\Program Files\Microsoft Money
2008-01-06 18:46:10 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-06 15:49:42 0 d-------- C:\Program Files\Messenger
2007-12-30 21:40:19 0 d-------- C:\Program Files\Movie Maker
2007-12-30 21:35:57 0 d-------- C:\Program Files\Windows NT
2007-12-30 14:41:51 0 d-------- C:\Program Files\Java
2007-12-26 23:47:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 23:33:24 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-23 20:46:45 0 d-------- C:\Program Files\QuickTime
2007-12-23 20:46:20 0 d-------- C:\Program Files\My Movies
2007-12-21 00:11:55 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-21 00:10:11 0 d-------- C:\Program Files\HPSelect
2007-12-20 21:47:41 0 d-------- C:\Program Files\??stem
2007-12-20 21:46:37 0 d-------- C:\Program Files\Microsoft Security Adviser
2007-12-05 16:28:46 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-02 14:05:14 1099310 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat
2007-12-01 15:36:19 0 d-------- C:\Program Files\UltimateBet


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A21E5B-E082-4B63-8CCE-EFC534DD934D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 11:04 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 07:25 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 06:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 06:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\HPSelect\profsywuylel.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\Hewlett-Packard\profsywuylel.html
FriendlyName=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER




-- End of Deckard's System Scanner: finished at 2008-01-10 19:29:34 ------------
Attached Files
File Type: txt extra.txt (14.0 KB, 1 views)
crazy_pc_lady is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-10-2008, 09:38 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista


Re: Need pc cleanup help after some cleaning
You're welcome, crazy_pc_lady.

Quote:
Could the fact that the system only has 256MB of RAM and I've installed SP2 and IE7 and done all the updates be some of the reason it runs so slow? Or do you think it is all spyware/malware/virus related?
A little of both. 512 is recommended for XP.
Quote:
Total Physical Memory: 254 MiB (512 MiB recommended).
You've done a great job with the tools you had available, but we need something a bit more powerful here.

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-12-2008, 06:33 AM   #5 (permalink)
Registered User
 
Join Date: Jan 2008
Location: Mid-Missouri
Posts: 5
OS: WinXP Home SP2


Pin Re: Need pc cleanup help after some cleaning
I finally got a chance to get back at working on this machine. Below is the ComboFix.txt and new HJT log you asked for. One note - When running ComboFix is rebooted which I wasn't expecting so I had not turned off the autoload features of the antivirus and anti-spyware programs. The Combofix screen said "Preparing log report. Do not run any programs until ComboFix has finished." It was rebooting and loading the autoloads which I turned off as they came up, but it took a long time and I hope it didn't cause any problems. Here are the logs:

ComboFix 08-01-11.3 - Owner 2008-01-12 7:05:35.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\antivirus.exe
C:\Documents and Settings\Owner\Application Data\install.dat
C:\Documents and Settings\Owner\My Documents\MCROSO~1
C:\Program Files\eliteprotector
C:\Program Files\Hewlett-Packard\profsywuylel.html
C:\Program Files\HPSelect\profsywuylel.html
C:\Program Files\Microsoft Security Adviser
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\stem~1
C:\Program Files\stem~1\??stem\
C:\Temp\fCOe
C:\WINDOWS\IA
C:\WINDOWS\system32\cabine.dll
C:\WINDOWS\system32\drivers\sfopkbcu.dat
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\RunOnce.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_FCI
-------\LEGACY_MICROSOFT_INET_SERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NNEXAVDC
-------\LEGACY_PERFORMANCE_MONITOR
-------\nnexavdc
-------\Performance Monitor


((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 07:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 19:26 . 2008-01-10 19:26 <DIR> d-------- C:\Deckard
2008-01-09 22:20 . 2008-01-09 22:21 97,558,528 --a------ C:\1CA.tmp
2008-01-09 21:39 . 2007-10-10 17:55 6,065,664 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-01-09 21:39 . 2007-06-30 21:31 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat
2008-01-09 21:39 . 2007-06-30 21:36 991,232 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll.mui
2008-01-09 21:39 . 2007-10-10 17:55 459,264 -----c--- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2008-01-09 21:39 . 2007-10-10 17:55 383,488 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2008-01-09 21:39 . 2007-10-10 17:55 267,776 -----c--- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2008-01-09 21:39 . 2007-10-10 17:55 63,488 -----c--- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll
2008-01-09 21:39 . 2007-10-10 17:55 52,224 -----c--- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2008-01-09 21:39 . 2007-10-10 04:59 13,824 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-01-09 21:02 . 2008-01-09 21:02 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-07 20:18 . 2008-01-09 21:57 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-06 21:51 . 2008-01-09 22:12 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-06 20:48 . 2007-02-28 03:10 2,180,352 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-01-06 20:48 . 2007-02-28 03:08 2,136,064 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-01-06 20:48 . 2007-02-28 02:38 2,057,600 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-01-06 20:48 . 2007-02-28 02:38 2,015,744 -----c--- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-01-06 20:35 . 2006-06-01 12:47 163,840 -----c--- C:\WINDOWS\SYSTEM32\dllcache\jgdw400.dll
2008-01-06 20:35 . 2006-06-01 12:47 27,648 -----c--- C:\WINDOWS\SYSTEM32\dllcache\jgpl400.dll
2008-01-06 20:23 . 2006-06-14 02:47 172,416 -----c--- C:\WINDOWS\SYSTEM32\dllcache\kmixer.sys
2008-01-06 20:23 . 2006-06-14 03:00 82,944 -----c--- C:\WINDOWS\SYSTEM32\dllcache\wdmaud.sys
2008-01-06 20:23 . 2006-06-14 02:47 6,400 -----c--- C:\WINDOWS\SYSTEM32\dllcache\splitter.sys
2008-01-06 20:04 . 2006-05-05 03:41 453,120 -----c--- C:\WINDOWS\SYSTEM32\dllcache\mrxsmb.sys
2008-01-06 19:14 . 2008-01-06 19:13 12,620 --a------ C:\WINDOWS\SYSTEM32\wpa.bak
2008-01-06 19:07 . 2001-08-07 18:28 577,536 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-01-06 18:57 . 2006-02-28 06:00 28,288 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\xjis.nls
2008-01-06 18:55 . 2006-02-28 06:00 482,304 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\pintlgnt.ime
2008-01-06 18:54 . 2006-02-28 06:00 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\msir3jp.lex
2008-01-06 18:53 . 2006-02-28 06:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\hwxjpn.dll
2008-01-06 18:52 . 2006-02-28 06:00 1,677,824 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\chsbrkr.dll
2008-01-06 18:51 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\fp4awel.dll
2008-01-06 18:48 . 2008-01-06 18:48 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-01-06 18:47 . 2008-01-06 18:47 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-06 18:47 . 2008-01-06 18:47 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-01-06 18:47 . 2008-01-06 18:47 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-01-06 18:47 . 2008-01-06 18:47 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-01-06 18:46 . 2006-02-28 06:00 16,384 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\isignup.exe
2008-01-06 18:35 . 2001-07-03 16:13 81,920 --a------ C:\WINDOWS\SYSTEM32\ps2.EXE
2008-01-06 18:34 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\SYSTEM32\drivers\RTL8139.sys
2008-01-06 18:24 . 2006-02-28 06:00 1,086,058 -ra------ C:\WINDOWS\SET9E.tmp
2008-01-06 18:24 . 2006-02-28 06:00 1,042,903 -ra------ C:\WINDOWS\SET9B.tmp
2008-01-06 17:38 . 2008-01-06 17:50 194 --a------ C:\WINDOWS\MyDrivers.ini
2008-01-06 17:34 . 2008-01-06 17:34 0 --a------ C:\smx.cat
2008-01-06 17:32 . 2008-01-06 17:32 0 --a------ C:\s3savNB.cat
2008-01-06 17:30 . 2008-01-06 17:30 0 --a------ C:\wtv4.cat
2008-01-06 17:30 . 2008-01-06 17:30 0 --a------ C:\wtv3.cat
2008-01-06 17:30 . 2008-01-06 17:30 0 --a------ C:\wtv1.cat
2008-01-06 17:30 . 2008-01-06 17:30 0 --a------ C:\wtv0.cat
2008-01-06 17:30 . 2008-01-06 17:30 0 --a------ C:\wfp4.cat
2008-01-06 17:30 . 2008-01-06 17:30 0 --a------ C:\wfp3.cat
2008-01-06 17:29 . 2008-01-06 17:29 0 --a------ C:\wfp2.cat
2008-01-06 17:29 . 2008-01-06 17:29 0 --a------ C:\wfp1.cat
2008-01-06 17:29 . 2008-01-06 17:29 0 --a------ C:\wfp0.cat
2008-01-06 17:29 . 2008-01-06 17:29 0 --a------ C:\i81xnt5.cat
2008-01-06 17:26 . 2008-01-06 17:26 0 --a------ C:\mx70.cat
2008-01-06 17:26 . 2008-01-06 17:26 0 --a------ C:\H1710200.cat
2008-01-06 16:25 . 2008-01-06 17:34 190 --a------ C:\Setup.DIY
2008-01-06 16:19 . 2008-01-06 17:34 <DIR> d-------- C:\Program Files\My Drivers
2008-01-06 14:40 . 2008-01-10 19:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-30 21:44 . 2004-08-04 01:56 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-12-30 21:40 . 2007-12-30 21:40 <DIR> d-------- C:\WINDOWS\provisioning
2007-12-30 21:40 . 2008-01-06 12:20 <DIR> d-------- C:\WINDOWS\peernet
2007-12-30 21:36 . 2007-12-30 21:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-30 21:28 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-12-30 21:22 . 2007-12-30 21:22 <DIR> d-------- C:\WINDOWS\EHome
2007-12-30 15:54 . 2007-12-30 15:52 102,664 --a------ C:\WINDOWS\SYSTEM32\drivers\tmcomm.sys
2007-12-30 15:51 . 2007-12-30 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-12-30 14:44 . 2007-12-30 14:47 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-30 14:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2007-12-28 21:43 . 2008-01-06 17:53 446,749 --a------ C:\WINDOWS\setupapi.old
2007-12-28 20:50 . 2004-08-04 01:56 768,512 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\helpctr.exe
2007-12-28 20:50 . 2004-08-04 01:56 385,024 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\callcont.dll
2007-12-28 20:50 . 2004-08-04 01:56 274,432 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\mst120.dll
2007-12-28 20:50 . 2004-08-04 01:56 77,824 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\nmcom.dll
2007-12-28 20:40 . 2003-02-28 18:26 49,424 --a------ C:\WINDOWS\SYSTEM32\clspack.exe
2007-12-28 20:32 . 2004-08-04 01:56 239,104 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2007-12-28 20:32 . 2004-08-04 01:56 239,104 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\srrstr.dll
2007-12-28 20:28 . 2007-12-28 20:28 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-28 20:26 . 2007-12-28 20:51 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-12-28 20:26 . 2004-01-09 23:11 26,112 --a------ C:\WINDOWS\SYSTEM32\xpsp1hfm.exe
2007-12-27 00:03 . 2007-12-27 00:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2007-12-27 00:01 . 2004-08-04 01:56 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2007-12-27 00:01 . 2004-08-04 01:56 18,944 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\qmgrprxy.dll
2007-12-27 00:01 . 2004-08-04 01:56 8,192 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\bitsprx2.dll
2007-12-27 00:01 . 2004-08-04 01:56 8,192 --a------ C:\WINDOWS\SYSTEM32\bitsprx2.dll
2007-12-27 00:01 . 2004-08-04 01:56 7,168 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\bitsprx3.dll
2007-12-27 00:01 . 2004-08-04 01:56 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx3.dll
2007-12-26 23:33 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-12-26 23:33 . 2007-07-30 19:19 549,720 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2007-12-26 23:33 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-12-26 23:33 . 2007-07-30 19:19 325,976 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2007-12-26 23:33 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2007-12-26 23:33 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
2007-12-26 23:33 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-12-26 23:33 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-12-26 23:33 . 2007-07-30 19:18 33,624 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2007-12-26 23:31 . 2007-12-26 23:31 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-12-26 21:14 . 2007-12-26 21:14 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:09 --------- d-----w C:\Program Files\HPSelect
2008-01-12 13:09 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-10 02:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-01-10 02:34 --------- d-----w C:\Program Files\Microsoft Money
2007-12-30 20:41 --------- d-----w C:\Program Files\Java
2007-12-27 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 02:46 --------- d-----w C:\Program Files\QuickTime
2007-12-24 02:46 --------- d-----w C:\Program Files\My Movies
2007-12-05 22:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-01 21:36 --------- d-----w C:\Program Files\UltimateBet
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 11:04 52736]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 19:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 18:36 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, append.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
--a------ 2001-10-02 21:23 94208 C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-11-15 10:53 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2003-11-10 13:55 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-07-12 02:12:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1073876945.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe0/#Hewlett-Packard#hp psc 1300 series#1073876945
"2008-01-12 13:17:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 07:15:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 7:21:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 13:21:00
.
2008-01-11 01:25:50 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:24:36 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198733508546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6261 bytes


THANKS AGAIN.
crazy_pc_lady is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-12-2008, 11:40 AM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista


Re: Need pc cleanup help after some cleaning
No worries, ComboFix ran as expected.

All that's left now is to to search for any remnants that may still be lurking. This online scan can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

Kaspersky results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-13-2008, 06:28 PM   #7 (permalink)
Registered User
 
Join Date: Jan 2008
Location: Mid-Missouri
Posts: 5
OS: WinXP Home SP2


Grin Re: Need pc cleanup help after some cleaning
I'm not actually working on this system beyond the clean-up, but it appears to be working properly now, but slow. Boot time is over 4 minutes, but may be due in part to the resident scanning software that loads at startup (i.e. Avast, AVG anti-spyware) and low memory (I have ordered a used 256MB sdram stick to double the memory, but it's not here yet). I really do appreciate your forum service here! THANKS! Here is the Kapersky scan (which showed 11 viruses and 180 infected objects when it completed) and latest HijackThis log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Sunday, January 13, 2008 7:16:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/01/2008
Kaspersky Anti-Virus database records: 510187
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 54292
Number of viruses found: 11
Number of infected objects: 180
Number of suspicious objects: 0
Duration of the scan process: 01:57:29

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UGES_0001_N122M2111NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.cn skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\14238460.exe.bac_a00128 Infected: Trojan.Win32.Pakes.brk skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\629497333.exe.bac_a00128 Infected: Trojan.Win32.Pakes.brk skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001343.exe.bac_a00128 Infected: Backdoor.Win32.SdBot.bhk skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001344.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001345.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001346.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001347.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001348.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001349.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001350.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001351.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001352.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001353.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001354.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001355.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001356.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001357.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001358.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001359.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001360.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001361.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001362.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001363.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001364.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001365.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001366.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001367.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001368.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001369.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001370.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001371.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001372.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001373.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001374.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001375.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001376.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001377.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001378.exe.bac_a00128 Infected: Backdoor.Win32.SdBot.bhk skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001379.exe.bac_a00128 Infected: Backdoor.Win32.IRCBot.afl skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001380.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001381.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001382.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001383.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001384.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001385.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001386.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001387.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001388.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001389.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001390.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001391.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001392.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001393.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001394.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001395.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001396.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001397.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001398.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001399.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001400.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001401.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001402.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001403.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001404.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001405.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001406.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001407.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001408.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001409.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001410.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001411.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001412.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001413.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001414.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001415.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001416.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001417.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001418.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001419.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001420.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001421.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001422.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001423.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001424.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001425.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001426.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001427.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001428.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001429.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001430.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001431.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001432.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001433.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001434.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001435.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001436.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001437.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001438.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001439.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001440.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001441.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001442.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001443.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001444.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001445.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001446.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001447.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001448.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001449.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001450.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001451.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001452.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001453.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001454.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001455.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001456.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001457.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001458.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001459.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001460.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001461.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001462.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001463.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001464.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001465.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001466.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001467.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001468.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001469.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001470.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001471.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001472.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001473.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001474.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001475.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001476.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001477.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001478.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001479.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001480.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001481.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001482.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001483.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001484.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001485.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001486.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001487.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001488.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001489.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001490.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001491.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001492.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001493.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001494.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001495.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001496.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001497.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001498.exe.bac_a00128 Infected: Net-Worm.Win32.Allaple.b skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001516.exe.bac_a00128 Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001644.exe.bac_a00128 Infected: Trojan.Win32.Dialer.yb skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001645.exe.bac_a00128 Infected: Trojan.Win32.Dialer.yb skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\A0001646.exe.bac_a00128 Infected: Trojan.Win32.Dialer.yb skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\mm27nov[1].exe.bac_a00128 Infected: Trojan.Win32.Pakes.brk skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\us10172[1].anr.bac_a00128 Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01062008-215140.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{98506D38-3ED7-4F8C-95E8-4AA6C871D668} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Application Data\antivirus.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\drivers\sfopkbcu.dat.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-01-12_ 71506.32.zip/sfopkbcu.dat Infected: Rootkit.Win32.Agent.tw skipped
C:\QooBox\Quarantine\catchme2008-01-12_ 71506.32.zip/sfopkbcu.dat.1 Infected: Rootkit.Win32.Agent.tw skipped
C:\QooBox\Quarantine\catchme2008-01-12_ 71506.32.zip ZIP: infected - 2 skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000069.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000070.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000071.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000072.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000073.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000074.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000075.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000076.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000077.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP2\A0000078.dll Infected: Trojan.Win32.BHO.abo skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP6\A0000128.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C3B17E04-A958-4E8E-818D-7121AF959F8C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_564.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:27 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198733508546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6170 bytes
crazy_pc_lady is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-13-2008, 07:02 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista


Re: Need pc cleanup help after some cleaning
Hi crazy_pc_lady,

Kaspersky is reporting items that have been safely quarantined, and backups made during the course of cleaning this system. We'll take care of that now.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Empty this folder:

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine

------------------------

The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your nephew's recent issue, I'm sure he'd like to avoid any future infections. Please have him take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

-------------------------------

AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools, but until you get the stick of RAM, you may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times.

To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days. To do so:

Open AVG Anti-Spyware.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.



**Kindly respond one more time and let me know if we may consider this thread resolved.

And may I add--job well done cleaning this system. There was little left for me to do.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-14-2008, 08:47 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2008
Location: Mid-Missouri
Posts: 5
OS: WinXP Home SP2


Re: Need pc cleanup help after some cleaning
Thanks for everything. I've uninstalled ComboFix and cleaned out the Housecall quarantine. The other things I will have to do later as I don't have the time tonite. I'm assuming this post will stay up for a while so I can find it to complete the other items.

One last question - Do you recommend a stand-alone firewall be installed in addition to the A/V and anti-spyware programs? I was looking at putting either ZoneAlarm's free edition or Comodo. I know WinXP has the firewall built-in but wondered if it's a good idea to add additional protection.

Also, on a sad note. I installed the 256MB memorystick today (which I thought was the correct type), but Windows starts to boot and keeps going back to the setup screen and I installed just that stick and it wouldn't boot. What was weird is that it was recognized in bios. Anyway, I pulled it and added a 64MB one I had laying around and it works. I know it's a different topic, but thought I'd mention it in case there is a setting or something to get it to load, but I'm guessing I bought the wrong memory or it is bad.

Thanks again... I guess I'm done.
crazy_pc_lady is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-14-2008, 10:57 PM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,798
OS: WinXP and Vista


Re: Need pc cleanup help after some cleaning
Hi,

Yes, I do recommend installing a third party firewall. Using a third-party firewall will allow you to give/deny access for applications that want to go online. They also control outbound traffic from your PC, which helps prevent anything that may have made it past your protection from calling out for it's payloads. Windows XP SP2 has a built-in firewall, but it does not monitor outbound traffic.

As you already have an issue with not enough memory and slow boot times, I would recommend Comodo over ZoneAlarm. ZoneAlarm tends to slow the boot time even more.

Comodo Personal Firewall


-----------------------

It does as though you purchased the incorrect RAM for this PC. If you still have trouble adding memory after you're sure you've purchased the correct one, you'd do best discussing it with the folks in RAM and Power Supply Support


Quote:
I'm assuming this post will stay up for a while so I can find it to complete the other items.
I'll move this thread to the HijackThis Resolved area, but you'll still be able to view it. Simply following the link in the e-mail notification will re-route you to that new location.

Take care, crazy_pc_lady.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:31 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85