Please Review My Log

Blitzkrieg047 · June 2007

My computer has been running sluggish lately. Firefox is unusable to me because my computer sits there and loads nothing and i cannot get anything done. I have to use Ctrl alt delete to shut it down because its using so much memory, i looked at the processes list and firefox was using atleast 600,000 K of space. World of warcraft doesnt run well either, ive forwarded the right ports and my latency has been up way higher then it used to be. I figure you guys might be able to do something with this log... i cant make heads or tails of it.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:20 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ContentWatch\Internet Protection\ContentProtect\cwsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ContentWatch\Internet Protection\gui\cwcptray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [cwcptray] "C:\Program Files\ContentWatch\Internet Protection\gui\cwcptray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O8 - Extra context menu item: Send Image to Photo Library - [URL]file://C:\Documents[/URL] and Settings\Owner\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload Picture - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload Picture to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135963657015
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/blasterball2Remix/install.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: CwWLEvent - C:\Program Files\ContentWatch\internet protection\common\cwplc001.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ContentProtect (CwCpSvc20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\ContentProtect\cwsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

Baabiouz · June 2007

Hi Blitzkrieg047!

Please visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\services.exe
* Click the Open button
* Click the Send button
* Copy and paste the results back here

Blitzkrieg047 · June 2007

Hello thanks for the reply

I cant find the said services.exe in C:\WINDOWS\ ... yeah

Baabiouz · June 2007

Okay, let's try this..

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\services.exe
* Click the Open button
* Click the Send button
* Copy and paste the results back here

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Blitzkrieg047 · June 2007

I still couldnt find C:\WINDOWS\services.exe, but i did a scan on C:\WINDOWS\system32\services.exe (which took forever because the browser window kept freezing randomly) and here are the results:

Complete scanning result of "services.exe", received in VirusTotal at 06.17.2007, 22:31:00 (CET).

AntivirusVersionUpdateResultAhnLab-V32007.6.16.006.15.2007 no virus foundAntiVir7.4.0.3206.17.2007 no virus foundAuthentium4.93.806.16.2007 no virus foundAvast4.7.997.006.16.2007 no virus foundAVG7.5.0.46706.17.2007 no virus foundBitDefender7.206.17.2007 no virus foundCAT-QuickHeal9.0006.16.2007 no virus foundClamAVdevel-2007041606.17.2007 no virus foundDrWeb4.3306.17.2007 no virus foundeSafe7.0.15.006.17.2007 no virus foundeTrust-Vet30.7.372106.15.2007 no virus foundEwido4.006.17.2007 no virus foundFileAdvisor106.17.2007 No threat detectedFortinet2.85.0.006.17.2007 no virus foundF-Prot4.3.2.4806.15.2007 no virus foundF-Secure6.70.13030.006.15.2007 no virus foundIkarusT3.1.1.806.17.2007 no virus foundKaspersky4.0.2.2406.17.2007 no virus foundMcAfee505406.15.2007 no virus foundMicrosoft1.260706.17.2007 no virus foundNOD32v2233406.15.2007 no virus foundNorman5.80.0206.15.2007 no virus foundPanda9.0.0.406.17.2007 no virus foundPrevx1V206.17.2007 no virus foundSophos4.18.006.12.2007 no virus foundSunbelt2.2.907.006.16.2007 no virus foundSymantec1006.17.2007 no virus foundTheHacker6.1.6.13306.15.2007 no virus foundVBA323.12.0.206.15.2007 no virus foundVirusBuster4.3.23:906.17.2007 no virus foundWebwasher-Gateway6.0.106.17.2007 no virus found
Aditional InformationFile size: 108032 bytesMD5: c6ce6eec82f187615d1002bb3bb50ed4SHA1: b958912d139cb8dbfeeacdd38ba048c4f452174e

Baabiouz · June 2007

Okay..

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ix/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

********************

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

SelectMy Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

*****************

Please, send a fresh HijackThis log and Kaspersky online scanner results.

Blitzkrieg047 · June 2007

OMG... get ready to bleed from your eyes

Edit: the copy and paste looked so jumbled, so i uploaded the saved HTML to filefront. But i still kept it so you can see how bad it is. link

KASPERSKY ONLINE SCANNER REPORT Monday, June 18, 2007 11:15:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 348611
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerA:\
C:\
D:\
E:\
F:\
G:\ Scan StatisticsTotal number of scanned objects174520Number of viruses found39Number of infected objects71 / 0Number of suspicious objects0Duration of the scan process03:31:20
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\ContentWatch\Internet Protection\db\cwactivities.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\ContentWatch\Internet Protection\db\cwbase.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\012C7671/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\012C7671/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\012C7671 Embedded CAB: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\012C7671 CryptFF: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09B90C22 Infected: Trojan-Dropper.Win32.Small.mh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11FB78E1 Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16A30725 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16BD7ECC Infected: not-a-virus:AdWare.Win32.Altnet.i skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19F65707 Infected: Trojan.Win32.KillAV.ef skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ECC2D01 Infected: Trojan-Downloader.Win32.Briss.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EE31CCD Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\227C26D2 Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28177A6C Infected: Trojan-Spy.Win32.SCKeyLog.au skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28E15CA2 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\359E0322 Infected: Trojan-Downloader.Win32.Apropo.ae skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39325915 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398611EB Infected: Trojan.Win32.KillAV.ef skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD04E10 Infected: Trojan.Win32.KillAV.ef skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E81788F Infected: not-a-virus:Monitor.Win32.Perflogger.aa skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40455775 Infected: Trojan-Downloader.Win32.Adload.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40480172 Infected: Trojan-Downloader.Win32.Agent.hw skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\404B2B6E Infected: not-a-virus:AdWare.Win32.SurfAccuracy.b skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42370ACC Infected: Backdoor.Win32.Prorat.19 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\423E5EC5 Infected: Backdoor.Win32.Prorat.19 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\424432BE Infected: Backdoor.Win32.Prorat.19 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42482EC7 Infected: Trojan-Dropper.Win32.Small.uv skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\428C4E6F Infected: Trojan-Clicker.Win32.Delf.r skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\428F786B Infected: not-a-virus:Monitor.Win32.Perflogger.al skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47943072 Infected: Trojan-Dropper.Win32.Delf.z skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CB27D89 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51540802 Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56A412DF Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581825D2 Infected: Trojan-Downloader.Java.OpenConnection.aj skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C272371/stream Infected: Trojan-Downloader.NSIS.Agent.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C272371 NSIS: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C272371 CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C5B2809 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63160FA5 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631939A2 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64A3164A Infected: not-a-virus:AdWare.Win32.F1Organizer.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64A64047 Infected: Trojan-Downloader.Win32.Dyfuca.dd skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EA93AA1 Infected: not-a-virus:AdWare.Win32.Altnet.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76990D76 Infected: not-a-virus:Monitor.Win32.Perflogger.ad skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77530F42 Infected: Trojan.Win32.KillAV.ef skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B666122 Infected: Trojan-Dropper.Win32.Agent.of skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C2B005F Infected: not-a-virus:Porn-Dialer.Win32.Intexdial skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EFA3714 Infected: Trojan.Win32.KillAV.ef skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F1A3A5F Infected: Backdoor.Win32.Prorat.191 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F406502 Infected: Trojan.WinREG.StartPage skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FD41392 Infected: Backdoor.Win32.Prorat.19.al skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS02721FB4-731B-4B0E-BB75-6B43D9B069CE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04E274E4-306D-49FB-8DDD-D5BDB164C63B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09DEB781-EC95-4929-A0CA-34DCE1DA6CCB.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CA90F38-4716-4CAB-A462-BBCD99331FD2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CC22FD8-CDA3-4D77-9365-EF817B8FBDF2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10E5036A-5E5C-4641-88CF-A1E20016DB27.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS16280015-56E5-46D1-AB10-D036E2A7B6EF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17F69A84-2E7E-4792-A8E9-632D860D7792.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS199FC975-CC71-4D6E-9564-94CDF4DF33FE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BCE2E6D-EF1A-444B-8726-9CC84735E167.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BD86637-A8E5-4781-A0AA-DAFC94A54B5B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1DFC7ED2-D26C-4A0C-AE7B-C6B31397232C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS271DCC42-4B6E-4F9E-8CC4-32D631201F77.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29920F85-7AB2-42B6-82D9-B15C5E43A7EA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS29E7F1F2-B2ED-46F7-BBF3-78DD8DF265DE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D37AD02-5957-4A5D-9171-BBAD7B02C1D5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32206F3B-D4F0-48B8-A662-9F33CE2EF97D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C2187FD-495F-472D-A6FD-C26E736CA529.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C777E3F-2B4F-4B1C-A9A1-BCEE6CBDD104.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E965644-4413-4B30-8F9F-62B88AA4F89E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS458D20B0-D6CB-48AC-B179-42349FB915AD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B65634B-9AE1-4867-A686-33DCD0A47227.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C030608-AABE-46D1-8D68-698C0F24A10C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS50F39BB8-E00D-4C40-8564-F1B60B2F0D68.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS52A57A75-1155-4D40-A497-692F4581ED68.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS61A118ED-C615-4032-8C1B-8BFE0F2BE29B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63C60E72-4E9B-46C6-9E73-67A27AF8F5A2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS660719FE-4E28-4BAD-A137-70B4DD4C8D01.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS66D62729-445F-431C-8AEE-469061BEC432.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6BF9354B-A96C-4EEF-AA92-BE4BC1746119.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EA8FFE8-E737-4F05-8786-247684D94228.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EDC4CB6-95E3-4396-A749-B512CD87548D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS70C62C1D-98DF-4B8F-8D74-230256ABFD78.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS70F84BCB-D31B-4653-A2B5-8DF3B1C5A052.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71A1C21B-F233-4CFC-B1C6-40142FD1E06B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS732E8271-E647-42E8-AEF7-8ECA6CE31337.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS772EBAEE-EC93-4546-B151-7DC966C485DA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80E408D2-D830-43F7-8A73-B731C45794C7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B1ED5A5-8E43-4D0A-ACE0-E244E453FCB9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90716B41-4422-4319-82A4-7D798A47DF47.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90CBF561-629A-46D4-B179-17BDAB55B577.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90FFA63E-527C-4D89-A2FC-3192D82D9022.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS948A20AA-566A-47E9-9312-2FF20867BE73.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS954C15E4-3633-4D4A-80B7-46BFCB4431E7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95729E13-0923-410F-9B95-3640B235E766.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96F03F17-49DA-4B3F-9253-0EF399E290F8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B8A33F4-699F-4168-B1E8-380E2FFD8EE5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2865EFA-6BFD-4B8C-AEE5-818D4B41ACE5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1C151C6-E711-47C5-9DB2-5A82F971A769.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA47567D-3269-4075-BE72-4FCF75CC91F7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD609CF0-E089-4890-8F3F-2C741FF77294.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC47CDAE-A985-4752-826D-050093228C5A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD3DE3C39-8DC5-41A7-9EBB-23C52F732788.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD46A275C-15EE-4865-ACE0-D0757EB5DBC4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD9670B91-527F-431F-81DC-F92CCB022C90.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDF65E1E1-D4F6-4423-923E-0FFF4664C1C2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE269EB42-FE1B-4059-B4B5-E6BD436142EF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE9DFA701-16CA-47C1-B55B-E25E8F77AD6F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE1CD988-67A6-466A-B937-31A2DDFD6314.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE33EE06-0F4C-4352-BA54-17A4417ED5A1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF1A03460-22E4-4975-BCF5-C0B0E2A3680B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2BA285E-4851-4B27-94EF-9AAE0A592225.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF4379CF6-7FFA-4C9E-8E42-3FEF5332B6B9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5C47A0F-BBAB-4CA6-AB72-CAF5E529BE04.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF64FAB09-6A67-4985-856B-0ACCAC1FDC00.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF668D3AE-354E-428B-AF71-B4458AB98E95.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF82EB948-3302-4E43-82B0-A7165F0AF401.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFACE9636-E19F-4F01-BA25-55A65AF34D87.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB8D2D2A-2C9D-4B9D-B28F-59B0519E3F78.tmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Desktop\hijackthis_199\backups\backup-20070618-180845-151.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.n skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004/data0008 Infected: Trojan-Downloader.Win32.Keenval.n skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004/data0009 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0011/data0002 Infected: not-a-virus:AdWare.Win32.PowerSearch.b skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0011/data0003 Infected: Trojan-Downloader.Win32.Keenval.n skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe/data0011 Infected: Trojan-Downloader.Win32.Keenval.n skipped C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe NSIS: infected - 11 skipped C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\8L1I6BUD\popup[1].htm Infected: Trojan-Downloader.JS.IstBar.q skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt\0139NAV~.TMP Object is locked skipped C:\Program Files\Norton AntiVirus\Savrt\0799NAV~.TMP Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\Program Files\World of Warcraft\BackgroundDownloader.exe Infected: Trojan-PSW.Win32.WOW.rg skipped C:\Program Files\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe Infected: Trojan-PSW.Win32.WOW.rg skipped C:\Program Files\World of Warcraft\WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe Infected: Trojan-PSW.Win32.WOW.rg skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP845\A0315913.exe Infected: Trojan-PSW.Win32.WOW.rg skipped C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP849\A0320002.exe Infected: Trojan-PSW.Win32.WOW.rg skipped C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP866\A0324851.exe Infected: Trojan-PSW.Win32.WOW.rg skipped C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP885\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MAIN.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT04c79.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT04c7c.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:04 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ContentWatch\Internet Protection\ContentProtect\cwsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ContentWatch\Internet Protection\gui\cwcptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [cwcptray] "C:\Program Files\ContentWatch\Internet Protection\gui\cwcptray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture to Mobile Phone - C:\Program Files\Pix2Fone\p2fd.html
O8 - Extra context menu item: Send Image to Photo Library - [URL]file://C:\Documents[/URL] and Settings\Owner\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload Picture - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O9 - Extra 'Tools' menuitem: Upload Picture to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\Program Files\Pix2Fone\p2fup.html (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DD4ADBE-E91D-48CC-9A04-87EA1674E385} (PerfTesAXDemo Control) - http://gamer.ubicom.com/benchmarks/PerfTestCliActiveXproj_aug23.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135963657015
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: CwWLEvent - C:\Program Files\ContentWatch\internet protection\common\cwplc001.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ContentProtect (CwCpSvc20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\ContentProtect\cwsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

Baabiouz · June 2007

Hi!
That wasn't so bad

Please Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

*******************

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

*******************

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe
C:\Program Files\World of Warcraft\WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe

C:\Documents and Settings\Owner\Local Settings\Temp\setup_Aimfilez_bundle.exe

*******************

Please, make empty this folder:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\

*******************

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

*******************

[*]Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Xp System Restore

*******************

After doing those things, do you have problems?

Blitzkrieg047 · June 2007

Its gotten much better, i think im gonna stop using firefox for good because it keeps using so much memory. WoW latency has improved alot also. I have to say thanks for the help you and this forum has given. Ill post again here if i have any more issues.

Baabiouz · June 2007

Okay.. here is clean speech

Log looks clean...great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  1. Change the Download signed ActiveX controls to Prompt
  2. Change the Download unsigned ActiveX controls to Disable
  3. Change the Initialize and script ActiveX controls not marked as safe to Disable
  4. Change the Installation of desktop items to Prompt
  5. Change the Launching programs and files in an IFRAME to Prompt
  6. Change the Navigate sub-frames across different domains to Prompt
  7. When all these settings have been made, click on the OK button.
  8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Blitzkrieg047 · June 2007

I did what you said with all those things, but now my sound doesnt work, i think windows update screwed me over D:<<

Ive checked everything, the cord, the driver, volume settings, nothing!

Baabiouz · June 2007

Hm.. I think, i can't help you with sounds.. :sad2:
Ask help at somewhere this website..(icrontic)

Baabiouz · July 2007

This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

If you are not the user who started this thread, you must start a new Thread instead

Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here

Please Review My Log

Comments