Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Intelligent Advisor Removal (with Logs)

Started by gotoblivon , Jan 03 2008 03:14 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 gotoblivon

gotoblivon

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Games (mostly strategy and rpg), music composition and arrangement, teaching, learning, life

Posted 03 January 2008 - 03:14 PM

I need to get that darned Intelligent Advisor Off my computer. I have already deleted the program files, but it still pops up. The pop-ups it gives are really annoying. My IE seems to "deselect" itself, like a new window is coming up, but one never does. This happens usually after opening a new webpage. The computer has also been running a little slower than it should, but I am attributing that to the age of the computer. Please help, I dunno if anything else is on here also.

[edit] Intelligent Adivsor is gone. however, now I am just getting popups at random everytime I click a link. Also, there are times where I cannot open up windows at all, even the taskmanager. Making things worse, every now and again, my desktop will totally refresh itself, just as if I had just booted up the computer. Should I post these issues in a new thread? (what follows is the most recent log I have.)

Logfile of HijackThis v1.99.1
Scan saved at 5:43:11 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtsp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [54c82a31] rundll32.exe "C:\WINDOWS\system32\fqpppdmw.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192849570288
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192854283030
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file:///I:/ALBUMS/ALBUM_A/PLUGIN/HPRMFFC.CAB
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Edited by gotoblivon, 04 January 2008 - 04:43 PM.

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 05:15 PM

Hello and Welcome to the forum.

I suggest you do this:


Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe.



Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 gotoblivon

gotoblivon

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Games (mostly strategy and rpg), music composition and arrangement, teaching, learning, life

Posted 04 January 2008 - 09:05 PM

Thank you so much for your reply. I wasn't to worried about the problem until other things started going on, then I became really worried. Here's my combo fix log:

ComboFix 08-01-04.1 - Administrator 2008-01-04 18:40:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1512 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows NT\rtenefsu.html
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\cctxflkc.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dqjejqba.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\fqpppdmw.dll
C:\WINDOWS\system32\gxubbdsw.dll
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\oxtbumbw.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\RCX2D.tmp
C:\WINDOWS\system32\RCX37.tmp
C:\WINDOWS\system32\wmdpppqf.ini
C:\WINDOWS\system32\wsdbbuxg.ini
C:\WINDOWS\system32\xxyywvv.dll
C:\WINDOWS\Fonts\'

<pre>
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd .exe" replaces infected copy of "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe"
"C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe" replaces infected copy of "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe" replaces infected copy of "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files\DAEMON Tools\daemon .exe" replaces infected copy of "C:\Program Files\DAEMON Tools\daemon.exe"
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd .exe" replaces infected copy of "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"C:\Program Files\iTunes\iTunesHelper .exe" replaces infected copy of "C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe" replaces infected copy of "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient .exe" replaces infected copy of "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 03:44 . 2008-01-03 03:49 <DIR> d-------- C:\Program Files\Worms World Party
2007-12-29 22:37 . 2007-12-29 22:38 <DIR> d-------- C:\Downloads
2007-12-26 18:36 . 2007-12-26 20:50 <DIR> d-------- C:\Program Files\MediaCoder
2007-12-25 13:48 . 2007-12-25 13:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-25 13:48 . 2007-12-25 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 01:35 . 2007-12-25 01:35 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-25 01:32 . 2007-12-25 02:05 <DIR> d--hs---- C:\WINDOWS\UGllcmNlIEthbXN0cmE
2007-12-25 01:32 . 2007-12-25 13:30 <DIR> d-------- C:\WINDOWS\system32\to9
2007-12-25 01:32 . 2007-12-26 03:55 <DIR> d-------- C:\WINDOWS\system32\dj2
2007-12-25 01:32 . 2007-12-25 01:32 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-25 01:32 . 2007-12-25 01:32 <DIR> d-------- C:\temp\cEeer12
2007-12-25 01:30 . 2007-12-25 13:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 20:50 . 2007-12-25 01:52 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-24 03:00 . 2007-12-24 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-23 17:02 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-23 16:57 . 2007-12-23 16:57 <DIR> d-------- C:\Program Files\Nero
2007-12-23 16:57 . 2007-12-23 17:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-23 16:57 . 2007-12-23 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-18 16:15 . 2008-01-03 01:51 <DIR> d-------- C:\Program Files\Magic Suitcase
2007-12-15 22:28 . 2007-12-15 22:41 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-12-15 22:28 . 2007-12-15 23:10 76,675 --a------ C:\WINDOWS\War3Unin.dat
2007-12-15 22:28 . 2007-12-15 22:41 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-12-15 22:21 . 2008-01-04 16:48 <DIR> d-------- C:\Program Files\Warcraft III
2007-12-14 00:08 . 2007-12-14 00:08 <DIR> d-------- C:\WINDOWS\Sun
2007-12-09 22:58 . 2007-12-09 22:58 <DIR> d-------- C:\Program Files\Estima
2007-12-09 22:57 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-08 21:31 . 2004-08-04 01:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-08 21:31 . 2004-08-04 01:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-08 15:49 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-08 15:49 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-08 15:49 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-08 15:49 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-08 15:49 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-08 15:49 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-08 15:48 . 2007-12-08 15:48 <DIR> d-------- C:\temp\HP_WebRelease
2007-12-08 15:48 . 2008-01-04 18:47 <DIR> d-------- C:\temp
2007-12-08 15:48 . 2007-12-08 15:50 102,032 --a------ C:\WINDOWS\hpoins04.dat
2007-12-08 15:48 . 2004-06-22 04:20 17,218 --------- C:\WINDOWS\hpomdl04.dat
2007-12-08 15:38 . 2007-12-08 15:49 <DIR> d-------- C:\Program Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 23:50 --------- d-----w C:\Program Files\iTunes
2008-01-04 23:50 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-04 23:47 --------- d-----w C:\Program Files\QuickTime
2008-01-04 22:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-01-03 21:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-01-03 09:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-12-30 01:21 --------- d-----w C:\Program Files\Cain
2007-12-25 18:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 18:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-12-22 04:08 --------- d-----w C:\Program Files\Xfire
2007-12-21 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-20 21:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-18 21:16 1,409 ----a-w C:\WINDOWS\Fonts\MAGIS.FOT
2007-12-18 21:16 1,409 ----a-w C:\WINDOWS\Fonts\MAGIC.FOT
2007-12-14 04:10 --------- d-----w C:\Program Files\Java
2007-12-11 23:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 23:24 --------- d-----w C:\Program Files\Image-Line
2007-12-03 23:22 --------- d-----w C:\Program Files\Steinberg
2007-12-03 02:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-03 00:19 --------- d-----w C:\Program Files\iPod
2007-12-02 23:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-02 22:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-26 19:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-11-26 02:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-11-26 02:01 --------- d-----w C:\Program Files\Ventrilo
2007-11-25 03:17 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-24 19:05 --------- d-----w C:\Program Files\Warcraft 3
2007-11-24 18:55 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-24 18:31 --------- d-----w C:\Program Files\XP Codec Pack
2007-11-24 18:25 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-24 18:25 --------- d-----w C:\Program Files\Hamachi
2007-11-24 02:17 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-24 02:09 --------- d-----w C:\Program Files\WinPcap
2007-11-23 19:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
2007-11-22 05:31 --------- d-----w C:\Program Files\Common Files\Java
2007-11-22 02:18 --------- d-----w C:\Program Files\uTorrent
2007-11-20 21:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-19 03:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2007-11-19 03:35 --------- d-----w C:\Program Files\DivX
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 23:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-06 23:47 249,856 ------w C:\WINDOWS\Setup1.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\UGllcmNlIEthbXN0cmE\o355wAh5KHQ1vrhXwAH.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-04 14:52 171464]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-04 14:52 219520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-04 14:52 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2008-01-04 14:52 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 14:52 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-04 14:52 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-04 14:52 153136]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-04 21:25:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2007-10-19 16:33:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
backup=C:\WINDOWS\pss\Neverwinter Nights Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 06:00]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 21:22]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 19:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc824b9e-9a33-11dc-ba30-001b2f7823ae}]
\Shell\AutoRun\command - K:\autoplay.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 12:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 21:55:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
Completion time: 2008-01-04 22:01:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 03:01:00
.
2007-12-24 08:00:49 --- E O F ---



And My HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:04:35 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\spyware.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192849570288
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192854283030
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file:///I:/ALBUMS/ALBUM_A/PLUGIN/HPRMFFC.CAB
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


Thank you again for your help, it is a wonderful thing you are doing here.

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:23 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\UGllcmNlIEthbXN0cmE\o355wAh5KHQ1vrhXwAH.vbs

Folder::
C:\WINDOWS\UGllcmNlIEthbXN0cmE
C:\WINDOWS\system32\to9
C:\WINDOWS\system32\dj2
C:\WINDOWS\system32\ardCo18
C:\temp\cEeer12


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 gotoblivon

gotoblivon

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Games (mostly strategy and rpg), music composition and arrangement, teaching, learning, life

Posted 04 January 2008 - 09:41 PM

thank you again for your reply. My computer seems to be running fine for now, now popups or anything, except for the occasional deselecting of my window, which I cannot yet explain. My Combofix log:


ComboFix 08-01-04.1 - Administrator 2008-01-04 22:29:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1570 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript
* Created a new restore point

FILE
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\UGllcmNlIEthbXN0cmE\o355wAh5KHQ1vrhXwAH.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\cEeer12
C:\temp\cEeer12\skAt.log
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\ardCo18\ardCo182328.exe
C:\WINDOWS\system32\dj2
C:\WINDOWS\system32\to9
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\UGllcmNlIEthbXN0cmE
C:\WINDOWS\UGllcmNlIEthbXN0cmE\o355wAh5KHQ1vrhXwAH.vbs

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 18:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 03:44 . 2008-01-03 03:49 <DIR> d-------- C:\Program Files\Worms World Party
2007-12-29 22:37 . 2007-12-29 22:38 <DIR> d-------- C:\Downloads
2007-12-26 18:36 . 2007-12-26 20:50 <DIR> d-------- C:\Program Files\MediaCoder
2007-12-25 13:48 . 2007-12-25 13:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-25 13:48 . 2007-12-25 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 01:30 . 2007-12-25 13:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 20:50 . 2007-12-25 01:52 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-24 03:00 . 2007-12-24 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-23 17:02 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-23 16:57 . 2007-12-23 16:57 <DIR> d-------- C:\Program Files\Nero
2007-12-23 16:57 . 2007-12-23 17:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-23 16:57 . 2007-12-23 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-18 16:15 . 2008-01-03 01:51 <DIR> d-------- C:\Program Files\Magic Suitcase
2007-12-15 22:28 . 2007-12-15 22:41 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-12-15 22:28 . 2007-12-15 23:10 76,675 --a------ C:\WINDOWS\War3Unin.dat
2007-12-15 22:28 . 2007-12-15 22:41 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-12-15 22:21 . 2008-01-04 16:48 <DIR> d-------- C:\Program Files\Warcraft III
2007-12-14 00:08 . 2007-12-14 00:08 <DIR> d-------- C:\WINDOWS\Sun
2007-12-09 22:58 . 2007-12-09 22:58 <DIR> d-------- C:\Program Files\Estima
2007-12-09 22:57 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-08 21:31 . 2004-08-04 01:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-08 21:31 . 2004-08-04 01:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-08 15:49 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-08 15:49 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-08 15:49 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-08 15:49 . 2004-03-18 16:55 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-08 15:49 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-08 15:49 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-08 15:48 . 2007-12-08 15:48 <DIR> d-------- C:\temp\HP_WebRelease
2007-12-08 15:48 . 2008-01-04 22:30 <DIR> d-------- C:\temp
2007-12-08 15:48 . 2007-12-08 15:50 102,032 --a------ C:\WINDOWS\hpoins04.dat
2007-12-08 15:48 . 2004-06-22 04:20 17,218 --------- C:\WINDOWS\hpomdl04.dat
2007-12-08 15:38 . 2007-12-08 15:49 <DIR> d-------- C:\Program Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-01-04 23:50 --------- d-----w C:\Program Files\iTunes
2008-01-04 23:50 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-04 23:47 --------- d-----w C:\Program Files\QuickTime
2008-01-03 21:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-01-03 09:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-12-30 01:21 --------- d-----w C:\Program Files\Cain
2007-12-25 18:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 18:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-12-22 04:08 --------- d-----w C:\Program Files\Xfire
2007-12-21 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-20 21:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-18 21:16 1,409 ----a-w C:\WINDOWS\Fonts\MAGIS.FOT
2007-12-18 21:16 1,409 ----a-w C:\WINDOWS\Fonts\MAGIC.FOT
2007-12-14 04:10 --------- d-----w C:\Program Files\Java
2007-12-11 23:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 23:24 --------- d-----w C:\Program Files\Image-Line
2007-12-03 23:22 --------- d-----w C:\Program Files\Steinberg
2007-12-03 02:01 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-03 02:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-03 00:19 --------- d-----w C:\Program Files\iPod
2007-12-02 23:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-02 22:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-26 19:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-11-26 04:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-26 02:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-11-26 02:01 --------- d-----w C:\Program Files\Ventrilo
2007-11-25 03:17 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-24 19:05 --------- d-----w C:\Program Files\Warcraft 3
2007-11-24 18:55 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-24 18:31 --------- d-----w C:\Program Files\XP Codec Pack
2007-11-24 18:25 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-24 18:25 --------- d-----w C:\Program Files\Hamachi
2007-11-24 02:17 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-24 02:09 --------- d-----w C:\Program Files\WinPcap
2007-11-23 19:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger
2007-11-22 05:31 --------- d-----w C:\Program Files\Common Files\Java
2007-11-22 02:18 --------- d-----w C:\Program Files\uTorrent
2007-11-20 21:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-19 03:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2007-11-19 03:35 --------- d-----w C:\Program Files\DivX
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 23:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-06 23:47 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 02:03 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-04 14:52 171464]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-01-04 14:52 219520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-04 14:52 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2008-01-04 14:52 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-04 14:52 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-04 14:52 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-01-04 14:52 153136]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-04 21:25:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2007-10-19 16:33:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
backup=C:\WINDOWS\pss\Neverwinter Nights Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 06:00]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 21:22]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 19:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc824b9e-9a33-11dc-ba30-001b2f7823ae}]
\Shell\AutoRun\command - K:\autoplay.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 12:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 22:30:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
Completion time: 2008-01-04 22:32:08
ComboFix-quarantined-files.txt 2008-01-05 03:31:14
ComboFix2.txt 2008-01-05 03:01:05
.
2007-12-24 08:00:49 --- E O F ---

And my HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:40:38 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\spyware.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192849570288
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192854283030
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file:///I:/ALBUMS/ALBUM_A/PLUGIN/HPRMFFC.CAB
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

thank you, the improvments that I have seen already are great.

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:45 PM

Good job :thumbup:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image


    Here's my usual all clean post

    Log looks good :D


    You need to create a new Clean restore point.

    Note: This will remove all previous Restore Points

    Click Start Menu > Run > copy and paste

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

    Double-click My Computer.
    Click the Tools menu, and then click Folder Options.
    Click the View tab.
    Check "Hide file extensions for known file types."
    Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
    Check "Hide protected operating system files."
    Click Apply, and then click OK.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
        [list=a]
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 gotoblivon

gotoblivon

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Games (mostly strategy and rpg), music composition and arrangement, teaching, learning, life

Posted 04 January 2008 - 09:51 PM

thank you so much. This is a load off of my mind. I'll post here again if any more issues of the same nature comes up. Thanks!!

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:54 PM

You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 January 2008 - 09:54 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·