Solved Computer infected by unknown trojan

[Resolved]Computer infected by unknown trojan

All right, I was online a few days ago and I was trying to watch a video on a web site, and it said I needed to download something before I could watch the video, so like an idiot I did, and pretty much instantly I started getting a popup that says,

"Your computer was infected by unknown trojan. It's dangerous for your system (Critical files can be lost)! Click OK to download the antispyware program to clean your system! (Recommended) "

Since it doesn't look like a normal windows vista type popup, I've just been exiting it, and not downloading what it seems to want me to.

I've run my McAfee antivirus and also AVG free, but they don't come up with anything... When I ran spybot it came up with something called win32.Agent.gvu and when I tried to get rid of it, spybot never showed it again...but the popups still aren't going away, so I'm not sure if that's my problem or not.

I'm kinda worthless when it comes to computers, besides doing the basic stuff, so if anyone who knows a bit more about them would be willing to give me some ideas, and help me out, I'd really appreciate it. My computer is running slow, both in booting up and when I'm on the internet....and yeah, I have no idea what I'm doing...hopefully someone out there can help me get this straightened out.

Thanks, Bobby

 

Hi Bobby Baldwin
Welcome to Windowsbbs.

Please download and install HijackThis and Run a scan then close HJT, then run Deckard's System Scanner and post the main.txt log here. Links and instructions here.

Thanks
Geri

 

Hi Geri, thanks for getting back to me so quickly. Here is the main.txt that popped up after I ran Deckard's System Scanner.

Deckard's System Scanner v20071014.68
Run by Stealth on 2008-03-01 22:37:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
28: 2008-02-29 09:38:50 UTC - RP123 - Windows Update
27: 2008-02-28 18:55:27 UTC - RP122 - Scheduled Checkpoint
26: 2008-02-28 03:13:27 UTC - RP121 - Scheduled Checkpoint
25: 2008-02-27 10:34:08 UTC - RP120 - Installed AVG 7.5
24: 2008-02-27 10:28:32 UTC - RP119 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-02-07 19:22:36 UTC - RP96 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Stealth.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:23 PM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Users\Stealth\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stealth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MS Video Control 1.0 - {54629298-47B2-4F79-BC62-7B3648D70020} - C:\Windows\msvidc32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: McAfee Application Installer Cleanup (0299511204423447) (0299511204423447mcinstcleanup) - Unknown owner - C:\Windows\TEMP\029951~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9763 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 0299511204423447mcinstcleanup (McAfee Application Installer Cleanup (0299511204423447)) - c:\windows\temp\029951~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-01 18:11:33 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{21B7F24B-840F-473A-9777-6A9CB099AD4C}.job
2008-03-01 01:00:00 368 --a------ C:\Windows\Tasks\McQcTask.job
2008-02-15 01:00:00 366 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-02-01 and 2008-03-01 -----------------------------

2008-02-28 23:23:30 0 d-------- C:\Program Files\LimeWire
2008-02-27 02:34:20 0 d-------- C:\Users\All Users\Grisoft
2008-02-27 02:34:20 0 d-------- C:\Users\All Users\avg7
2008-02-27 02:33:02 0 d-------- C:\Program Files\Trend Micro
2008-02-27 02:28:55 0 d-------- C:\Users\All Users\Lavasoft
2008-02-27 02:28:55 0 d-------- C:\Program Files\Lavasoft
2008-02-27 02:28:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 23:14:37 0 d-------- C:\Users\Stealth\.housecall6.6
2008-02-25 19:08:32 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-25 09:53:10 230400 --a------ C:\Windows\msvidc32.dll <Not Verified; Adobe; >
2008-02-25 09:53:09 53 --a------ C:\tmp.bat
2008-02-18 09:04:55 88 -r-hs---- C:\Windows\system32\FD65D32AF2.sys
2008-02-17 14:30:08 0 d-------- C:\Users\All Users\Corel
2008-02-17 14:27:02 0 d-------- C:\Program Files\Common Files\Corel
2008-02-17 14:16:47 2672 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-02-17 14:15:47 0 d-------- C:\Program Files\Corel
2008-02-17 10:20:22 0 d-------- C:\cabs
2008-02-05 00:43:57 0 d-------- C:\Program Files\UltimateBet


-- Find3M Report ---------------------------------------------------------------

2008-03-01 21:22:42 0 d-------- C:\Users\Stealth\AppData\Roaming\LimeWire
2008-03-01 18:04:04 0 d-------- C:\Program Files\McAfee
2008-03-01 17:34:15 0 d-------- C:\Users\Stealth\AppData\Roaming\Spare Backup
2008-03-01 14:29:19 0 d-------- C:\Users\Stealth\AppData\Roaming\AVG7
2008-02-27 02:28:11 0 d-------- C:\Program Files\Common Files
2008-02-18 20:06:06 4 --a------ C:\Windows\system32\3A5E92
2008-02-18 09:04:56 0 d-------- C:\Users\Stealth\AppData\Roaming\Corel
2008-02-17 14:15:37 0 d-------- C:\Users\Stealth\AppData\Roaming\InstallShield
2008-02-10 12:02:14 0 d-------- C:\Users\Stealth\AppData\Roaming\Adobe
2008-01-30 23:30:59 0 d-------- C:\Program Files\Best Buy Rhapsody
2008-01-30 23:30:21 0 d-------- C:\Program Files\Common Files\Real
2008-01-30 23:30:15 0 d-------- C:\Users\Stealth\AppData\Roaming\Real
2008-01-28 20:57:28 0 d-------- C:\Program Files\Real
2008-01-28 20:56:11 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-01-28 20:56:10 0 d-------- C:\Program Files\ArcSoft
2008-01-28 20:56:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 17:45:09 0 d-------- C:\Program Files\Windows Messaging
2008-01-19 17:39:47 0 -rahs---- C:\MSDOS.SYS
2008-01-19 17:39:47 0 -rahs---- C:\IO.SYS
2008-01-18 23:58:14 136 --a------ C:\Users\Stealth\AppData\Roaming\wklnhst.dat
2008-01-18 02:11:05 0 d-------- C:\Users\Stealth\AppData\Roaming\Template
2008-01-15 16:05:43 0 d-------- C:\Users\Stealth\AppData\Roaming\SiteAdvisor
2008-01-15 14:09:42 24064 --a------ C:\Users\Stealth\AppData\Roaming\UserTile.png
2008-01-15 11:56:22 0 d-------- C:\Users\Stealth\AppData\Roaming\DivX
2008-01-15 11:56:12 0 d-------- C:\Program Files\DivX
2008-01-11 00:01:01 0 d-------- C:\Program Files\SiteAdvisor
2008-01-10 12:38:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-09 22:07:22 174 --ahs---- C:\Program Files\desktop.ini
2008-01-09 22:03:42 0 d-------- C:\Program Files\Windows Calendar
2008-01-09 22:03:34 0 d-------- C:\Program Files\Windows Mail
2008-01-09 22:03:20 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 21:49:28 0 d-------- C:\Program Files\MSXML 4.0
2008-01-09 16:23:37 0 d-------- C:\Users\Stealth\AppData\Roaming\SampleView
2008-01-09 15:48:47 0 d-------- C:\Users\Stealth\AppData\Roaming\Macromedia
2008-01-09 15:47:37 0 d-------- C:\Program Files\AIMTunes
2008-01-09 15:47:35 0 d-------- C:\Users\Stealth\AppData\Roaming\acccore
2008-01-09 15:47:15 0 d-------- C:\Program Files\AIM6
2008-01-09 15:46:31 0 d-------- C:\Program Files\Viewpoint
2008-01-09 15:45:07 0 d-------- C:\Program Files\Common Files\AOL
2008-01-09 15:41:45 0 --a------ C:\Windows\nsreg.dat
2008-01-09 15:41:42 0 d-------- C:\Users\Stealth\AppData\Roaming\Mozilla
2008-01-09 15:39:28 0 d-------- C:\Users\Stealth\AppData\Roaming\Google
2008-01-09 15:30:55 0 d-------- C:\Program Files\Support.com
2008-01-09 15:10:23 0 d-------- C:\Users\Stealth\AppData\Roaming\Identities
2007-12-03 17:33:18 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 17:33:18 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:18 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 17:33:16 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
09/19/2007 06:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54629298-47B2-4F79-BC62-7B3648D70020}]
02/25/2008 09:53 AM 230400 --a------ C:\Windows\msvidc32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [08/25/2007 09:22 AM]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [06/05/2007 06:52 PM]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [06/05/2007 06:52 PM]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [06/05/2007 06:52 PM]
"RtHDVCpl "= "RtHDVCpl.exe" [07/06/2007 10:06 AM C:\Windows\RtHDVCpl.exe]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/25/2007 08:55 AM]
"Spare Backup "= "C:\Program Files\Spare Backup\SpareBackup.exe" [07/12/2007 08:27 PM]
"NapsterShell "= "C:\Program Files\Napster\napster.exe" [09/06/2006 11:12 AM]
"BigFix "= "c:\program files\Bigfix\bigfix.exe" [11/16/2006 03:04 PM]
"SiteAdvisor "= "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/08/2007 06:39 PM]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"Corel Photo Downloader "= "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [08/28/2007 12:00 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/27/2008 02:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter" []
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [01/03/2008 08:15 AM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [11/02/2006 04:35 AM]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 09:51 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 04:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher "=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [7/11/1997]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [7/11/1997]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [7/11/1997]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 02/27/2008 02:34 AM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-03-01 22:40:34 ------------

 

Hi Bobby

Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
I strongly recommend removing any P2P applications.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new dss log

You are running two anti-virus programs, this is not a good idea, they can conflict with each other and actually give you less protection
Please remove one 1 of them.

Thanks
Geri

 

All right, I downloaded SDFix and installed it and everything... Then I got rid of Limewire, as you suggested, and I also got rid of AVG, so now I've just got McAfee... However, when I rebooted and went into safe mode, when I tried to open RunThis.bat a window would pop up, and then it would go away less than a second later...so I never got to type in Y to start everything... I tried this three times, and the same thing happened every time. And when I rebooted again, the popup is still coming up... So I guess I'm not sure what went wrong.

 

Hi
OK when in safe mode right click on RunThis.bat and select Run As Administrator.

See if that will run it.

Geri

 

Ok I'm back, but unfortunately I had more of the same thing happen, even when I clicked run as administrator. Should I try uninstalling SDFix and then reinstalling it or is that probably not the problem?...

 

Hi
Yeah, Try deleting SDFix and redownloading it.

Let me know if that helped.

Thanks
Geri

 

Well Geri, I'm still not having any luck... Deleting it and reinstalling didn't fix it... When I try to open RunThis.bat as the administrator, the command prompt window closes before the menu even clears the screen...it only flashes briefly and it's gone...if you blinked at the right time you might not even know it did anything...

When I hit F8 it gives me a big list of things, and it has a few choices for safe mode...
Safe Mode
Safe Mode With Networking
Safe Mode With Command Prompt

I've been picking just plain old safe mode...should I be choosing one of the other ones?

 

Hi Bobby

OK it's not going to run on Vista at the moment, I just checked the developers site.

So please delete it and well use this. make sure you use the Vista instruction.

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the Combofix log.

Thanks
Geri

 

All right, that seemed to work better, although that link you gave me to disable realtime protection applications didn't work for my McAfee... It said to right click and go to exit, but when I tried that it didn't give me exit as an option...so I did the best I could by just turning things off... Anyway, here's my log...and yes, I turned everything back on after it was done scanning. I don't know if that was supposed to fix anything, or if it was just checking stuff out, but I rebooted my computer, and I'm still getting that popup... And my computer seems to be thinking about something...it hasn't stopped since I turned my computer on, and that was like ten minutes ago now...

ComboFix 08-03-01.3 - Stealth 2008-03-02 1:30:07.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.2075 [GMT -8:00]
Running from: C:\Users\Stealth\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-01 23:10 . 2008-03-01 23:10 <DIR> d-------- C:\Users\All Users\Avg7
2008-03-01 23:10 . 2008-03-01 23:10 <DIR> d-------- C:\ProgramData\Avg7
2008-03-01 22:36 . 2008-03-01 22:36 <DIR> d-------- C:\Deckard
2008-02-28 23:23 . 2008-03-01 21:22 <DIR> d-------- C:\Users\Stealth\AppData\Roaming\LimeWire
2008-02-27 02:33 . 2008-02-27 02:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 02:28 . 2008-02-27 02:29 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-27 02:28 . 2008-02-27 02:29 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-27 02:28 . 2008-02-27 02:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-27 02:28 . 2008-02-27 02:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 23:14 . 2008-02-25 23:16 <DIR> d-------- C:\Users\Stealth\.housecall6.6
2008-02-25 19:08 . 2008-02-25 22:58 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-25 19:08 . 2008-02-25 22:58 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-25 19:08 . 2008-02-27 01:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-25 09:53 . 2008-02-25 09:53 230,400 --a------ C:\Windows\msvidc32.dll
2008-02-25 09:53 . 2008-02-25 09:53 53 --a------ C:\tmp.bat
2008-02-18 09:04 . 2008-02-26 22:26 88 -r-hs---- C:\Windows\System32\FD65D32AF2.sys
2008-02-17 14:30 . 2008-02-18 09:04 <DIR> d-------- C:\Users\Stealth\AppData\Roaming\Corel
2008-02-17 14:30 . 2008-02-17 14:30 <DIR> d-------- C:\Users\All Users\Corel
2008-02-17 14:30 . 2008-02-17 14:30 <DIR> d-------- C:\ProgramData\Corel
2008-02-17 14:27 . 2008-02-17 14:28 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-17 14:16 . 2008-02-26 22:27 2,672 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-02-17 14:15 . 2008-02-17 14:15 <DIR> d-------- C:\Users\Stealth\AppData\Roaming\InstallShield
2008-02-17 14:15 . 2008-02-17 14:27 <DIR> d-------- C:\Program Files\Corel
2008-02-17 10:20 . 2008-02-17 10:20 <DIR> d-------- C:\cabs
2008-02-17 02:34 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 03:08 . 2008-02-13 03:08 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:08 . 2008-02-13 03:08 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:07 . 2008-02-13 03:07 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:07 . 2008-02-13 03:07 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:07 . 2008-02-13 03:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:07 . 2008-02-13 03:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:07 . 2008-02-13 03:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:07 . 2008-02-13 03:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:07 . 2008-02-13 03:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 03:06 . 2008-02-13 03:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:06 . 2008-02-13 03:06 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:06 . 2008-02-13 03:06 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:06 . 2008-02-13 03:06 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:06 . 2008-02-13 03:06 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:06 . 2008-02-13 03:06 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:06 . 2008-02-13 03:06 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-05 00:44 . 2002-03-25 10:30 995,383 --a------ C:\Windows\System32\temp.001
2008-02-05 00:44 . 2002-03-25 10:31 295,000 --a------ C:\Windows\System32\temp.000
2008-02-05 00:43 . 2008-02-05 00:44 <DIR> d-------- C:\Program Files\UltimateBet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 08:54 --------- d-----w C:\Users\Stealth\AppData\Roaming\Spare Backup
2008-03-02 02:04 --------- d-----w C:\Program Files\McAfee
2008-02-13 11:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 11:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-31 07:30 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys
2008-01-31 07:30 --------- d-----w C:\Program Files\Common Files\Real
2008-01-31 07:30 --------- d-----w C:\Program Files\Best Buy Rhapsody
2008-01-30 23:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-29 04:57 --------- d-----w C:\Program Files\Real
2008-01-29 04:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 04:56 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-01-29 04:56 --------- d-----w C:\Program Files\ArcSoft
2008-01-20 01:45 --------- d-----w C:\Program Files\Windows Messaging
2008-01-19 07:58 136 ----a-w C:\Users\Stealth\AppData\Roaming\wklnhst.dat
2008-01-18 10:11 --------- d-----w C:\Users\Stealth\AppData\Roaming\Template
2008-01-16 00:05 --------- d-----w C:\Users\Stealth\AppData\Roaming\SiteAdvisor
2008-01-15 19:56 --------- d-----w C:\Users\Stealth\AppData\Roaming\DivX
2008-01-15 19:56 --------- d-----w C:\Program Files\DivX
2008-01-11 08:01 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-11 08:00 --------- d-----w C:\ProgramData\SiteAdvisor
2008-01-10 20:38 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-10 06:07 174 --sha-w C:\Program Files\desktop.ini
2008-01-10 06:03 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 06:03 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 06:03 --------- d-----w C:\Program Files\Windows Calendar
2008-01-10 05:57 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-10 05:57 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-10 05:57 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-10 05:57 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-10 05:55 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-10 05:54 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-10 05:54 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-10 05:54 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-10 05:53 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-10 05:51 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 05:51 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:51 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 05:49 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-10 05:49 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-10 05:49 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-10 05:49 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-10 05:49 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-10 05:49 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-10 05:48 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-10 05:34 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-10 05:34 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-10 05:34 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-10 05:34 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-10 05:32 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-10 05:32 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-10 05:32 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-10 05:32 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-10 05:32 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-01-10 00:23 --------- d-----w C:\Users\Stealth\AppData\Roaming\SampleView
2008-01-09 23:48 --------- d-----w C:\ProgramData\AOL OCP
2008-01-09 23:47 --------- d-----w C:\Users\Stealth\AppData\Roaming\acccore
2008-01-09 23:47 --------- d-----w C:\Program Files\AIMTunes
2008-01-09 23:47 --------- d-----w C:\Program Files\AIM6
2008-01-09 23:46 --------- d-----w C:\ProgramData\AOL Downloads
2008-01-09 23:46 --------- d-----w C:\Program Files\Viewpoint
2008-01-09 23:45 --------- d-----w C:\ProgramData\Viewpoint
2008-01-09 23:45 --------- d-----w C:\ProgramData\AOL
2008-01-09 23:45 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-09 23:30 --------- d-----w C:\Program Files\Support.com
2008-01-09 23:05 --------- d-sh--w C:\ProgramData\Templates
2008-01-09 23:05 --------- d-sh--w C:\ProgramData\Start Menu
2008-01-09 23:05 --------- d-sh--w C:\ProgramData\Favorites
2008-01-09 23:05 --------- d-sh--w C:\ProgramData\Documents
2008-01-09 23:05 --------- d-sh--w C:\ProgramData\Desktop
2008-01-09 23:05 --------- d-sh--w C:\ProgramData\Application Data
2007-12-14 19:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54629298-47B2-4F79-BC62-7B3648D70020}]
2008-02-25 09:53 230400 --a------ C:\Windows\msvidc32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter "= "oobefldr.dll" [2006-11-02 04:34 2159104 C:\Windows\System32\oobefldr.dll]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2008-01-03 08:15 50528]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:51 1232896]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-25 09:22 1006264]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [2007-06-05 18:52 142104]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [2007-06-05 18:52 154392]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [2007-06-05 18:52 138008]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-07-06 10:06 4669440 C:\Windows\RtHDVCpl.exe]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-25 08:55 240640]
"Spare Backup "= "C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-12 20:27 5252936]
"NapsterShell "= "C:\Program Files\Napster\napster.exe" [2006-09-06 11:12 323216]
"BigFix "= "c:\program files\Bigfix\bigfix.exe" [2006-11-16 15:04 2348584]
"SiteAdvisor "= "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 18:39 36904]
"mcagent_exe "= "C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"Corel Photo Downloader "= "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 111376]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-07-11 333824]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
"LoadAppInit_DLLs "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{60D0BC26-FE6D-4C7A-BC98-BF7A8FFBFA6B} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{125A1131-A7B7-43BB-8007-93D9CDCA33E8} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE4B1399-73C9-4DA9-B2AE-F2EEFD8AE4F4} "= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent
"{6858AE01-C0B8-4E4B-B972-3502271D2634} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C813B80C-4FDE-4162-B83C-5CB046E9AB38} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{872DA9BA-EAF2-405C-9A5E-974653E39E91} "= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{6162078C-6AE4-44CE-B7CA-EE94F305D252} "= TCP:C:\Program Files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R2 Viewpoint Manager Service;Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 17:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-30 17:51]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 12:37]
S2 0299511204423447mcinstcleanup;McAfee Application Installer Cleanup (0299511204423447);C:\Windows\TEMP\029951~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-01 23:30]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 09:00:00 C:\Windows\Tasks\McDefragTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-01 09:00:00 C:\Windows\Tasks\McQcTask.job "
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-02 02:11:33 C:\Windows\Tasks\User_Feed_Synchronization-{21B7F24B-840F-473A-9777-6A9CB099AD4C}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 01:32:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-02 1:32:59
ComboFix-quarantined-files.txt 2008-03-02 09:32:57
.
2008-02-29 09:39:20 --- E O F ---

 

Hi Bobby

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\Windows\msvidc32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54629298-47B2-4F79-BC62-7B3648D70020}] 

Please post the log it creates, and a new HJT log.

Let me know if the pop-ups stopped.

Thanks
Geri

 

I'm not having any luck doing that... I copied and pasted the title CFScript.txt right from here, and it's telling me...

"Were you trying to run CFScript? The name CFScript appears to be incorrectly spelt "

I dragged it onto combofix using the left mouse button and everything too.

 

Hi Bobby Baldwin

OK lets do it manually.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\Windows\msvidc32.dll

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O2 - BHO: MS Video Control 1.0 - {54629298-47B2-4F79-BC62-7B3648D70020} - C:\Windows\msvidc32.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

After that, Reboot.

Please post a New HJT Log into this Thread.

Let me know if the pop-ups have stopped.

Thanks
Geri

 

Hi Geri, it looks like my computer does have C:\Windows\msvidc32.dll so I tried to delete it, and it tells me I need to confirm this operation. Then my computer tells me that windows needs my permission to continue, so I click on approve, and a window that's almost identical to the first one pops up, and gives me Try Again or Cancel for options...and no matter how many times I click try again it doesn't seem to want to do it for me.

I don't know if it really makes a difference if I'm doing this in Windows Explorer or not, but when I tried looking for it that way, I couldn't find anything. So just to be safe I did a search for msvidc32.dll, and it showed that I have it. So I just opened C:\Windows without windows explorer, and I did find it that way.

 

Hi Bobby

OK we need to disable your UAC.

To disable the UAC, enter the Control Panel and type UAC in the search box.

The first result returned by the search will be User Accounts "“ Turn User Account Control (UAC) on or off.
Click on it and the UAC window will open. Deselect the option Use User Account Control (UAC) to help protect your computer and press the OK button.
Windows Vista will ask you to restart your computer. After the restart, UAC will be disabled
It is very important to turn this back on after deleting the file.


Now go to C:\Windows and delete the file msvidc32.dll

Close the windows and return to your DeskTop.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O2 - BHO: MS Video Control 1.0 - {54629298-47B2-4F79-BC62-7B3648D70020} - C:\Windows\msvidc32.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Go back and reinable UAC

After the reboot, scan again with HJT and post the log.

Let me know if the pop-ups have stopped.

Thanks
Geri

 

Hi Geri, I've managed to get msvidc32.dll deleted. When I ran HijackThis though, it's not coming up with O2 - BHO: MS Video Control 1.0 - {54629298-47B2-4F79-BC62-7B3648D70020} - C:\Windows\msvidc32.dll

Is this a good thing? Should I just reboot and scan and post the log back here?

 

Hi Bobby

Yes that's a good thing.

and yes please reboot and post a new HJT log.

Have the pop-ups stopped?

Thanks
Geri

 

All right, I've rebooted, and the popup does seem to have gone away, it didn't come up when I logged into my account, and it's also not coming up when I open folders, and it used to do that every time I'd open a folder, so it seems like it's history. Anyway, I just ran hijackthis, and here's the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09, on 2008-03-02
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8237 bytes

 

Hi Bobby
OK Good to hear. Your HJT log is clean.

You can delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

HJT you can keep.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

Empty your recycle Bin.


This would be a good time to set a new system restore point for your machine.
Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista


Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
http://www.windowsbbs.com/showthread.php?t=67958


Let me know that everything is running OK and I'll mark this one resolved.

Also, Napster is not a good idea.
Having any p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
I strongly recommend removing any P2P applications.


Surf Safely
Geri