1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Got zapped by WinAntiVirus 2007...

Discussion in 'Virus & Other Malware Removal' started by Sir0tter, Jul 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    Took me 5 hrs to clean the mess up and I am sure i got it all. I would like someone to look over the HijackThis report and see if I missed anything...

    TIA!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:23:48 PM, on 7/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Aubrey Baker\Desktop\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [WallpaperSpinner] C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
    O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149364695123
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {84322FE2-0036-4740-A36B-38C6F5E67297} (AccuTermInternetClient2k2.ATInetSafeCQ) - http://www.asent.com/atiefiles/atieins5.cab
    O16 - DPF: {8AD922B1-E91A-49C9-B22F-1FB3411F954B} (ATInetBoot2.Loader) - http://www.asent.com/atiefiles/atieboot2.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4661207D-FF4F-41A1-A534-8B0116F3D8A9}: NameServer = 192.168.1.1,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63AC58D8-A139-411F-8584-6080DC78BB2F}: NameServer = 192.168.1.1,4.2.2.1
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 7080 bytes
     
  2. vinc3nt101

    vinc3nt101

    Joined:
    Dec 28, 2006
    Messages:
    36
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    Have HijackThis fix this.

    If you see any program there, which you did not download yourself or someone else download on your computer, let me know.

    Post a new log as well.
     
  3. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    OK... did as you requested.... here is the new report:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:59:13 PM, on 7/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Documents and Settings\Aubrey Baker\Desktop\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [WallpaperSpinner] C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
    O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149364695123
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {84322FE2-0036-4740-A36B-38C6F5E67297} (AccuTermInternetClient2k2.ATInetSafeCQ) - http://www.asent.com/atiefiles/atieins5.cab
    O16 - DPF: {8AD922B1-E91A-49C9-B22F-1FB3411F954B} (ATInetBoot2.Loader) - http://www.asent.com/atiefiles/atieboot2.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4661207D-FF4F-41A1-A534-8B0116F3D8A9}: NameServer = 192.168.1.1,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63AC58D8-A139-411F-8584-6080DC78BB2F}: NameServer = 192.168.1.1,4.2.2.1
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 6965 bytes

    Once all is clean, I am going to creat a NEW restore point...
     
  4. Blackmirror

    Blackmirror

    Joined:
    Dec 5, 2006
    Messages:
    32,642
    Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.
     
  5. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    I was concerned too, but I tested it at http://virusscan.jotti.org/ and nothing was found wrong with it virus wise...


    I downloaded LSP fix and it found nothing to fixed or wrong.

    So I guess all is ok and clean...

    Thanks for catching the one I missed!!!
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    nwprovau.dll is valid! Microsoft Client Services for Netware

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  7. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    Here is the new Hijack log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:35:20 PM, on 7/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\WINDOWS\Integrator.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\Documents and Settings\Aubrey Baker\Desktop\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [WallpaperSpinner] C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
    O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149364695123
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {84322FE2-0036-4740-A36B-38C6F5E67297} (AccuTermInternetClient2k2.ATInetSafeCQ) - http://www.asent.com/atiefiles/atieins5.cab
    O16 - DPF: {8AD922B1-E91A-49C9-B22F-1FB3411F954B} (ATInetBoot2.Loader) - http://www.asent.com/atiefiles/atieboot2.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4661207D-FF4F-41A1-A534-8B0116F3D8A9}: NameServer = 192.168.1.1,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63AC58D8-A139-411F-8584-6080DC78BB2F}: NameServer = 192.168.1.1,4.2.2.1
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 6871 bytes


    Here is the combofix log:

    "Aubrey Baker" - 2007-07-26 16:29:42 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\AUBREY~1.\err.log
    C:\WINDOWS\DOWNLO~1\USDR6_0001_D08M0404NetInstaller.exe
    C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
    C:\WINDOWS\system32\win


    ((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


    2007-07-25 17:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-25 16:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-25 16:44 <DIR> d-------- C:\DOCUME~1\AUBREY~1\APPLIC~1\SpywareBot
    2007-07-23 18:16 <DIR> d-------- C:\DOCUME~1\AUBREY~1\APPLIC~1\Help
    2007-07-17 11:57 81,920 -ra------ C:\WINDOWS\system32\equcof.dll
    2007-07-17 11:57 45,056 -ra------ C:\WINDOWS\system32\uacb.dll
    2007-07-17 11:57 21,276 -ra------ C:\WINDOWS\system32\drivers\uacflt.sys
    2007-07-17 11:57 <DIR> d-------- C:\Program Files\PerSono
    2007-07-07 21:08 <DIR> d-------- C:\DOCUME~1\AUBREY~1\APPLIC~1\WinRAR
    2007-07-02 15:23 122,880 --a------ C:\WINDOWS\system32\TWNLIB3.DLL
    2007-07-02 15:23 <DIR> d-------- C:\Program Files\Photocopier
    2007-07-02 15:06 210,200 --a------ C:\WINDOWS\system32\TWNPRO3.DLL


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-26 20:30:46 -------- d-----w C:\DOCUME~1\AUBREY~1\APPLIC~1\uTorrent
    2007-07-26 19:23:41 61 ----a-w C:\WINDOWS\hare.dat
    2007-07-26 19:23:41 60 ----a-w C:\WINDOWS\zoom.dat
    2007-07-26 11:57:15 35,296 ----a-w C:\WINDOWS\system32\drivers\Dvd43.sys
    2007-07-25 21:55:23 -------- d-----w C:\Program Files\Quicken
    2007-07-25 14:23:42 -------- d-----w C:\Program Files\PhotoSort
    2007-07-24 22:54:08 -------- d-----w C:\Program Files\TuneUp Utilities 2007
    2007-07-17 15:57:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-16 19:41:21 -------- d-----w C:\Program Files\CCleaner
    2007-07-11 19:30:39 -------- d-----w C:\Program Files\DownloadGrid.com
    2007-07-08 18:19:46 -------- d-----w C:\Program Files\7-Zip
    2007-06-25 19:08:00 1,380 ----a-w C:\WINDOWS\checkip.dat
    2007-06-17 22:32:08 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
    2007-06-15 15:32:53 269 ---ha-w C:\WINDOWS\wininf.dat
    2007-06-14 14:54:39 -------- d-----w C:\Program Files\Atwin
    2007-06-07 04:13:34 -------- d-----w C:\Program Files\Canon
    2007-06-07 03:17:13 -------- d--h--w C:\DOCUME~1\AUBREY~1\APPLIC~1\GTek
    2007-06-05 20:37:08 -------- d-----w C:\Program Files\Belarc
    2007-06-03 19:20:57 -------- d-----w C:\Program Files\Common Files\Scanner
    2007-06-03 19:20:48 -------- d-----w C:\Program Files\CA
    2007-06-03 19:19:49 -------- d-----w C:\Program Files\PestPatrol
    2007-06-03 18:45:13 -------- d-----w C:\Program Files\Messenger
    2007-05-31 20:03:24 -------- d-----w C:\DOCUME~1\AUBREY~1\APPLIC~1\Canon
    2007-05-31 19:52:20 -------- d-----w C:\DOCUME~1\AUBREY~1\APPLIC~1\ScanSoft
    2007-05-31 19:52:15 -------- d-----w C:\Program Files\Common Files\ScanSoft Shared
    2007-05-31 19:51:44 -------- d-----w C:\Program Files\ScanSoft
    2007-05-31 19:50:58 -------- d-----w C:\Program Files\Common Files\CANON
    2007-05-31 19:50:13 -------- d--h--w C:\Program Files\CanonBJ
    2007-05-29 14:11:57 -------- d-----w C:\DOCUME~1\AUBREY~1\APPLIC~1\LimeWire
    2007-05-29 03:30:14 11,555 ----a-w C:\WINDOWS\mozver.dat
    2007-05-29 03:29:55 105,168 ----a-w C:\WINDOWS\NSUninst.exe
    2007-05-29 03:29:54 -------- d-----w C:\Program Files\AOD
    2007-05-29 03:29:46 105,168 ----a-w C:\WINDOWS\GREUninstall.exe
    2007-05-29 03:29:43 -------- d-----w C:\Program Files\Common Files\mozilla.org
    2007-05-29 03:29:30 -------- d-----w C:\Program Files\Netscape
    2007-05-28 21:40:52 -------- d-----w C:\Program Files\Western Digital Technologies
    1989-12-12 14:10:10 281,920 --sh--r C:\WINDOWS\dxorvfeA.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "POINTER"="point32.exe" []
    "SCANINICIO"="C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-06-18 13:00]
    "APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.exe" [2004-04-29 15:59]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 01:59]
    "DVD43"="C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe" [2007-03-10 21:23]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
    "eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-06-03 15:21]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WallpaperSpinner"="C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe" [2006-04-24 21:52]
    "µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2006-07-02 12:29]
    "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-26 21:50]

    C:\Documents and Settings\Aubrey Baker\Start Menu\Programs\Startup\
    Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 12:26:40]
    Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 12:27:14]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoTrayItemsDisplay"=00000000
    "ClearRecentDocsOnExit"=1 (0x1)
    "NoUserNameInStartMenu"=1 (0x1)
    "StartMenuLogOff"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Eudora\EuShlExt.dll [2004-08-27 11:10 86016]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [2004-10-09 16:18 49152]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "nwiz"=nwiz.exe /install
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    "LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE RUN
    "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    "CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
    R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
    R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    R1 DLACDBHM;DLACDBHM;C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    R1 FsVga;FsVga;C:\WINDOWS\system32\DRIVERS\fsvga.sys
    R2 DLABMFSM;DLABMFSM;C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    R2 DLABOIOM;DLABOIOM;C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    R2 DLADResM;DLADResM;C:\WINDOWS\system32\DLA\DLADResM.SYS
    R2 DLAIFS_M;DLAIFS_M;C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    R2 DLAOPIOM;DLAOPIOM;C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    R2 DLAPoolM;DLAPoolM;C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    R2 DLAUDF_M;DLAUDF_M;C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    R2 DLAUDFAM;DLAUDFAM;C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    R2 DRVNDDM;DRVNDDM;C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    R2 PAVDRV;Panda anti-virus driver;C:\WINDOWS\system32\Drivers\pavdrv51.sys
    R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;C:\WINDOWS\system32\DRIVERS\uacflt.sys
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
    R3 ctljystk;Creative SBLive! Gameport;C:\WINDOWS\system32\DRIVERS\ctljystk.sys
    R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys
    R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
    R3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sys
    R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
    R3 LVUSBSta;Logitech USB Monitor Filter;C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
    R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
    R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
    R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    R3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    S2 Nbf;NetBEUI Protocol;C:\WINDOWS\system32\DRIVERS\nbf.sys
    S3 ApiMon;ApiMon;\??\C:\WINDOWS\system32\drivers\ApiMon.sys
    S3 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
    S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\C:\DOCUME~1\AUBREY~1\LOCALS~1\Temp\TCCpuInfo.sys
    S4 RxFilter;RxFilter;C:\WINDOWS\system32\DRIVERS\RxFilter.sys
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    UxTuneUp


    Contents of the 'Scheduled Tasks' folder
    2007-07-20 21:15:39 C:\WINDOWS\tasks\1-Click Maintenance.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-26 16:30:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
    "\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-26 16:31:27
    C:\ComboFix-quarantined-files.txt ... 2007-07-26 16:31
    C:\ComboFix2.txt ... 2007-07-24 18:48
    C:\ComboFix3.txt ... 2007-06-14 23:58

    --- E O F ---
     
  8. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    1989-12-12 14:10:10 281,920 --sh--r C:\WINDOWS\dxorvfeA.exe

    I have NO idea what this is, did a google search and nothing came up... and I can NOT find it on my system

    tested it at http://virusscan.jotti.org/ and the results:

    File: dxorvfeA.exe
    Status:
    INFECTED/MALWARE
    MD5: e39fa312460ac63f91846a0b9c735ab8
    Packers detected:
    -
    Bit9 reports: File not found
    Scanner results
    Scan taken on 26 Jul 2007 21:05:42 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found Win32:Trojan-gen. {VB}
    AVG Antivirus Found Downloader.Generic3.NPN
    BitDefender Found Trojan.Click.JX
    ClamAV Found Trojan.Downloader-9249

    CPsecure Found nothing
    Dr.Web Found Trojan.Click.1928
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found Trojan-Downloader.Win32.VB.ang
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.ang
    NOD32 Found probably a variant of Win32/TrojanDownloader.VB (probable variant)
    Norman Virus Control Found W32/DLoader.BYGF

    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found Trojan.Click.1928

    So HOW do I get rid of it???

    2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe

    tested it at http://virusscan.jotti.org/ and the results:

    File: nircmd.exe
    Status:
    INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: c1c4f864edf67dfda95b9819263e2939
    Packers detected:
    -
    Bit9 reports: File not found
    Scanner results
    Scan taken on 26 Jul 2007 20:54:19 (GMT)
    A-Squared Found Heuristic.Dialer.RAS
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found Application/NirCmd.A
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    I assume I should get rid of it as well???
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to this web site: http://virusscan.jotti.org/
    In the File to upload & scan box copy and paste
    C:\WINDOWS\dxorvfeA.exe

    Then click the Submit button.

    Copy the results and paste them back here in your next reply


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  10. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    OK, here is the latest HijackThis and the SuperAntiSpyware logs:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:13:17 PM, on 7/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
    C:\WINDOWS\Integrator.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Aubrey Baker\Desktop\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe /hidden
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [WallpaperSpinner] C:\Program Files\DownloadGrid.com\WallpaperSpinner\WallpaperSpinner.exe
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
    O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149364695123
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {84322FE2-0036-4740-A36B-38C6F5E67297} (AccuTermInternetClient2k2.ATInetSafeCQ) - http://www.asent.com/atiefiles/atieins5.cab
    O16 - DPF: {8AD922B1-E91A-49C9-B22F-1FB3411F954B} (ATInetBoot2.Loader) - http://www.asent.com/atiefiles/atieboot2.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://151.204.161.26/TSWeb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4661207D-FF4F-41A1-A534-8B0116F3D8A9}: NameServer = 192.168.1.1,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{63AC58D8-A139-411F-8584-6080DC78BB2F}: NameServer = 192.168.1.1,4.2.2.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 7172 bytes

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/26/2007 at 05:48 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3274
    Trace Rules Database Version: 1285

    Scan type : Complete Scan
    Total Scan Time : 00:31:05

    Memory items scanned : 432
    Memory threats detected : 0
    Registry items scanned : 6139
    Registry threats detected : 1
    File items scanned : 47294
    File threats detected : 19

    Trojan.Malware
    C:\asdf.txt

    Unclassified.SpywareBot (Not A Threat)
    HKU\S-1-5-21-823518204-287218729-725345543-1003\Software\SpywareBot

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133700.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA7P_0001_N91M0809NETINSTALLER.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133765.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133770.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP398\A0137020.EXE
    C:\WINDOWS\TEMPF.TXT

    Unclassified.Unknown Origin/System
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133766.DLL

    Adware.TargetSavers
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133767.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133768.EXE

    Trojan.ZQuest
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133769.DLL

    Adware.ClickSpring-Variant
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133774.EXE

    Adware.ClickSpring
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133775.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133776.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133777.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP394\A0133778.EXE

    Trojan.Downloader-Gen/BundleBase
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP396\A0133961.EXE

    Adware.ClickSpring/Resident
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{86DE794B-1B3B-4ADE-8DB3-2E74F7E9741B}\RP398\A0137025.DLL

    Adware.SysMon
    C:\WINDOWS\DXORVFEA.EXE
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Guess that answers that question! ;)


    How is it running now?
     
  12. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    Well, my system now seems to be clean and I have already created a NEW restore point... most likly I did not have to, but better save than sorry...

    THANKS!!!!!
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You are right on top of things! (y)

    You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

    SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall or keep it if you want. The only thing trial about it is the loss of automatic updates, other than that it works fine.


    Here are some additional links for you to check out to help you with your computer security.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools



    You're welcome!
     
  14. Sir0tter

    Sir0tter Thread Starter

    Joined:
    Jul 26, 2007
    Messages:
    22
    Like the SUPERAntiSpyware so much, I paid for the upgrade and got the Pro. Thanks for telling me about it!!!!
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Great! Happy to have helped!!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/600993

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice