Avast WEBforum

Other => Viruses and worms => Topic started by: Warrior-Paine on March 22, 2008, 11:42:23 PM

Title: got a virus i cant see
Post by: Warrior-Paine on March 22, 2008, 11:42:23 PM

Hello, i am new to this forum and i am going outta my mind trying to find out what virus i have. avast i use is 4.7

anyways i use windows xp service pack 2 with 512 mb of ram and its my laptop that is infected. i removed 4 trojans and then went to a computer repair guy across the street where i live and he said its probally a virus i cant remeber the name and its making my laptop slow. the usual avast scan is 4 hours last night it was 16 hours 42 min and the night before that it got thru 3/4s of it then found the 4th trojan asked me what to do so i hit quarintine and then it rebooted mys system. my windows boot time is usually 30 seconds not 7 minutes.

please help me find out what this virus is and how to go about removing it. i used the virus cleaner and didnt find anything.

also i had to reboot once just so i can use the wifi as it was disabled. please help me get my computer clean and running fast again

Warrior-Paine

P.S. the computer man i asked maybe to repair my pc told me to get norton witch i dont like or mcafee as he said spybot,adaware,spy sweeper are all bad as well as avast. in the past avast has protected my laptops and desktop without fail. i trust avast only.

Title: Re: got a virus i cant see
Post by: oldman on March 22, 2008, 11:59:20 PM

Hi welcome to the forum. Let's have a peek under the hood.

Click here (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 12:15:01 AM

here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:34 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 12:16:02 AM

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 12:16:44 AM

CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.games.yahoo.com/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg

--
End of file - 11687 bytes

Title: Re: got a virus i cant see
Post by: polonus on March 23, 2008, 12:22:04 AM

Hi Warrior-Paine,

Here is the online analysis of your hjt log: http://www.hijackthis.de/logfiles/9040b214d04b28d634928a6abd754913.html
And this is available for the next three consequent days.
And a prevx evaluation of your hjt log was attached by me.
Follow all the instructions oldman gives you meticulously,

polonus

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 12:40:18 AM

may i ask what i do now?

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 12:44:31 AM

There isn't much to see in the log, just an old version of java and viewpoint, which some people and questionable. since you you AOL and some of it's products, it will remain.

Can you go to C:\program files\alwil software\avast4\data\logs

In the right hand panel, locate the warning log. Open it with notepad and copy and paste the last part, relating to your problem. It may shed light on what we are looking for if we know the virus/trojan name. We have other scanners available.

We'll use one now. You can attach the logs by using the additional options button on the reply page. scroll down if you can't see the browse button.

First

Open Spybot and make sure teatimer is disabled, we will re-enable afterwards. To do so do the following

Click mode
click Advanced mode
if you get a warning answer "yes"
click tools
click resident
uncheck resident "teatimer"
click allow change

reboot

Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 12:56:20 AM

will this do?

9/3/2006   8:32:05 AM   1157297525   SYSTEM   1768   Sign of "Win32:SdBot-gen44 [trj]" has been found in "http://206.222.29.131/adrun/value.wmf" file.
9/6/2006   3:34:03 PM   1157582043   SYSTEM   1776   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
9/6/2006   3:34:04 PM   1157582044   SYSTEM   1776   An error has occured while attempting to update. Please check the logs.
10/16/2006   2:49:22 AM   1160992162   SYSTEM   1768   Sign of "Win32:SdBot-gen44 [trj]" has been found in "http://206.222.12.99/rl/value.wmf" file.
11/2/2006   1:04:58 AM   1162458298   Ritalee   1760   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR V35\VIEWBAR.DLL" file.
11/2/2006   1:07:05 AM   1162458425   Ritalee   1760   Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll" file.
5/1/2007   10:35:17 PM   1178084118   Ritalee   2916   Function setifaceUpdatePackages() has failed. Return code is 0x40010004, dwRes is 40010004.
7/2/2007   10:23:44 AM   1183397024   SYSTEM   1676   Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
7/2/2007   10:23:45 AM   1183397025   SYSTEM   1676   An error has occured while attempting to update. Please check the logs.
7/31/2007   5:52:34 PM   1185929554   SYSTEM   120   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
7/31/2007   5:52:36 PM   1185929556   SYSTEM   120   An error has occured while attempting to update. Please check the logs.
9/2/2007   3:46:23 PM   1188773183   SYSTEM   1884   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/2/2007   3:46:24 PM   1188773184   SYSTEM   1884   An error has occured while attempting to update. Please check the logs.
9/17/2007   11:51:37 AM   1190055097   Ritalee   496   Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
9/21/2007   5:43:31 PM   1190421811   SYSTEM   156   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/21/2007   5:43:32 PM   1190421812   SYSTEM   156   An error has occured while attempting to update. Please check the logs.
9/21/2007   5:52:45 PM   1190422365   Ritalee   1232   Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
10/1/2007   5:12:06 PM   1191283926   SYSTEM   1948   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/1/2007   5:12:07 PM   1191283927   SYSTEM   1948   An error has occured while attempting to update. Please check the logs.
10/10/2007   11:00:20 AM   1192039220   SYSTEM   2032   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/10/2007   11:00:20 AM   1192039220   SYSTEM   2032   An error has occured while attempting to update. Please check the logs.
10/11/2007   8:08:36 PM   1192158516   SYSTEM   1848   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/11/2007   8:08:37 PM   1192158517   SYSTEM   1848   An error has occured while attempting to update. Please check the logs.
10/28/2007   1:14:32 PM   1193602472   SYSTEM   2040   Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
10/28/2007   1:14:34 PM   1193602474   SYSTEM   2040   An error has occured while attempting to update. Please check the logs.
12/15/2007   9:45:00 AM   1197740701   Ritalee   456   Sign of "Win32:StartPage-483 [trj]" has been found in "C:\Documents and Settings\Ritalee\Local Settings\Temp\WER2834.dir00\Ad-Aware.exe.hdmp" file.
12/15/2007   10:11:55 AM   1197742315   Ritalee   456   Sign of "Win32:StartPage-483 [trj]" has been found in "C:\Documents and Settings\Ritalee\Local Settings\Temp\WERfbee.dir00\Ad-Aware.exe.hdmp" file.
12/15/2007   10:12:20 AM   1197742340   Ritalee   456   Sign of "Win32:StartPage-483 [trj]" has been found in "C:\Documents and Settings\Ritalee\Local Settings\Temp\WERfe25.dir00\Ad-Aware.exe.hdmp" file.
12/15/2007   2:13:46 PM   1197756826   Ritalee   456   Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
2/10/2008   10:58:40 PM   1202713120   Ritalee   720   Sign of "Win32:Neptunia-KH [trj]" has been found in "C:\Program Files\music_now\inetchk.exe" file.
2/11/2008   12:26:55 AM   1202718415   Ritalee   720   Sign of "Win32:Neptunia-KH [trj]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP494\A0203503.exe" file.
3/20/2008   12:03:31 PM   1206039811   Ritalee   3428   Sign of "Win32:Trojan-gen {VC}" has been found in "C:\Program Files\HPQ\Default Settings\CpqsetVer.exe" file.
3/20/2008   2:26:00 PM   1206048360   Ritalee   3428   Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll" file.
3/20/2008   10:14:55 PM   1206076495   Ritalee   3428   Sign of "Win32:Trojan-gen {VC}" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210172.exe" file.
3/20/2008   10:26:47 PM   1206077207   Ritalee   3428   Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll" file.
3/22/2008   12:08:06 AM   1206169686   Ritalee   1164   Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll" file.

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 01:02:38 AM

Yes, thank you. I was going to ask you about the desktop component,

O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg

Did you put a picture on the desktop? If you did that's fine.

Go ahead with the DSS scan, we'll see what it shows.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:54:51 AM

Deckard's System Scanner v20071014.68
Run by Ritalee on 2008-03-22 17:39:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
63: 2008-03-23 00:41:23 UTC - RP513 - Deckard's System Scanner Restore Point
62: 2008-03-22 22:49:10 UTC - RP512 - Installed Java(TM) 6 Update 5
61: 2008-03-22 14:22:16 UTC - RP511 - System Checkpoint
60: 2008-03-21 04:37:12 UTC - RP510 - System Checkpoint
59: 2008-03-19 20:18:18 UTC - RP509 - System Checkpoint

-- First Restore Point --
1: 2007-12-24 03:46:57 UTC - RP451 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).

-- HijackThis (run as Ritalee.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:46 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Ritalee\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ritalee.exe

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:56:07 AM

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:56:47 AM

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:57:42 AM

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.games.yahoo.com/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg

--
End of file - 11631 bytes

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:58:24 AM

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Spssys (Toshiba SPS Service) - c:\windows\system32\drivers\spssys.sys <Not Verified; Toshiba Corporation; spssys>

S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys (file missing)
S3 SQTECH905C (DaulCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-22 17:44:11 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

-- Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-22 16:10:54 0 d-------- C:\Program Files\Trend Micro

-- Find3M Report ---------------------------------------------------------------

2008-03-22 16:18:27 0 d-------- C:\Program Files\ICQToolbar
2008-03-19 23:25:51 0 d-------- C:\Documents and Settings\Ritalee\Application Data\U3
2008-03-11 01:26:17 20030 --a----c- C:\Documents and Settings\Ritalee\Application Data\wklnhst.dat
2008-02-25 22:26:14 21840 --a----ct C:\WINDOWS\system32\SIntfNT.dll
2008-02-25 22:26:14 17212 --a----ct C:\WINDOWS\system32\SIntf32.dll
2008-02-25 22:26:14 12067 --a----ct C:\WINDOWS\system32\SIntf16.dll
2008-02-25 01:35:12 0 d-------- C:\Program Files\Diablo II
2008-02-12 21:49:29 3064 --a------ C:\WINDOWS\mozver.dat
2008-02-11 10:28:27 3446 --a------ C:\WINDOWS\unins000.dat
2008-02-11 10:24:08 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 00:12:17 0 d-------- C:\Program Files\music_now

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
12/18/2007 09:10 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [12/18/2007 09:10 AM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 05:12 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2007 12:47 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 09:30 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 12:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 11:56 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/17/2005 03:01 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 11:23 AM]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe" [04/26/2005 02:02 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 06:00 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/09/2004 07:03 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/21/2006 10:39 PM]
"zzz_ImInstaller_IncrediMail"="C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 05:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 AM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/05/2005 03:08 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]

C:\Documents and Settings\Ritalee\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [11/17/1996]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [11/17/1996]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 2:39:30 AM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-03-22 17:48:17 ------------

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:59:17 AM

here is the extra text.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 382.48 MiB / 90.62 MiB
Pagefile Memory (total/avail): 919.41 MiB / 559.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.38 MiB

C: is Fixed (NTFS) - 48.32 GiB total, 24.09 GiB free.
D: is Fixed (FAT32) - 7.55 GiB total, 0.84 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2060AT PL - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.32 GiB - C:
\PARTITION1 - Unknown - 7.56 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1098 [VPS 080322-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1150163481\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Ritalee\\Desktop\\downloads\\incredimail_install.exe"="C:\\Documents and Settings\\Ritalee\\Desktop\\downloads\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Ritalee\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\Ritalee\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 01:59:53 AM

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ritalee\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PIKACHU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ritalee
LOGONSERVER=\\PIKACHU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ritalee\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ritalee\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=PIKACHU
USERNAME=Ritalee
USERPROFILE=C:\Documents and Settings\Ritalee
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

user (admin)
Ritalee (admin)
Sara Hope (admin)
Retta G
Pillar Of Winter
Grandma (new local)
Grandpa (new local)

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:00:59 AM

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Balloon Kaboom --> C:\PROGRA~1\eGames\BALLOO~2\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~2\INSTALL.LOG
Balloon Pop Special Edition --> C:\PROGRA~1\eGames\BALLOO~1\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~1\INSTALL.LOG

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:01:33 AM

Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Bingo Master Special Edition --> C:\PROGRA~1\eGames\BINGOM~1\UNWISE.EXE C:\PROGRA~1\eGames\BINGOM~1\INSTALL.LOG
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Block Rox --> C:\PROGRA~1\eGames\BLOCKR~1\UNWISE.EXE C:\PROGRA~1\eGames\BLOCKR~1\INSTALL.LOG
Blood2 --> C:\WINDOWS\uninst.exe -fC:\Games\Blood2\DeIsL1.isu
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Collector's Edition 251 --> C:\PROGRA~1\eGames\COLLEC~1\UNWISE.EXE C:\PROGRA~1\eGames\COLLEC~1\INSTALL.LOG
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Darts --> MsiExec.exe /X{F91CB93C-E24C-4932-A3F9-C4A6403F90CF}
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Deer Hunter 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 4\Uninst.isu"
Deer Hunter 5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 5\Uninst.isu"
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo --> C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy To-Do --> "C:\Program Files\Xanadu Tools\Easy To-Do\unins000.exe"
Elrond's MM6 Editor [v3.6] --> C:\PROGRA~1\ELROND~1\UNWISE.EXE C:\PROGRA~1\ELROND~1\INSTALL.LOG
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Final Fantasy VII --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Square Soft, Inc.\Final Fantasy VII\Uninst.isu"
Final Fantasy VII XP Patch --> C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch"
Flip Words from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
gigabeat S Series Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C5BCAA4-80F2-4092-BD22-F426453BCD17}\Setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Great Pyramid --> C:\PROGRA~1\eGames\GREATP~1\UNWISE.EXE C:\PROGRA~1\eGames\GREATP~1\INSTALL.LOG

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:02:12 AM

Hellfire --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HELLFIRE\Uninst.isu
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hoyle Card Games 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CARD3\Uninst.isu
HP DVD Play 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly
HP User Guides 0024 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{798E409B-F5CA-449E-9BE6-E18199E007C6}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll"
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Lightening --> C:\Program Files\Lightening\Uninst.exe /pid:{904FC6CC-B684-4549-BA5B-AB5A479C945C} /asd
Lotus SmartSuite 97 --> C:\WINDOWS\lunin10.exe /T SmartSuite /V 97.0 /I "c:\lotus\suit.inf" /C "c:\lotus\cinstall.ini" /O /L EN
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Mahjongg Master 5 --> C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Master of Dwarves --> C:\PROGRA~1\eGames\MASTER~1\UNWISE.EXE C:\PROGRA~1\eGames\MASTER~1\INSTALL.LOG
Memorex 6136 U Scanner Driver --> C:\PROGRA~1\Memorex\UNWISE.EXE C:\PROGRA~1\Memorex\INSTALL.LOG
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Train Simulator --> "C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:02:55 AM

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Might and Magic VI: The Mandate of Heaven --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VI\Might and Magic® VI.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Might and Magic VII, For Blood and Honor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VII\Might and Magic VII.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Might and Magic VIII: Day of the Destroyer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Might and Magic VIII\Might and Magic Day of the Destroyer.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Monster Buck Pack, DH2 & DH2 Extended Season --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\Deer Hunter 2\Uninst.isu"
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
MyDsc2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
MySpaceIM --> MsiExec.exe /I{3BA59EE1-6D83-4CAE-A0B9-6B91BD44A14B}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Pinball --> MsiExec.exe /X{0187C675-40EC-4DDB-8ED9-A4A65F44C24E}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rocky Mountain Trophy Hunter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter\Uninst.isu"
Rocky Mountain Trophy Hunter 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter 2\Uninst.isu"
Rocky Mountain Trophy Hunter 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter 3\Uninst.isu"
Rocky Mountain Trophy Hunter Alaskan Expedition --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Rocky Mountain Trophy Hunter\RMTH2.isu" -c"C:\Program Files\Rocky Mountain Trophy Hunter\RMTH2UIS.dll"
RollerCoaster Tycoon Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:03:42 AM

SimCity 2000® CD Collection --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
SimCity 3000 Unlimited --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll"
SimCity 4 Rush Hour --> C:\Documents and Settings\Ritalee\My Documents\EAUninstall.exe
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeraNet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40139BDF-B715-4994-A1BA-6B452DB3FC7B}\Setup.exe" -l0x9
Terayon DOCSIS Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TOSHIBA gigabeat applications 2.0.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33DF47F1-B83A-4EB5-AA56-EAB28A1EAE14}\setup.exe" UNINSTALLUNINSTALL
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Tudoo 3.0.1 --> "C:\Program Files\Tudoo\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar V35 (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarInstaller.exe /u /k
Warcraft II BNE --> C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA SoftSynthesizer S-YXG70 --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu -c"C:\WINDOWS\system32\sxgunins.dll

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:04:18 AM

ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type11711 / Error
Event Submitted/Written: 03/22/2008 03:49:10 PM
Event ID/Source: 11101 / MsiInstaller
Event Description:
Product: Java(TM) 6 Update 5 -- Error 1101.Error reading from file: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_05/sp1033.MST. System error 123. Verify that the file exists and that you can access it.

Event Record #/Type11710 / Error
Event Submitted/Written: 03/22/2008 03:47:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msiexec.exe, version 3.1.4000.1823, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11709 / Error
Event Submitted/Written: 03/22/2008 03:34:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application netscape.exe, version 8.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11705 / Error
Event Submitted/Written: 03/22/2008 02:54:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11696 / Error
Event Submitted/Written: 03/22/2008 06:58:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 02:04:49 AM

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type62464 / Error
Event Submitted/Written: 03/22/2008 05:35:47 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type62463 / Error
Event Submitted/Written: 03/22/2008 05:35:46 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type62462 / Error
Event Submitted/Written: 03/22/2008 05:35:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type62461 / Error
Event Submitted/Written: 03/22/2008 05:35:14 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type62457 / Error
Event Submitted/Written: 03/22/2008 05:34:38 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

-- End of Deckard's System Scanner: finished at 2008-03-22 17:48:17 ------------

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 03:33:09 AM

ok, I got the logs. Have to go out for awhile. I'll check them when I get back.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 03:35:31 AM

ok i will be here reading or doing ebay. :D hopefully i can keep connected i keep loosing my connection.

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 07:53:55 AM

I've gone over the logs, including what you sent from the avast warning log.

Quote

3/20/2008 12:03:31 PM 1206039811 Ritalee 3428 Sign of "Win32:Trojan-gen {VC}" has been found in "C:\Program Files\HPQ\Default Settings\CpqsetVer.exe" file.
3/20/2008 2:26:00 PM 1206048360 Ritalee 3428 Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll" file.
3/20/2008 10:14:55 PM 1206076495 Ritalee 3428 Sign of "Win32:Trojan-gen {VC}" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210172.exe" file.
3/20/2008 10:26:47 PM 1206077207 Ritalee 3428 Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll" file.
3/22/2008 12:08:06 AM 1206169686 Ritalee 1164 Sign of "Win32:WebSearch-M [Adw]" has been found in "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll" file

These are your latest detections. One has been confirmed a false positive by Avira. We'll check that one out after. 3 in system restore. which is most likely the same ones only in a restore point.

Did you try to install IncrediMail recently? I see an entry in HJT that doesn't look quite right.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 08:05:56 AM

hello, no i didnt install incredimail it kept asking me to log onto the net and when i did it wouldnt do anything so every day i get a log in later icon on my desktop.

so is these 4 trojans causing me to have a slow boot up time of 7 to 10 minutes?

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 08:37:06 AM

No, as I said they probably are false positives. We will deal with those after we check a couple of things out.

So we do a little house cleaning.

Open HJT, run a system scan only, check mark these lines if present

O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail

Close all other browsers/windows, click fix, close HJT.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp (http://www.stevengould.org/downloads/cleanup/)

Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post the results of the scan along with a new HJT log aken after the scan.

Thanks.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 08:43:20 AM

witch cleanup folder do i click to download it?

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 08:50:28 AM

452 is the newest, 451 comes in either zipped or unzipped.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 09:35:14 AM

well i cleaned up 214 mbs of space and now installing the other program

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 10:29:26 AM

since i screwed up and didnt click ok to view the malwarebytes log i have to start over and since its 2:27 am and its late i will do it when i get outta bed.

so sometime tomarrow i will have the other logs for you.

i am sorry i screwed up.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 11:11:47 AM

here is the first log. sorry i decided to stay up for it them go to sleep.

Malwarebytes' Anti-Malware 1.09
Database version: 522

Scan type: Quick Scan
Objects scanned: 34932
Time elapsed: 42 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 11:14:48 AM

last log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:35 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 11:16:34 AM

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.games.yahoo.com/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg

--
End of file - 11427 bytes

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 05:57:18 PM

Still not seeing anything that indicates a major infection.

The malabytes' scan shows some reg keys related to myweb search. Nothing serious, adware. But if you ran the scan twice, something may have been removed the first time. Have a look in the quaratine folder and see what's there, just tell me what you see. It should be C:\Program Files\Malwarebytes' Anti-Malware\quaratine

Check this location for this file aswboot.txt

C:\Program Files\ALWIL Software\Avast4\Data\Report

If present it will be the last boottime scan log.

Refering back to the avast warning log, the 4 detections on the 20th, would appear to be 2 detections. One for CpqsetVer.exe, which Avira has confirmed on their part as a false positive. One for NPMyWebS.dll. The other 2 are system restore points, which are probably the same 2 files.

So we look else where. DSS is reporting 383mb of ram, you said you had 512mb. Can you confirm this? Right click my computer icon, select properties. You should be able to see your OS, ram.

Which version of Zone Alarm are you using? DSS shows some errors related to ZA.

Have you added any programs, updates just prior to the slow down?

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 09:06:00 PM

Hello and good morning or afternoon, i am using zone alarm 7.0.462.000

the malwarebytes doesnt have a quaratine program as i looked.

here is the avast report.

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, March 22, 2008 11:11:36 PM
* VPS: 080214-0, 02/14/2008
*

*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Sunday, March 23, 2008 12:33:04 PM
* VPS: 080322-0, 03/22/2008
*

i was told i had 512mbs when i bought my laptop new.

the system says amd sempron 3000 1.8 ghz and 384 megs of memory.

i didnt add any programs before the slow down i was browsing the net looking up info on websites on how good a car is.

i also was going thru my spam folder on gmail and looked up some websites as well thru the spam but otherwise i havnt installed any new programs for a long while.

Title: Re: got a virus i cant see
Post by: Lisandro on March 23, 2008, 09:27:10 PM

Quote from: Warrior-Paine on March 23, 2008, 09:06:00 PM

Task 'Resident protection' used

This is the resident log, not the boot time scanning one.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 10:06:36 PM

i didnt find the other log.

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 10:29:08 PM

Did you follow the path, in windows explorer, to the malabytes quarantine folder?

Your ZA, is it the free version or the pro?

Teatimer is still running according to the last log.

Still looking, but this is looking like a conflict rather than an infection.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 10:50:59 PM

i followed the path, i didnt find a quarantine folder.

zone alarm is the free version.

i followed your instructions on how to disable teatimer it didnt give me a ok button or nothing just clicked the box like you told me too do in spybot.

what type of conflict? also doing some research could my hard drive be failing? also my computer i been using for 2 years is a compaq presario V2000 and i am wondering if overheating could cause windows and other programs to slow up. usually when i click reply on a forum it goes to it without me waiting 15 to 20 seconds for the cpu to do something plus my virus scans go fast instead of 17 hours. like 4 hours.

so i am wondering if my cpu is overheating or my motherboard is fried if it isnt a virus. i will run a virus scan tonight and see what is going on.

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 11:06:05 PM

I was thinking along the lines of software conflict. The programs you have usually play nice together.

Hardware problem is another possibilty. 16 hours for a scan that used to take 4 doesn't seem right. I've got a couple of other things I'm checking. Will post when I can find it.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 11:21:08 PM

ok i am looking up google to see what i can find out on the V2000 laptop. i will await your return

Title: Re: got a virus i cant see
Post by: oldman on March 23, 2008, 11:23:39 PM

The pause on the forum may be normal, I experience it also from time to time.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 11:34:43 PM

well some websites when i click on em takes 15 to 20 seconds or more. like a pause. and when i run some programs they decide to lock up and i have a heck of a hard time shutting down things in the task manager as windows is trying to open another window to continue to try it even after i shut down the not responding program. havnt had the problom untill around 4 to 5 days ago.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 23, 2008, 11:35:52 PM

Title: Re: got a virus i cant see
Post by: Lisandro on March 24, 2008, 12:14:42 AM

Quote from: Warrior-Paine on March 23, 2008, 11:35:52 PM

havnt had the problom untill around 4 to 5 days ago.

I suggest, at least, the general cleaning procedure.

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware (http://www.superantispyware.com) and/or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 01:57:58 AM

Hello i have a question how do i go and disable the retore program?

also will those programs work or conflict with what i have installed on my computer looking for trojans and spyware? i have spybot,adaware and maleware.

Title: Re: got a virus i cant see
Post by: Lisandro on March 24, 2008, 02:16:50 AM

Quote from: Warrior-Paine on March 24, 2008, 01:57:58 AM

Hello i have a question how do i go and disable the retore program?

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

Quote from: Warrior-Paine on March 24, 2008, 01:57:58 AM

also will those programs work or conflict with what i have installed on my computer looking for trojans and spyware? i have spybot,adaware and maleware.

No, they won't conflict. I don't know a program called maleware.

Title: Re: got a virus i cant see
Post by: oldman on March 24, 2008, 03:46:44 AM

It is vitally important that combofix is renamed before it is even started to download

Please download ComboFix from Here (http://subs.geekstogo.com/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:

-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:

(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif)

(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif)

It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.[/color]
-----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 04:04:42 AM

very well i will download combo-fox however i am still having trouble downloading what tech asked me to download. i am going to try a reboot.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 04:45:18 AM

i am only having trouble downloading spyterminator.

the others i am downloading now.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 05:09:10 AM

the only problom i am having is with spyware blaster other then that everything else is downloaded or being downloaded

Title: Re: got a virus i cant see
Post by: TedNelly on March 24, 2008, 05:37:30 AM

Here are a couple of direct download links supplied by MajorGeeks.com that may help

SpywareBlaster 4.0
Download SpywareBlaster from the USA (http://www.majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef)
Spyware Terminator 2.1.1.314
Download Spyware Terminator from the Author's Site (http://majorgeeks.com/downloadget.php?id=5242&file=1&evp=6ef0ffbfd536e2bff92e3dacfdcb6984)

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:33:07 AM

ok here is the first log on combo-fix

ComboFix 08-03-23.4 - Ritalee 2008-03-23 21:35:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT -7:00]Running from: C:\Documents and Settings\Ritalee\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF7200.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\*
CF7200.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF7200.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF7200.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF7200.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

CF7200.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF7200.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:33:53 AM

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000111_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-23 01:36 . 2008-03-23 01:36   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-03-23 01:36 . 2008-03-23 01:36   <DIR>   d--------   C:\Documents and Settings\Ritalee\Application Data\Malwarebytes
2008-03-23 01:36 . 2008-03-23 01:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-23 00:45 . 2008-03-23 00:45   <DIR>   d--------   C:\Program Files\CleanUp!
2008-03-22 23:01 . 2007-12-04 04:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-03-22 23:01 . 2007-12-04 06:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-22 23:01 . 2007-12-04 06:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 23:01 . 2007-12-04 06:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-22 23:01 . 2007-12-04 06:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-22 23:01 . 2007-12-04 06:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-22 23:00 . 2007-12-04 05:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-03-22 23:00 . 2004-01-09 01:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-03-22 20:41 . 2008-03-22 20:41   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-03-22 20:39 . 2007-03-29 05:56   409,600   ---------   C:\WINDOWS\system32\dllcache\qmgr.dll
2008-03-22 20:39 . 2007-03-29 05:56   18,944   ---------   C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-22 20:39 . 2007-03-29 05:56   8,192   ---------   C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-22 20:39 . 2007-03-29 05:56   7,168   ---------   C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-22 20:39 . 2007-03-29 05:56   7,168   ---------   C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-22 20:39 . 2007-03-29 05:56   7,168   ---------   C:\WINDOWS\system32\bitsprx4.dll
2008-03-22 17:39 . 2008-03-22 17:39   <DIR>   d--------   C:\Deckard
2008-03-22 16:10 . 2008-03-22 16:10   <DIR>   d--------   C:\Program Files\Trend Micro

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:34:24 AM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 04:46   45,348,896   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-24 03:09   531,908   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-22 23:18   ---------   d-----w   C:\Program Files\ICQToolbar
2008-03-21 05:26   1,507,840   ----a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-20 11:47   1,505,792   ----a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-20 06:25   ---------   d-----w   C:\Documents and Settings\Ritalee\Application Data\U3
2008-03-20 00:49   2,465,792   ----a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-11 08:26   20,030   -c--a-w   C:\Documents and Settings\Ritalee\Application Data\wklnhst.dat
2008-02-26 05:26   21,840   -c--atw   C:\WINDOWS\system32\SIntfNT.dll
2008-02-26 05:26   17,212   -c--atw   C:\WINDOWS\system32\SIntf32.dll
2008-02-26 05:26   12,067   -c--atw   C:\WINDOWS\system32\SIntf16.dll
2008-02-25 08:35   ---------   d-----w   C:\Program Files\Diablo II
2008-02-21 18:49   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 17:30   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-02-11 17:24   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-02-11 07:12   ---------   d-----w   C:\Program Files\music_now
2008-01-19 19:26   17,792,022   -c--a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-11 05:53   44,544   ----a-w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-05-25 00:52   2,830,336   -c--a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2007-05-25 00:52   1,624,576   -c--a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2007-05-01 15:16   3,077,120   -c--a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2007-04-27 08:49   488   -c--a-w   C:\Documents and Settings\Sara Hope\Application Data\wklnhst.dat
2007-03-05 03:24   0   -c--a-w   C:\Documents and Settings\Pillar Of Winter\Application Data\wklnhst.dat
2007-02-16 11:08   2,832,896   -c--a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2007-02-16 11:08   1,744,384   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2007-02-13 19:22   1,738,752   -c--a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2007-01-31 06:10   411,648   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2007-01-31 06:10   1,713,664   -c--a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2007-01-31 02:05   2,724,352   -c--a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2007-01-27 08:30   1,702,912   -c--a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2007-01-26 01:58   4,502,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2006-11-30 02:47   1,588,736   -c--a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2006-09-26 03:27   1,429,504   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2006-09-26 03:10   1,428,992   -c--a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2006-09-16 00:46   1,404,928   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2006-07-30 23:53   1,301,504   -c--a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2006-07-29 09:53   834,048   -c--a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2006-07-29 09:53   1,291,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-09-24 08:49   12,288   ----a-w   C:\WINDOWS\Fonts\RandFont.dll
1999-07-19 04:05   15,716   -c--a-w   C:\WINDOWS\inf\i386\Pmxscan.sys
2006-06-09 12:22   22   -csha-w   C:\WINDOWS\SMINST\HPCD.sys

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:35:00 AM

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-18 09:10 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-18 09:10 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-18 09:10 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 05:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:47 827392]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 09:30 503808]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 12:39 94208]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 11:56 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 11:23 1187840]
"TosGbWatcher"="C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe" [2005-04-26 02:02 118837]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-21 22:39 282624]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:35:35 AM

C:\Documents and Settings\Sara Hope\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-07-09 12:34:46 225280]

C:\Documents and Settings\Ritalee\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 02:39:30 73728]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-07-13 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 03:06 3144800 C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a--c--- 2006-07-21 03:23 1110016 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-21 22:39 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
--a------ 2006-06-07 10:18 140880 C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:36:14 AM

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Ritalee\\Desktop\\downloads\\incredimail_install.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 Spssys;Toshiba SPS Service;C:\WINDOWS\system32\drivers\spssys.sys [2004-05-07 21:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 16:06]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 04:44:21 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 21:46:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????g????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-23 21:52:15
ComboFix-quarantined-files.txt 2008-03-24 04:52:02
.
2008-03-12 04:21:43 --- E O F ---

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:37:14 AM

here is the hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:49 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:38:06 AM

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:38:37 AM

O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.games.yahoo.com/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg

--
End of file - 11140 bytes

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:42:33 AM

ok tech i am starting the cleaning process as i finished what oldman asked me to do.

i copyed your instrucitions to word and i will follow it to the letter however how do i desiable restore section?

do i go to winconfig and do it?

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 06:46:30 AM

ok tech one more question before i start how do i clean my temp internet files?

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 07:08:22 AM

all the programs are installed except superantispyware witch tells me window installer isnt installed. how do i go about getting it installed?

Title: Re: got a virus i cant see
Post by: oldman on March 24, 2008, 07:50:35 AM

Combofix found one file, and didn't show anything else.

I'm sure your problem is a conflict, possibly software related. I'm going to suggest you doing a system restore to a time at least 2 days before you noticed a problem. The worst you will end up with is a wee bit of adware which can be removed easily.

Before doing that remove the tools I had you download.

* Go to add/remove programs and uninstall

Malwarebytes

It may be listed as mbam

* Click start button, run, then copy and paste the following line into the box and click ok.

Combo-Fix /u

* Please downloadOTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)

Double click OTCleanIt, click the Clean Up button.

You may get prompted by your firewall that OTCleanit/OTMoveIt wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

Now try a system restore and see what you get. If you don't see any improvement you can restore back again.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 24, 2008, 07:57:57 AM

how do i go into the system restore? also do i unintall the other stuff tech suggested i download? also could my system be doing it if it was overheating?

Title: Re: got a virus i cant see
Post by: Lisandro on March 24, 2008, 12:10:45 PM

In more detail, if a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com) or Spyware Terminator (http://www.spywareterminator.com/).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
About legit antispyware applications or the bad ones: http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here and, specially, scan and submit to on-line analysis the RunScanner (http://www.runscanner.net/) log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or, which is better, the Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html) features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.

Title: Re: got a virus i cant see
Post by: oldman on March 24, 2008, 01:37:58 PM

To use system restore

-Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
- On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
- On the Select a Restore Point page, click the date you want in the On this list, click a restore point list, and then click Next. A --System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
-On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.

-Click OK.

If you turn system restore off, all restore points will be erased.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 25, 2008, 01:49:24 AM

Thanks oldman however i have bad news the system restores arnt working and i tried 7 times with no luck to feb 19th 2007. i will try again soon to see if it will work.

any other suggestions?

Title: Re: got a virus i cant see
Post by: oldman on March 25, 2008, 01:58:22 AM

Try doing it from safe mode. System restore can be flakey.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 25, 2008, 02:02:23 AM

ok so i go into F8 then hit safe mode then try from there. ok then let me try that way a few times then i will report back if it works or not.

Title: Re: got a virus i cant see
Post by: oldman on March 25, 2008, 02:23:00 AM

Some safe mode instructions. Note use the administrater account.

1. Restart the computer. Immediately after the screen goes blank for the first time, or after the BIOS post ends, start taping the F8 key repeatedly. The Windows Advanced Options menu appears.

If the menu does not appear, restart the computer and try again.
2. Select Safe Mode, and then press ENTER. As files load they will scroll down the screen.

Note Safe mode uses a minimal set of device drivers and services to start Windows. The default Microsoft VGA driver is used for display at 640 X480 resolution and in 16 colors.
3. Log on to the Administrator account. If a password was never set, leave the password blank and press ENTER or click the green arrow.
4. Click No in the safe mode information screen to start System Restore.
5. Select Restore my computer to an earlier time, and then click Next to proceed to select a date with restore points available.
6. Click Next to begin restoring the system to a previous state.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 25, 2008, 03:36:02 AM

ok will try that as it failed again.

and i am on try 10.

Title: Re: got a virus i cant see
Post by: oldman on March 25, 2008, 07:39:15 AM

I'll give you a link to trouble shooting SR.

http://support.microsoft.com/kb/302796

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 25, 2008, 08:01:38 AM

Thanks oldman as i am at try 16 with no luck plus since i am running low of reading materials plus as a smoker i smoke a pipe with pipe tobacco and i am almost outta pipes as i use 1 at a time then let one cool down.

i spoke to the computer guy across the street he said if my ram is 512 witch i found out on this model it is 512 and i am down to 384 its either a virus in my ram or in my motherboard chip. the laptop isnt overheating.

he said it could be my ram failing. could that cause the slow down as windows xp needs 512 ram to run.

also since its taking 10 minutes to boot up and 1 min to boot down should i on payday hire the pc guy to reformat after i buy a external hdd to back up what i need? also since i dont have my windows disk as i bought this computer thru a rent to own company do you recommend i buy windows xp again?

Title: Re: got a virus i cant see
Post by: oldman on March 25, 2008, 08:12:28 AM

If it's a Dell, or an HP it should have a restore partion on the HD. I don't know if you can buy xp any more.

Do a google search for crucial, I think that's the right spelling. They deal with ram. I believe they have a ram scan, so you can see exactly what is on your computer. You can also try to find memtest or similar. It's a diagnostic for ram. Try searching this forum for a link.

luck

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 25, 2008, 08:16:25 AM

Hi oldman the D: drive partition says presario i dont know whats on it or what to do with it.

ok i will look up the ram scan. i will let you know what it tells me. also let me show you what microsoft says on the restore problom.

Possible causes include:

The restore point is corrupted.
There is an unknown problem with the system.

could be corrupted or there is a severe problom with my system.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 25, 2008, 08:31:04 AM

Hi Oldman it shows the system with 512 on the scanner but on system it shows 384. could the ram be failing?

Title: Re: got a virus i cant see
Post by: oldman on March 25, 2008, 01:49:02 PM

I don't know, it's a block of 128mb that system is reporting. do you knoe if your ram is shared by the video card? 128 seems like a lot to alot to video though.

Did you use this?

http://hcidesign.com/memtest/

Check this also.

start,control panel,system,hardware tab,device manager,

click + beside ide ata/atapi controlers

right click primary ide channel, click properties

click advanced seetings tab,

make sure both transfer mode boxes are set to dma if available

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 26, 2008, 12:06:11 AM

Hi Oldman i am running 128 mb thru the shared video card with is a radeon express M200.

so my ram isnt failing i also tried till around 18 tries on restore with no luck.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 26, 2008, 04:54:27 AM

Well bad news i kept working on system restore till today when my system deleted all my restores.

Title: Re: got a virus i cant see
Post by: oldman on March 26, 2008, 05:55:04 AM

If you tried that many times, it may not have worked anyway.

Your ram is all accounted for and I suppose it's always been set like it is. Faulty ram usually is accompanied by freezes, reboots.

I still feel you have a software conflict. I'd suggest disabling/uninstalling some security programs and see if system preformance improves,you should be able to notice this off line.

From the DSS log

Quote

-- Application Event Log -------------------------------------------------------

Event Record #/Type11711 / Error
Event Submitted/Written: 03/22/2008 03:49:10 PM
Event ID/Source: 11101 / MsiInstaller
Event Description:
Product: Java(TM) 6 Update 5 -- Error 1101.Error reading from file: http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_05/sp1033.MST. System error 123. Verify that the file exists and that you can access it.

Event Record #/Type11710 / Error
Event Submitted/Written: 03/22/2008 03:47:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msiexec.exe, version 3.1.4000.1823, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11709 / Error
Event Submitted/Written: 03/22/2008 03:34:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application netscape.exe, version 8.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11705 / Error
Event Submitted/Written: 03/22/2008 02:54:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11696 / Error
Event Submitted/Written: 03/22/2008 06:58:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.3861.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

I realy don't know what else to suggest. Poosibly even a corrupt avast, I don't know. Guys???

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 26, 2008, 11:31:57 AM

Hi oldman would a reformat be in order? do you recommend it?

Title: Re: got a virus i cant see
Post by: oldman on March 27, 2008, 07:10:53 AM

If it where me, I would first look for conflicting/corrupted software. did you try uninstalling anything an see if system preformance improves?

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 28, 2008, 11:11:11 AM

i tried your recommendations nothing worked.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 29, 2008, 09:12:55 AM

Also windows xp took 20 minutes to boot this morning.

Title: Re: got a virus i cant see
Post by: oldman on March 29, 2008, 09:25:42 AM

Try this, otherwise I'm out of ideas ???

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/kbtip.mspx

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 29, 2008, 09:52:17 AM

ok will do oldman. and thanks

Title: Re: got a virus i cant see
Post by: Warrior-Paine on March 29, 2008, 11:00:13 AM

it got thru phase 1 then got 2 bars on phase 2 then locked up. i will try the scan when i am getting ready to sleep then if i fall a sleep it can scan while a sleep. makes things easier.

soon as the scan is complete i will let you know whats going on.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on April 02, 2008, 08:55:37 AM

Just to let you know Oldman i am having trouble with my cooling fan. it goes on and off on this laptop and i am trying to find out if its normal.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on April 02, 2008, 09:05:59 AM

well this answers that.

For the normal task of web browsing the v2000z is pretty quiet and the fan is off mostly. But on warmer days it does turn on once every 20-30 minutes for a few seconds (typically for 20 seconds) and then stops. When the fan is running it is not loud at all, but I would not say it is whisper quiet either. The fan turns on when the CPU temperature reaches 55C and turns off when the temperature drops to 50C. While running with full load (at maximum speed and maximum load) the CPU fan turns on and off every 20-30 seconds. Not bad at all. It also looks like the fan has different speeds, but I'm not sure how much it varies.

I do not feel heat is a problem with this laptop. After prolonged use on warmer days it also gets warm, but never hot. One thing I observed is that the left palm area gets warmer after an hour or so. The hard drive temperatures are warmer than I would like. After a couple of hours HD temps climb to 48C, sometimes hitting 51-52C, if you're doing any disk intensive tasks. Still though, overall the v2000z pretty good in heat and noise department.

Title: Re: got a virus i cant see
Post by: Warrior-Paine on April 05, 2008, 04:46:25 PM

Hello Oldman, the laptop is fixed. the pc tech reformated. he said it wasnt software or hardware as he removed all the programs he could before formating and it was still like that. so he thinks either windows xp was corrupted or there was a virus in it.

Title: Re: got a virus i cant see
Post by: oldman on April 05, 2008, 05:37:51 PM

Thanks for posting back. It's too bad it came to a reformat and reinstall.

Just out of curiousity, which version of avast did you have installed?

Title: Re: got a virus i cant see
Post by: Warrior-Paine on April 08, 2008, 09:34:04 PM

i had version 4.7 installed now a new version. also the only problom with laptop is the wifi keeps disconnecting me or not letting me connect i think the guy installed the wrong driver for the wifi card.

and yes it was sad i had to reformat.

what was sad was the tech told me to buy a external hdd witch i did when i really didnt need it.

so the total with external hdd costed $190 total.