userinit.exe

AVG found a virus:

"C:\WINDOWS\system32\userinit.exe";"Trojan horse Downloader.Agent2.ON";"Object is white-listed (critical/system file that should not be removed)"

and every so often a black box pops up then dissapears before i can read. it prevents me from playing L4d because it makes the game go to desktop everytime it pops up. anything you guys can do?

AVG scanned again under a quick scan and it didnt pick up any viruses so im not sure... let me know if yall can help

Hello.
We can fix this, but I need to see some information from your system before hand.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark Anthony Shy!!! at 17:11:14.26 on Mon 03/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2615 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1180810461\ee\aolsoftware.exe
c:\program files\common files\aol\1180810461\ee\aexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Mark Anthony Shy!!!\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office x3\programs\QFSCHD130.EXE"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221796122453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 107912]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-24 298264]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-23 24652]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2009-03-27 09:57 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-27 09:57 22,328 a------- c:\docume~1\markan~1\applic~1\PnkBstrK.sys
2009-03-27 09:57 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-03-27 09:57 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-03-27 09:57 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-24 10:08 --d-h--- C:\$AVG8.VAULT$
2009-03-24 10:04 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-24 10:04 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-24 10:04 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-24 10:04 --d----- c:\windows\system32\drivers\Avg
2009-03-24 10:04 --d----- c:\program files\AVG
2009-03-24 10:04 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-20 17:44 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-20 17:44 --d----- c:\program files\SUPERAntiSpyware
2009-03-20 17:44 --d----- c:\docume~1\markan~1\applic~1\SUPERAntiSpyware.com
2009-03-17 15:20 --d----- c:\program files\WordPerfect Office X3
2009-03-17 15:20 --d----- c:\program files\common files\Corel
2009-03-17 15:20 --d----- c:\program files\common files\Borland Shared
2009-03-17 15:15 --d----- c:\program files\Steam
2009-03-17 15:13 --d----- c:\program files\Acoustica Mixcraft 4
2009-03-17 11:59 --d----- c:\program files\Steam(2)
2009-03-16 19:21 --d----- c:\docume~1\markan~1\applic~1\Xfire
2009-03-16 15:57 --d----- c:\docume~1\markan~1\applic~1\The Creative Assembly
2009-03-15 12:20 --d----- c:\windows\system32\XPSViewer
2009-03-15 12:13 --d----- c:\windows\NV2801164.TMP
2009-03-12 21:05 --d----- c:\program files\Dell
2009-03-12 19:55 10,145 a------- c:\windows\system32\LexFiles.ulf
2009-03-12 19:53 --d----- C:\drivers
2009-03-08 12:54 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-08 12:54 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-03-02 20:48 --d----- c:\program files\Xfire
2009-03-01 16:14 5,510 a------- c:\windows\system32\uacinit.dll
2009-03-01 16:14 127 a------- c:\windows\system32\UACbfkftkkc.dat

==================== Find3M ====================

2009-03-06 12:37 8,221 a------- c:\program files\th_bestkiller.JPG
2009-03-03 22:15 17,555 a------- c:\program files\th_bestkiller.gif
2009-02-26 14:47 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-23 18:08 7,912 a------- c:\windows\system32\d3d9caps.dat
2009-02-20 07:13 119,296 a------- c:\windows\system32\zlib.dll
2009-02-10 18:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-02-10 16:41 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-04 03:27 3,488,768 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-16 19:24 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-09-03 15:37 24 a------- c:\documents and settings\mark anthony shy!!!\jagex_runescape_preferences.dat
2008-04-15 21:40 88 ---shr-- c:\windows\system32\4C58451B16.sys
2008-04-15 21:40 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-22 19:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat

============= FINISH: 17:11:29.29 ===============

Okay, there is some other malware present too.
Lets fix this now.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8 and SuperAntiSpyware)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-03-29.04 - Mark Anthony Shy!!! 2009-03-30 17:27:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2634 [GMT -4:00]
Running from: c:\documents and settings\Mark Anthony Shy!!!\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Favorites\HyCam2.exe
c:\documents and settings\All Users\Favorites\UnHyCam2.exe
c:\documents and settings\LocalService\Application Data\wsnpoem
c:\documents and settings\LocalService\Application Data\wsnpoem\audio.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\UACbfkftkkc.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACoidqlxjk.log

----- BITS: Possible infected sites -----

hxxp://dx5.biz
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-27 09:59 . 2009-03-27 09:59 dr-h----- c:\documents and settings\Mark Anthony Shy!!!\Application Data\SecuROM
2009-03-27 09:57 . 2009-03-27 09:57 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-03-27 09:57 . 2009-03-27 09:57 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2009-03-27 09:57 . 2009-03-27 09:57 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-03-27 09:57 . 2009-03-27 09:57 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-03-27 09:57 . 2009-03-27 09:57 22,328 --a------ c:\documents and settings\Mark Anthony Shy!!!\Application Data\PnkBstrK.sys
2009-03-24 10:08 . 2009-03-30 15:29 d--h----- C:\$AVG8.VAULT$
2009-03-24 10:04 . 2009-03-30 10:08 d-------- c:\windows\system32\drivers\Avg
2009-03-24 10:04 . 2009-03-24 10:04 d-------- c:\program files\AVG
2009-03-24 10:04 . 2009-03-24 10:04 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-24 10:04 . 2009-03-24 10:04 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-24 10:04 . 2009-03-24 10:04 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-24 10:04 . 2009-03-24 10:04 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-20 17:44 . 2009-03-30 11:25 d-------- c:\program files\SUPERAntiSpyware
2009-03-20 17:44 . 2009-03-20 17:44 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\SUPERAntiSpyware.com
2009-03-20 17:44 . 2009-03-20 17:44 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-17 15:20 . 2009-03-17 15:20 d-------- c:\program files\Zune
2009-03-17 15:20 . 2009-03-17 15:20 d-------- c:\program files\WordPerfect Office X3
2009-03-17 15:20 . 2009-03-17 15:20 d-------- c:\program files\Common Files\Corel
2009-03-17 15:20 . 2009-03-17 15:20 d-------- c:\program files\Common Files\Borland Shared
2009-03-17 15:15 . 2009-03-30 17:31 d-------- c:\program files\Steam
2009-03-17 15:13 . 2009-03-17 15:13 d-------- c:\program files\Acoustica Mixcraft 4
2009-03-17 11:59 . 2009-03-17 15:13 d-------- c:\program files\Steam(2)
2009-03-16 19:21 . 2009-03-16 19:21 d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2009-03-16 19:21 . 2009-03-17 15:14 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\Xfire
2009-03-16 15:57 . 2009-03-16 15:57 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\The Creative Assembly
2009-03-16 10:46 . 2009-03-17 15:16 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\Bioshock
2009-03-15 12:20 . 2009-03-17 15:17 d-------- c:\windows\system32\XPSViewer
2009-03-15 12:20 . 2009-03-15 12:20 d-------- c:\program files\Reference Assemblies
2009-03-15 12:20 . 2009-03-15 12:20 d-------- c:\program files\MSBuild
2009-03-15 12:13 . 2009-03-17 15:18 d-------- c:\windows\NV2801164.TMP
2009-03-12 21:05 . 2009-03-12 21:05 d-------- c:\program files\Dell
2009-03-12 19:55 . 2009-03-12 20:23 10,145 --a------ c:\windows\system32\LexFiles.ulf
2009-03-12 19:53 . 2009-03-12 19:53 d-------- C:\drivers
2009-03-08 12:56 . 2009-03-08 12:56 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\Logitech
2009-03-08 12:54 . 2009-03-08 12:54 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-03-08 12:54 . 2009-03-08 12:54 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-08 12:53 . 2009-03-08 12:55 d-------- c:\program files\Logitech
2009-03-08 12:53 . 2009-03-17 15:21 d-------- c:\program files\Common Files\Logishrd
2009-03-08 12:53 . 2009-03-08 12:53 d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-03-02 20:48 . 2009-03-17 15:14 d-------- c:\program files\Xfire
2009-02-28 15:36 . 2009-03-12 19:55 d-------- c:\program files\Dl_cats
2009-02-26 14:47 . 2009-02-26 14:47 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-24 07:16 . 2009-02-24 07:18 d-------- c:\windows\NV17483048.TMP
2009-02-24 07:16 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-02-24 07:15 . 2009-02-24 07:15 d-------- C:\NVIDIA
2009-02-23 18:11 . 2009-02-23 18:12 8 --a------ c:\windows\system32\nvModes.dat
2009-02-23 18:10 . 2009-02-23 18:10 d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-23 18:07 . 2009-02-23 18:07 d-------- c:\windows\system32\AGEIA
2009-02-23 18:07 . 2009-02-24 07:17 d-------- c:\program files\AGEIA Technologies
2009-02-23 18:06 . 2009-03-15 12:32 d-------- c:\windows\nview
2009-02-23 18:06 . 2008-12-23 22:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-23 18:06 . 2008-12-26 01:08 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-02-23 18:06 . 2009-03-30 17:30 207,481 --a------ c:\windows\system32\nvapps.xml
2009-02-23 18:06 . 2009-02-18 14:44 19,021 --a------ c:\windows\system32\nvdisp.nvu
2009-02-21 14:50 . 2009-03-17 15:17 d--h----- c:\windows\msdownld.tmp
2009-02-21 14:50 . 2009-02-21 14:50 d-------- c:\windows\Logs
2009-02-20 21:29 . 2009-03-16 00:12 d-------- c:\documents and settings\All Users\Application Data\TrackMania
2009-02-20 19:07 . 2009-02-20 19:07 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\Acoustica
2009-02-20 19:07 . 2007-08-07 12:32 57,344 --a------ c:\windows\system32\Wnaspint.dll
2009-02-20 19:06 . 2009-02-20 19:07 d-------- c:\program files\Acoustica Shared Effects
2009-02-20 19:00 . 2009-02-20 19:00 d-------- c:\documents and settings\All Users\Application Data\Acoustica
2009-02-14 16:23 . 2009-02-14 16:23 d-------- c:\windows\SoundTrek
2009-02-14 16:23 . 2009-02-14 16:30 d-------- c:\program files\JAMMER Professional 6 Demo
2009-02-14 16:16 . 2009-03-25 10:23 16 --a------ c:\windows\system32\w3data.vss
2009-02-14 16:16 . 2009-03-25 10:23 16 --a------ c:\windows\msocreg32.dat
2009-02-14 16:04 . 2009-02-14 16:04 d-------- c:\program files\Vstplugins
2009-02-14 16:04 . 2009-02-14 16:30 d-------- c:\program files\Sonoma Wire Works
2009-02-14 16:04 . 2009-02-14 16:04 d-------- c:\program files\IK Multimedia
2009-02-14 16:04 . 2009-02-14 16:04 d-------- c:\documents and settings\All Users\Application Data\Sonoma Wire Works
2009-02-11 09:06 . 2009-02-11 09:06 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\KALiNKOsoft
2009-02-10 21:52 . 1998-06-24 02:00 164,144 --a------ c:\windows\system32\comct232.ocx
2009-02-10 21:52 . 2009-02-20 07:13 119,296 --a------ c:\windows\system32\zlib.dll
2009-02-10 21:52 . 2000-12-06 03:00 109,248 --a------ c:\windows\system32\mswinsck.ocx
2009-02-10 21:52 . 2001-04-05 07:43 94,208 -r--s---- c:\windows\system32\msstkprp.dll
2009-02-10 21:52 . 2008-01-13 17:36 91,632 --a------ c:\windows\system32\dsofile.dll
2009-02-10 21:52 . 1999-05-17 14:55 57,344 --------- c:\windows\system32\ADsSecurity.dll
2009-02-10 21:52 . 2002-08-09 12:18 45,056 --------- c:\windows\system32\NTSVC.ocx
2009-02-10 21:52 . 2003-01-26 14:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll
2009-02-10 21:52 . 2008-01-13 20:59 36,864 --a------ c:\windows\system32\dxinputdll.dll
2009-02-10 21:51 . 2009-02-10 21:51 d-------- c:\program files\KALiNKOsoft
2009-02-10 18:09 . 2009-02-10 18:09 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-02-10 18:08 . 2009-02-10 18:08 d-------- c:\program files\Microsoft Xbox 360 Accessories
2009-02-10 18:08 . 2007-02-26 19:15 1,421,216 --a------ c:\windows\system32\WdfCoInstaller01001.dll
2009-02-10 18:08 . 2007-04-04 19:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-02-10 18:08 . 2007-02-26 19:15 61,984 --a------ c:\windows\system32\drivers\xusb21.sys
2009-02-10 16:41 . 2009-02-10 16:41 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-02-09 14:18 . 2009-02-09 14:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-08 15:03 . 2009-02-08 15:05 d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-02-06 20:22 . 2009-02-06 20:22 d-------- c:\documents and settings\Mark Anthony Shy!!!\Application Data\ATI
2009-02-06 20:20 . 2009-02-06 20:20 0 --a------ c:\windows\ativpsrm.bin
2009-02-06 20:14 . 2009-02-06 20:14 d-------- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 14:08 --------- d-----w c:\documents and settings\Mark Anthony Shy!!!\Application Data\AVGTOOLBAR
2009-03-24 13:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-24 13:49 --------- d-----w c:\program files\Symantec
2009-03-24 13:49 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-20 21:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-19 14:21 --------- d-----w c:\program files\Yahoo!
2009-03-19 14:20 --------- d-----w c:\program files\LimeWire
2009-03-17 19:21 --------- d-----w c:\program files\Dell Photo AIO Printer 924
2009-03-17 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-03-17 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\Borland
2009-03-15 13:13 --------- d-----w c:\program files\EA Games
2009-03-14 22:53 --------- d-----w c:\documents and settings\Mark Anthony Shy!!!\Application Data\LimeWire
2009-03-08 16:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 16:37 8,221 ----a-w c:\program files\th_bestkiller.JPG
2009-03-04 02:15 17,555 ----a-w c:\program files\th_bestkiller.gif
2009-02-10 02:41 --------- d-----w c:\documents and settings\Mark Anthony Shy!!!\Application Data\Move Networks
2009-02-09 18:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-08 03:33 --------- d-----w c:\documents and settings\Mark Anthony Shy!!!\Application Data\Apple Computer
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-01 22:11 --------- d-----w c:\documents and settings\Mark Anthony Shy!!!\Application Data\acccore
2008-09-03 19:37 24 ----a-w c:\documents and settings\Mark Anthony Shy!!!\jagex_runescape_preferences.dat
2008-04-16 01:40 88 --sh--r c:\windows\system32\4C58451B16.sys
2008-04-16 01:40 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-22 23:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082220080823\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-30 1830128]
"Steam"="c:\program files\Steam\Steam.exe" [2009-03-23 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-24 1932568]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-24 10:04 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2007-11-20 17:40 731136 c:\program files\dvd43\DVD43_Tray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180810461\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\Desktop 16\\TrueWeather.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\1180810461\\ee\\aexplore.exe"=
"c:\\Westwood\\RA2\\patchgetmd.dat"=
"c:\\Westwood\\Renegade\\Game.exe"=
"c:\\Documents and Settings\\Mark Anthony Shy!!!\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-24 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-24 107912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-23 24652]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 17:31:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-162531612-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:85,2b,03,c6,c8,97,7b,5d,54,05,19,a5,b9,8c,ae,a3,cf,4c,65,79,f2,
95,4f,f8,a2,d8,9c,14,06,cd,d6,96,b1,cc,a4,6f,c9,10,dc,40,54,df,c5,05,e1,cd,\
"rkeysecu"=hex:6b,f7,4a,59,45,a9,b4,de,ae,c8,8a,00,9d,3e,a2,8f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\searchindexer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-03-30 17:36:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 21:36:05

Pre-Run: 99,353,182,208 bytes free
Post-Run: 101,222,412,288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

316 --- E O F --- 2009-03-18 07:02:08

Hello.

Combofix/DDS didn't find an infected userinit.
The log looks okay. I just want to see what's installed.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Acoustica Effects Pack
Acoustica Mixcraft 4.2
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 8.5
Bonjour
Command & Conquer Red Alert 2
Command & Conquer Renegade
Command & Conquer Tiberian Sun
Command && Conquer Red Alert 2 - Yuri's Revenge
Conexant D850 56K V.9x DFVc Modem
CopySafe Plugin
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 924
Desktop 16
Digital Guitar Tuner 2.3
Download Updater (AOL LLC)
Drivers Install For Linksys Easylink Advisor
DVD43 v4.0.0
DVDx
Far Cry 2
Free Natural Text to Speech Reader 2008
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 3
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LeagueWorks for Football
Left 4 Dead
Left 4 Dead Dedicated Server
Linksys EasyLink Advisor 1.6 (0044)
LiveUpdate 3.1 (Symantec Corporation)
Marine Sharpshooter 4
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Xbox 360 Accessories 1.1
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
Netflix Movie Viewer
NVIDIA Drivers
NVIDIA PhysX
Pinnacle Game Profiler
Power Tab Editor 1.7
PunkBuster Services
QuickTime
Rhapsody Player Engine
RitzPix E-Z Print & Share
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SigmaTel Audio
Steam
SUPERAntiSpyware Free Edition
The Sims 2 Double Deluxe
TrackMania Nations Forever
Trillian
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
VST Bridge 1.1
Westwood Shared Internet Components
Windows Defender
Windows Desktop Search 3.01
Windows Desktop Search 3.01
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.0
WordPerfect Office X3
WordPerfect Office X3
Xfire (remove only)
Yahoo! Install Manager
Zune
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

Hello.
The malware is gone, just some programs to update; security risks!


Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

Adobe Reader 8.1.2
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  
• Select the first option where it says "This release includes the highly anticipated...".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u13-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

dont have an unzip program, was using the free for winzip but it ran out couple days ago

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Mar 30 18:30:32 2009

Found and removed: C:\Program Files\Java\jre1.5.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_03

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\

------------------------------------

Finished reporting.

Hello.

Please download and install Adobe Reader version 9.1 from here:
http://get.adobe.com/uk/reader/

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

havent seen that black box pop up in awhile, so hopefully its gone, thank you, should i delete everything i saved about those reports and what not and hijack this

Yes.
Keep MBAM though, it's very effective.

To get rid of Hijack This, you'll have to go back into Add/remove programs and remove Hijack This 2.0.2.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.