help with win32ba \.\hupigon malware

Ran adaware recently and was shocked to see that i have the win32ba \.\hupigon malware. I tried quarantining it twice and upon running adaware for a third time it appears to actually be quarantined but I'm still worried. Below, my hijackthis log. Help would be appreciated. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:32 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B343B956-FF5E-4A8B-8534-D8AF51F49693}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

--
End of file - 7071 bytes

Hello.
Not saying this is your fault, but I need you to stay with me on this, you can't leave this an entire week, because the longer you leave it, the more malware gets downloaded.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Thanks! Here's the MBAM log:

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

4/12/2009 1:59:45 PM
mbam-log-2009-04-12 (13-59-45).txt

Scan type: Quick Scan
Objects scanned: 75764
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here it is. Broken into two posts. Thanks again.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Ed Park at 15:17:32.10 on Sun 04/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.2385 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ed Park\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = avnotify.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {B343B956-FF5E-4A8B-8534-D8AF51F49693} = 192.168.1.1
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\edpark~1\applic~1\mozilla\firefox\profiles\ee4bimsl.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-5 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-28 11608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2009-3-14 4442]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-28 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-3-14 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-11-21 12560]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-6-8 81280]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-14 33176]

=============== Created Last 30 ================

2009-04-12 10:24 --d----- c:\docume~1\edpark~1\applic~1\Malwarebytes
2009-04-12 10:24 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-12 10:24 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-12 10:24 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-12 10:24 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-11 22:05 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-11 22:02 --d----- c:\documents and settings\ed park\.SunDownloadManager
2009-04-11 21:58 --d----- c:\program files\Trend Micro
2009-04-11 21:53 --d----- c:\documents and settings\ed park\.housecall6.6
2009-04-11 20:15 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-05 23:06 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-05 23:02 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-05 23:02 --d----- c:\program files\Lavasoft
2009-04-05 22:56 --d----- c:\program files\Shareaza
2009-04-05 22:56 --d----- c:\docume~1\edpark~1\applic~1\Shareaza
2009-04-05 22:22 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-05 22:22 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-05 22:21 --d----- c:\program files\iPod
2009-04-05 22:21 --d----- c:\program files\iTunes
2009-04-05 22:21 --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 22:21 --d----- c:\program files\Bonjour
2009-04-05 22:20 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-04-05 22:20 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-28 21:09 --d----- c:\docume~1\edpark~1\applic~1\LimeWire
2009-03-28 21:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-28 20:52 483,328 a------- c:\windows\system32\actskn45.ocx
2009-03-28 20:27 --d----- c:\program files\Avira
2009-03-28 20:15 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-28 20:15 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-18 02:07 --d-h--- c:\windows\system32\GroupPolicy
2009-03-15 20:19 421,888 a------- c:\windows\system32\ac3filter.acm
2009-03-15 20:19 --d----- c:\program files\AC3Filter
2009-03-15 19:45 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-15 19:45 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-15 19:44 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-15 19:44 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-14 13:55 --d----- c:\docume~1\alluse~1\applic~1\Digsby
2009-03-14 13:23 --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-03-14 13:23 --d----- c:\docume~1\edpark~1\applic~1\AVS4YOU
2009-03-14 13:23 --d----- c:\program files\common files\AVSMedia
2009-03-14 13:23 --d----- c:\windows\SxsCaPendDel
2009-03-14 13:22 24,576 a------- c:\windows\system32\msxml3a.dll
2009-03-14 13:22 --d----- c:\program files\AVS4YOU
2009-03-14 11:01 28,672 -------- c:\windows\PWMBTHLP.EXE
2009-03-14 11:01 4,442 -------- c:\windows\system32\drivers\TPPWRIF.SYS
2009-03-14 10:54 --d----- c:\program files\HandBrake
2009-03-14 10:49 --d----- c:\windows\system32\XPSViewer
2009-03-14 10:49 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-14 10:49 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-14 10:49 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-14 10:49 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-14 10:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-14 10:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-14 10:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-14 10:49 --d----- C:\75da2a574c8f687cb6614d15d305
2009-03-14 10:46 --d----- c:\program files\Haali
2009-03-14 10:46 --d----- c:\program files\CoreCodec
2009-03-14 10:43 --d----- c:\docume~1\edpark~1\applic~1\Digsby
2009-03-14 10:43 --d----- c:\program files\Digsby
2009-03-14 10:42 --d----- c:\program files\Windows Media Connect 2
2009-03-14 10:42 --d----- c:\windows\system32\LogFiles
2009-03-14 10:38 --d----- c:\program files\uTorrent
2009-03-14 10:37 --d----- c:\docume~1\edpark~1\applic~1\uTorrent
2009-03-14 10:20 --d----- c:\program files\DivX
2009-03-14 09:57 --d----- c:\program files\Digital Line Detect
2009-03-14 09:57 --d----- c:\program files\NetWaiting
2009-03-14 09:57 --d----- c:\program files\CONEXANT
2009-03-14 09:54 90,112 a------- c:\windows\system32\snymsico.dll
2009-03-14 09:54 43,008 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-03-14 09:54 172,032 a------- c:\windows\system32\rixdicon.dll
2009-03-14 09:54 38,400 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-03-14 09:54 46,592 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-03-14 09:53 --d----- c:\docume~1\edpark~1\applic~1\Intel
2009-03-14 09:53 3,632,384 a------- c:\windows\system32\drivers\NETw5x32.sys
2009-03-14 09:53 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2009-03-14 09:53 663,552 a------- c:\windows\system32\NETw5c32.dll
2009-03-14 09:53 --d----- c:\program files\common files\Intel
2009-03-14 09:44 720,088 a------- c:\windows\qfe4.tmp
2009-03-14 09:22 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-14 09:22 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-14 09:22 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-14 09:22 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-14 09:22 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-14 09:16 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-14 09:16 --d----- c:\windows\system32\PreInstall
2009-03-14 09:16 --d-h--- c:\windows\$hf_mig$
2009-03-14 09:09 --dsh--- c:\documents and settings\ed park\UserData
2009-03-14 09:06 53,017 a------- c:\windows\system32\nvModes.dat
2009-03-14 09:06 53,017 a------- c:\windows\system32\nvModes.001
2009-03-14 09:04 190,706 a------- c:\windows\system32\nvapps.xml
2009-03-14 09:04 36,852 a------- c:\windows\system32\nvwsapps.xml
2009-03-14 09:04 453,152 a------- c:\windows\system32\nvudisp.exe
2009-03-14 09:04 18,696 a------- c:\windows\system32\nvdisp.nvu
2009-03-14 09:04 --d----- c:\windows\nview
2009-03-14 09:04 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-03-14 08:59 --d----- c:\program files\common files\ThinkVantage Fingerprint Software
2009-03-14 08:59 --d----- c:\program files\common files\SPBA
2009-03-14 08:59 --d----- c:\program files\ThinkVantage Fingerprint Software
2009-03-14 08:59 --d----- c:\docume~1\alluse~1\applic~1\UIB
2009-03-14 08:58 --d----- c:\windows\system32\SoftwareDistribution
2009-03-14 00:45 --d----- c:\program files\ThinkPad
2009-03-13 23:50 225,664 a------- c:\windows\system32\drivers\SynTP.sys
2009-03-13 23:50 147,456 a------- c:\windows\system32\SynTPAPI.dll
2009-03-13 23:50 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-03-13 23:50 200,704 a------- c:\windows\system32\SynCtrl.dll
2009-03-13 23:50 163,840 a------- c:\windows\system32\SynCOM.dll
2009-03-13 23:50 --d----- c:\program files\Synaptics
2009-03-13 23:43 --d----- c:\program files\Lenovo
2009-03-13 23:42 1,904 -------- c:\windows\system32\SetupBD.din
2009-03-13 23:39 --d----- c:\windows\system32\ReinstallBackups
2009-03-13 23:39 --d----- C:\Intel
2009-03-13 23:24 --d----- c:\program files\Analog Devices
2009-03-13 23:13 --d----- C:\Drivers
2009-03-13 22:59 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-13 22:51 --d----- c:\documents and settings\Ed Park
2009-03-13 22:50 --ds---- c:\windows\system32\Microsoft
2009-03-13 22:50 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-13 22:48 103,424 ac------ c:\windows\system32\dllcache\uihelper.dll
2009-03-13 22:47 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-03-13 22:46 598,071 ac------ c:\windows\system32\dllcache\fpmmc.dll
2009-03-13 22:45 --dsh--- c:\documents and settings\all users\DRM
2009-03-13 22:45 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-13 22:45 --d-h--- c:\program files\WindowsUpdate
2009-03-13 22:44 --d----- c:\program files\common files\MSSoap
2009-03-13 22:43 --d----- c:\program files\Online Services
2009-03-13 22:43 --d----- c:\program files\Messenger
2009-03-13 22:43 --d----- c:\program files\MSN Gaming Zone
2009-03-13 22:42 --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-14 10:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-13 22:43 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 15:17:43.14 ===============

Hello.
I want to see what's installed.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Here it is:

AC3Filter (remove only)
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour
CoreAVC Professional Edition (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Digsby
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Haali Media Splitter
HandBrake 0.9.3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel PROSet Wireless
Intel(R) PRO Network Connections Drivers
iTunes
Java(TM) 6 Update 13
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.8)
MSN
NVIDIA Drivers
On Screen Display
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shareaza 2.4.0.0
SoundMAX
ThinkPad FullScreen Magnifier
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Fingerprint Software 5.8
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11

Okay, lets just clean up here.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Documents and Settings\Ed Park\Desktop\dds.scr
  c:\docume~1\edpark~1\applic~1\Shareaza
  c:\program files\Shareaza
  c:\docume~1\edpark~1\applic~1\LimeWire
  c:\docume~1\edpark~1\applic~1\uTorrent
  c:\program files\uTorrent
  c:\windows\qfe4.tmp
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "DisallowRun"=-
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\disallowrun]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Thanks again. Here it is:

========== FILES ==========
File/Folder C:\Documents and Settings\Ed Park\Desktop\dds.scr not found.
c:\docume~1\edpark~1\applic~1\Shareaza\Torrents moved successfully.
c:\docume~1\edpark~1\applic~1\Shareaza\Data moved successfully.
c:\docume~1\edpark~1\applic~1\Shareaza\Collections moved successfully.
c:\docume~1\edpark~1\applic~1\Shareaza moved successfully.
c:\program files\Shareaza\Vis moved successfully.
c:\program files\Shareaza\Uninstall moved successfully.
c:\program files\Shareaza\Templates\Video Collection\images moved successfully.
c:\program files\Shareaza\Templates\Video Collection moved successfully.
c:\program files\Shareaza\Templates\General Purple Collection moved successfully.
c:\program files\Shareaza\Templates\Basic Collection moved successfully.
c:\program files\Shareaza\Templates\Audio Collection moved successfully.
c:\program files\Shareaza\Templates moved successfully.
c:\program files\Shareaza\Skins\SkinVista moved successfully.
c:\program files\Shareaza\Skins\Skin+ moved successfully.
c:\program files\Shareaza\Skins\ShareazaOS moved successfully.
c:\program files\Shareaza\Skins\Shareaza2 moved successfully.
c:\program files\Shareaza\Skins\Languages moved successfully.
c:\program files\Shareaza\Skins\Icons (Vista) moved successfully.
c:\program files\Shareaza\Skins\Corona moved successfully.
c:\program files\Shareaza\Skins\CleanBlue moved successfully.
c:\program files\Shareaza\Skins\BlueStreak moved successfully.
c:\program files\Shareaza\Skins moved successfully.
c:\program files\Shareaza\Schemas moved successfully.
c:\program files\Shareaza\Remote\images moved successfully.
c:\program files\Shareaza\Remote moved successfully.
c:\program files\Shareaza\Data moved successfully.
c:\program files\Shareaza moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\xml\data moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\xml moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\promotion moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\mozilla-profile\updates\0 moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\mozilla-profile\updates moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\mozilla-profile\extensions moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\mozilla-profile\Cache moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\mozilla-profile moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\certificate moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\res\html moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\res\fonts moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\res\entityTables moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\res\dtd moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\res moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\plugins moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\modules moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\greprefs moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\dictionaries moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults\profile moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults\pref moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\defaults moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\components moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner\chrome moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser\xulrunner moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\browser moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire\.AppSpecialShare moved successfully.
c:\docume~1\edpark~1\applic~1\LimeWire moved successfully.
c:\docume~1\edpark~1\applic~1\uTorrent moved successfully.
c:\program files\uTorrent moved successfully.
c:\windows\qfe4.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\disallowrun\\ not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04132009_013310

Hello.

We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

computer is running fine (never noticed any changes but only was alarmed when adaware caught it). It also looks like adaware finds no more threat of this trojan.

Lastly, the cleanup! action ended up disabling my utorrent program which as far as i can tell is safe. I'm inclined to reinstall unless you strongly suggest otherwise.

thanks so much for all the help. this was a tough one huh?!

oh lastly, adaware still has the trojan in quarantine (3 in quantity). the default action is to do nothing. is there any harm to removing or keeping it? thoughts? Thanks.

Hello.
I do not recommend you using uTorrent.

uTorrent program itself maybe safe, but the files you download might not be.

P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

The items in quarantine are harmless, they are essentially dead.