Free Malware Removal Forum

[lzzrdskulls22]

I have made some changes to my system and wanted to get some advice on how my hijackthis log looks. I have been doing nothing but reading and researching how to use the programs you have requested so I can use them properly, but still being a novice (at this point I feel more like a toddler doing physics) I am looking for some advice on how my system looks (because what I see should probably be written in Greek cause I don’t understand it!!). So here goes:
*there is one thing I do not have and that is my original HJT log from the fist time I ran the program*

spybot report:
--- Report generated: 2007-09-10 22:24 ---
ISearchTech.PowerScan: [SBI $8C761F66] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest
Keylogger-Pro: [SBI $38842E01] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEPK
Perfect Keylogger: [SBI $C4657531] Program directory (Directory, nothing done)
C:\Program Files\BPK\
DyFuCA: [SBI $C0E9D215] Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\Microsoft\Internet Explorer\Main\BandRest
DyFuCA.InternetOptimizer: [SBI $17CB3733] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
DyFuCA.InternetOptimizer: [SBI $8156DB3F] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
eAcceleration: [SBI $1919079E] Common application data folder (Directory, nothing done)
C:\Documents and Settings\All Users\Application Data\eAcceleration
eAcceleration: [SBI $1919079E] Application data folder (Directory, nothing done)
C:\Documents and Settings\Eric Zent\Application Data\eAcceleration
InternetWasher: [SBI $6F58FFFB] Library (File, nothing done)
C:\WINDOWS\Downloaded Program Files\IWCHECK.DLL
ISearchTech.YSB: [SBI $4B70DACB] Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
ISearchTech.YSB: [SBI $67644A8D] Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
FunWebProducts: [SBI $7AEE25A5] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
MiniBug: [SBI $EFF38791] Installer (File, nothing done)
C:\WINDOWS\Downloaded Program Files\minibuginstaller.inf
NewDotNet: [SBI $44A0B4A7] Uninstaller (File, nothing done)
C:\WINDOWS\NDNuninstall4_50.exe
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: [SBI $5509538C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: [SBI $8CFC8C85] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: [SBI $2FAA945D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
Microsoft.Windows.IEFirewallBypass: [SBI $FFF24D3C] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE
Microsoft.Windows.IEFirewallBypass: [SBI $1721401B] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE
Cassava: [SBI $63C16629] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\casinoonnet
Cassava: [SBI $1CE6337D] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\VHLD
DoubleClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric) (Cookie, nothing done)
TagASaurus: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric) (Cookie, nothing done)
MediaPlex: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric) (Cookie, nothing done)
CasaleMedia: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-10 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-05 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-05 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-05 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-05 Includes\Malware.sbi (*)
2007-09-05 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-05 Includes\PUPSC.sbi (*)
2007-09-05 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-05 Includes\SecurityC.sbi (*)
2007-09-05 Includes\Spybots.sbi (*)
2007-09-05 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-05 Includes\Trojans.sbi (*)
2007-09-05 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Here is the fixed log:
--- Report generated: 2007-09-10 22:26 ---

ISearchTech.PowerScan: [SBI $8C761F66] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest
Keylogger-Pro: [SBI $38842E01] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEPK
Perfect Keylogger: [SBI $C4657531] Program directory (Directory, fixed)
C:\Program Files\BPK\
DyFuCA: [SBI $C0E9D215] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\Microsoft\Internet Explorer\Main\BandRest
DyFuCA.InternetOptimizer: [SBI $17CB3733] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
DyFuCA.InternetOptimizer: [SBI $8156DB3F] Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
eAcceleration: [SBI $1919079E] Common application data folder (Directory, fixed)
C:\Documents and Settings\All Users\Application Data\eAcceleration
eAcceleration: [SBI $1919079E] Application data folder (Directory, fixed)
C:\Documents and Settings\Eric Zent\Application Data\eAcceleration
InternetWasher: [SBI $6F58FFFB] Library (File, fixed)
C:\WINDOWS\Downloaded Program Files\IWCHECK.DLL
ISearchTech.YSB: [SBI $4B70DACB] Module usage (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
ISearchTech.YSB: [SBI $67644A8D] Shared DLL (1 apps) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
FunWebProducts: [SBI $7AEE25A5] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
MiniBug: [SBI $EFF38791] Installer (File, fixed)
C:\WINDOWS\Downloaded Program Files\minibuginstaller.inf
NewDotNet: [SBI $44A0B4A7] Uninstaller (File, fixed)
C:\WINDOWS\NDNuninstall4_50.exe
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: [SBI $5509538C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: [SBI $8CFC8C85] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: [SBI $2FAA945D] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
Microsoft.Windows.IEFirewallBypass: [SBI $FFF24D3C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE
Microsoft.Windows.IEFirewallBypass: [SBI $1721401B] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE
Cassava: [SBI $63C16629] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\casinoonnet
Cassava: [SBI $1CE6337D] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\VHLD
DoubleClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric Zent) (Cookie, fixed)
TagASaurus: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric Zent) (Cookie, fixed)
MediaPlex: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric Zent) (Cookie, fixed)
CasaleMedia: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Eric Zent) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-10 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-05 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-05 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-05 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-05 Includes\Malware.sbi (*)
2007-09-05 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-05 Includes\PUPSC.sbi (*)
2007-09-05 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-05 Includes\SecurityC.sbi (*)
2007-09-05 Includes\Spybots.sbi (*)
2007-09-05 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-05 Includes\Trojans.sbi (*)
2007-09-05 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Here is my last spybot log:

--- Report generated: 2007-09-11 18:37 ---

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-10 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-05 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-05 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-05 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-05 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-05 Includes\Malware.sbi (*)
2007-09-05 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-05 Includes\PUPSC.sbi (*)
2007-09-05 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-05 Includes\SecurityC.sbi (*)
2007-09-05 Includes\Spybots.sbi (*)
2007-09-05 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-05 Includes\Trojans.sbi (*)
2007-09-05 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

AD-Aware log:
ArchiveData(auto-quarantine- 2007-09-11 06-04-39.bckp)
Referencefile : SE1R191 10.09.2007
======================================================

EACCELERATION
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{842c48f3-9928-4617-be20-2cb6039aaf46}

ADWARE.BHO(GENERIC)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[1]=Regkey : S-1-5-21-86532585-3105783985-1982547305-1006\software\microsoft\windows\currentversion\ext\stats\{e6280729-9251-41d7-bc1c-572c9548c962}
obj[19]=File : C:\WINDOWS\SYSTEM32\HPDirecter.dll
obj[20]=File : C:\WINDOWS\SYSTEM32\HPI2.dll
obj[21]=File : C:\WINDOWS\SYSTEM32\HPI3.dll
obj[22]=File : C:\WINDOWS\SYSTEM32\HPI4.dll

MICROGAMING
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=Regkey : S-1-5-21-86532585-3105783985-1982547305-1006\software\microgaming

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=IECache Entry : Cookie:eric zent@atdmt.com/
obj[4]=IECache Entry : Cookie:eric zent@tacoda.net/
obj[5]=IECache Entry : Cookie:eric zent@com.com/
obj[6]=IECache Entry : Cookie:eric zent@server.iad.liveperson.net/hc/80503492
obj[7]=IECache Entry : Cookie:eric zent@server.iad.liveperson.net/
obj[8]=IECache Entry : Cookie:eric zent@server.iad.liveperson.net/hc/42100763
obj[9]=IECache Entry : Cookie:eric zent@www.stopzilla.com/
obj[10]=IECache Entry : Cookie:eric zent@betanews.com/
obj[11]=IECache Entry : Cookie:eric zent@adbrite.com/
obj[12]=IECache Entry : Cookie:eric zent@streamaudio.com/
obj[13]=IECache Entry : Cookie:eric zent@tribalfusion.com/

WIN32.TROJANCLICKER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[14]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\gooogle.bz
obj[15]=RegValue : software\microsoft\windows\currentversion\run "msmsgs"
obj[16]=RegValue : software\microsoft\windows\currentversion\run "pop32 message client"
obj[17]=File : C:\Documents and Settings\Eric Zent\Local Settings\Temp\$updater\LZMCKT.exe
obj[23]=File : C:\WINDOWS\SYSTEM32\PFQEJ.exe

NETSTER SEARCHBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[18]=File : C:\Documents and Settings\Eric Zent\My Documents\Downloaded Program Files\Netster.dll

a2 report:
a-squared Free - Version 3.0
Last update: 9/11/2007 6:24:53 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 9/11/2007 6:25:41 AM

c:\program files\mediagateway detected: Trace.Directory.MediaGateway
c:\program files\aws\weatherbug detected: Trace.Directory.WeatherBug
c:\windows\system32\system.dag detected: Trace.File.GoldenKeylogger
c:\program files\aws\weatherbug\remove.exe detected: Trace.File.WeatherBug
Key: HKEY_CLASSES_ROOT\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225} detected: Trace.Registry.CoolSavings
Key: HKEY_CLASSES_ROOT\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225} detected: Trace.Registry.CoolSavings
Key: HKEY_LOCAL_MACHINE\software\updater detected: Trace.Registry.EUniverse
Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} detected: Trace.Registry.FunWebProducts
Key: HKEY_LOCAL_MACHINE\software\kmint21\goldenkeylogger detected: Trace.Registry.GoldenKeylogger
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res detected: Trace.Registry.IBISToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\d:\installshield\kazaa detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\sharman networks ltd detected: Trace.Registry.KaZaA
Key: HKEY_CLASSES_ROOT\mediagateway.licenseinstaller detected: Trace.Registry.MediaGateway
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res detected: Trace.Registry.WebSearchToolbar
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow --> changed detected: Trace.Registry.WhenU.SaveNow
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow --> slowinfocache detected: Trace.Registry.WhenU.SaveNow
c:\windows\system32\system.dag detected: Trace.File.Golden Keylogger
Value: HKEY_LOCAL_MACHINE\Software\KMiNT21\GoldenKeylogger --> ConfigPath detected: Trace.Registry.Golden Keylogger
Value: HKEY_LOCAL_MACHINE\Software\KMiNT21\GoldenKeylogger --> Path detected: Trace.Registry.Golden Keylogger
Value: HKEY_LOCAL_MACHINE\Software\KMiNT21\GoldenKeylogger --> Start Menu Folder detected: Trace.Registry.Golden Keylogger
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> esh detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> LastRequest detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> lsp detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> NextRequest detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> CurInstall detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> Dir detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> pid detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> pl detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> PluginPath detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> sr detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> CurInstall detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> Dir detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> pl detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> sr detected: Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc --> Changed detected: Trace.Registry.ISTsvc
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc --> SlowInfoCache detected: Trace.Registry.ISTsvc
Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
c:\program files\the weather channel fw detected: Trace.Directory.Desktop Weather
c:\windows\ncuninst.exe detected: Trace.File.MARAVEL Screensaver
C:\Documents and Settings\Eric Zent\Local Settings\Temp\$updater\YDGUUH.exe detected: Trojan-Clicker.Win32.Delf.hd
C:\Documents and Settings\Eric Zent\Local Settings\Temporary Internet Files\Content.IE5\32IQM6CM\hijackthis[1]\backups\backup-20070910-174458-302.dll detected: Riskware.Downloader.Win32.PopCap.b
C:\Documents and Settings\Eric Zent\My Documents\Azureus Downloads\Adobe Acrobat 8 Professional FULL DVD Incl CRACK\Adobe Acrobat 8 Professional FULL DVD Incl CRACK.rar/Acrobat.dll detected: Heuristic.ArchiveBomb
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP131\A0014732.exe detected: Adware.Win32.WebSearch.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP132\A0014826.dll detected: Adware.Win32.WebSearch.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP132\A0014827.exe detected: Adware.Win32.WebSearch.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP137\A0015181.exe detected: Adware.Win32.NewDotNet
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0015260.dll detected: Adware.Win32.BHO.cn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0015261.dll detected: Adware.Win32.BHO.cn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0015262.dll detected: Adware.Win32.BHO.cn
C:\WINDOWS\NDNuninstall4_80.exe detected: Adware.Win32.NewDotNet
C:\WINDOWS\NDNuninstall4_88.exe detected: Adware.NewDotNet
C:\WINDOWS\NDNuninstall4_94.exe detected: Adware.Win32.NewDotNet
C:\WINDOWS\SYSTEM32\2T1QD.exe detected: Trojan-Clicker.Win32.Delf.hd
C:\WINDOWS\SYSTEM32\camdrv.exe detected: Adware.Win32.WebSearch.bc

Scanned

Files: 192092
Traces: 323362
Cookies: 48
Processes: 28

Found

Files: 15
Traces: 48
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 9/11/2007 7:32:21 AM
Scan time: 1:06:40 AM

C:\Documents and Settings\Eric Zent\Local Settings\Temp\$updater\YDGUUH.exe Quarantined Trojan-Clicker.Win32.Delf.hd
C:\WINDOWS\SYSTEM32\2T1QD.exe Quarantined Trojan-Clicker.Win32.Delf.hd
c:\windows\system32\system.dag Quarantined Trace.File.GoldenKeylogger
C:\WINDOWS\NDNuninstall4_88.exe Quarantined Adware.NewDotNet
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0015260.dll Quarantined Adware.Win32.BHO.cn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0015261.dll Quarantined Adware.Win32.BHO.cn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP139\A0015262.dll Quarantined Adware.Win32.BHO.cn
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP137\A0015181.exe Quarantined Adware.Win32.NewDotNet
C:\WINDOWS\NDNuninstall4_80.exe Quarantined Adware.Win32.NewDotNet
C:\WINDOWS\NDNuninstall4_94.exe Quarantined Adware.Win32.NewDotNet
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP131\A0014732.exe Quarantined Adware.Win32.WebSearch.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP132\A0014826.dll Quarantined Adware.Win32.WebSearch.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP132\A0014827.exe Quarantined Adware.Win32.WebSearch.bc
C:\WINDOWS\SYSTEM32\camdrv.exe Quarantined Adware.Win32.WebSearch.bc
C:\Documents and Settings\Eric Zent\My Documents\Azureus Downloads\Adobe Acrobat 8 Professional FULL DVD Incl CRACK\Adobe Acrobat 8 Professional FULL DVD Incl CRACK.rar/Acrobat.dll Quarantined Heuristic.ArchiveBomb
C:\Documents and Settings\Eric Zent\Local Settings\Temporary Internet Files\Content.IE5\32IQM6CM\hijackthis[1]\backups\backup-20070910-174458-302.dll Quarantined Riskware.Downloader.Win32.PopCap.b
c:\program files\the weather channel fw Quarantined Trace.Directory.Desktop Weather
Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel Quarantined Trace.Registry.Blubster
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> esh Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> LastRequest Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> lsp Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_USERS\S-1-5-21-86532585-3105783985-1982547305-1006\Software\MorpheusBar\SearchAssistant --> NextRequest Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> CurInstall Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> Dir Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> pid Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> pl Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> PluginPath Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\bar --> sr Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> CurInstall Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> Dir Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> pl Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MorpheusBar\SearchAssistant --> sr Quarantined Trace.Registry.Morpheus Toolbar
Value: HKEY_LOCAL_MACHINE\Software\KMiNT21\GoldenKeylogger --> ConfigPath Quarantined Trace.Registry.Golden Keylogger
Value: HKEY_LOCAL_MACHINE\Software\KMiNT21\GoldenKeylogger --> Path Quarantined Trace.Registry.Golden Keylogger
Value: HKEY_LOCAL_MACHINE\Software\KMiNT21\GoldenKeylogger --> Start Menu Folder Quarantined Trace.Registry.Golden Keylogger
c:\windows\system32\system.dag Quarantined Trace.File.Golden Keylogger
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res Quarantined Trace.Registry.WebSearchToolbar
Key: HKEY_CLASSES_ROOT\mediagateway.licenseinstaller Quarantined Trace.Registry.MediaGateway
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\d:\installshield\kazaa Quarantined Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\sharman networks ltd Quarantined Trace.Registry.KaZaA
Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res Quarantined Trace.Registry.IBISToolbar
Key: HKEY_LOCAL_MACHINE\software\kmint21\goldenkeylogger Quarantined Trace.Registry.GoldenKeylogger
Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Quarantined Trace.Registry.FunWebProducts
Key: HKEY_LOCAL_MACHINE\software\updater Quarantined Trace.Registry.EUniverse
Key: HKEY_CLASSES_ROOT\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225} Quarantined Trace.Registry.CoolSavings
Key: HKEY_CLASSES_ROOT\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225} Quarantined Trace.Registry.CoolSavings
c:\program files\aws\weatherbug\remove.exe Quarantined Trace.File.WeatherBug
c:\program files\aws\weatherbug Quarantined Trace.Directory.WeatherBug
c:\program files\mediagateway Quarantined Trace.Directory.MediaGateway

Quarantined

Files: 13
Traces: 42
Cookies: 0

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:44:07 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\HPAware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = smtp.west.cox.net:26
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Update Assistant] C:\WINDOWS\system32\HPAware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7157208544
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


I’m sorry about the length and probably repetition of information but I just want to give you guys as much information on what I have done and what the programs said they found. And if at all possible if I could get some information on what I can delete or how to research what I can delete in my quarantine files. Just afraid I’m going to do something that I can’t reverse. Thanks in advance! Eric.

[/list]

[Kairis]

Hello lzzrdskulls22 and welcome to forums.
My name is Kairis and I will be helping you to remove any infection(s) that you may have.
It may take me a while to reply to you as all of my fixes are being checked by experts to ensure that you are getting a good fix.
And remember, like you I have a real life, so I may not be at my computer when you are!
Please be patient and I'd be grateful if you would note the following:

* I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
* The fixes are specific to your problem and should only be used for this issue on this machine.
* Please continue to review my answers until I tell you your machine appears to be clear.
* Absence of symptoms does not mean that everything is clear.
* It's often worth reading through these instructions and printing them for ease of reference.
* If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
* Finally, please reply to this thread. Do not start a new topic.

LIST OF PROGRAMS USING HIJACKTHIS

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into a reply in this topic.

[lzzrdskulls22]

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
a-squared Free 3.0
AVG Anti-Spyware 7.5
Azureus Vuze
Compatibility Pack for the 2007 Office system
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell ResourceCD
Dell Solution Center
DivX Codec
DivX Content Uploader
DivX Converter
GdiplusUpgrade
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indeo® XP Software
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.13.12
Logitech MouseWare 9.70
Logitech Resource Center
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works 2005 Setup Launcher
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
On2 VP7 Personal Edition
Ozone 1.0.0.9
PowerISO
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Shockwave
Sierra Account Wizard
Spybot - Search & Destroy
Terayon DOCSIS Modem
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB Keyboard Device 1.0.1.0
VideoLAN VLC media player 0.8.6a
Viewpoint Media Player
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885523
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Wolfenstein - Enemy Territory

[Kairis]

Do you know that you have two keylogger programs to your computer?
Keylogger-Pro and Perfect Keylogger
If you don't install these programs by yourself, I have some bad news for you.
First - please don't panic about the warning - you need to understand the risks so you can make sure you aren't affected by what's happened.


We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that
the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection,
you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:

• The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
• The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect.
  IN THIS CASE we have a keylogger, the worst kind.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

• If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information,
  please get to a known clean computer and change all passwords where applicable,Pin numbers, credit card numbers, account numbers, etc. should all be changed immediately
  and it would be wise to contact those same financial institutions to inform them of your situation.
• This infection can attract others, keep it offline except when we are troubleshooting.
• Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
• Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
• If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
• From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay,
  
  online companies, and any online forums or groups you belong to.
• DO NOT change passwords or do any transactions while using the infected computer because the attacker
  will get the new password and transaction information.
• Take any other steps you think appropriate for an attempted identity theft.

While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.

[lzzrdskulls22]

I have reformatted my hard drive many times and am still getting a NT SERVICE\ADDM in my system changing things. Using my recover disk I see that a program called COM+ is installing all kinds of .dll files and adding files and deleting them. I also see these lines which SCARE me!
-Nuke Registry Key: HKEY_LOCAL_MACHINE\Software\COM3\Setup.
-Nuke Registry Key: HKEY_CLASSES_ROOT\AppID\{182C40F0-32E4-11D0-818B-00A0C9231C29}
as well as a large number of "$NtServicePackUninstall....$" files

Are these normal and im just being paranoid?
Here is my latest HJT list

[/img]

[Kairis]

Hi.
"Are these normal and im just being paranoid?"
Yes, these are normal
Please send a new HijackThis log, thanks.

[askey127]

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.