according to one of my other threads Broni said i had a virus. I Ran the scans and followed the steps. Here are my logs.
I have vista home premium 32 bit.
Sp1 i think
3gb of ddr2 ram
if you need more info then let me know.
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 10/25/2008 at 08:41 PM
Application Version : 4.21.1004
Core Rules Database Version : 3555
Trace Rules Database Version: 1543
Scan type : Complete Scan
Total Scan Time : 04:42:04
Memory items scanned : 635
Memory threats detected : 0
Registry items scanned : 8284
Registry threats detected : 4
File items scanned : 809692
File threats detected : 19
Trojan.Downloader-ChinaHot
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}
Adware.Tracking Cookie
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@advertising[2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atwola[1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@statcounter[1].txt
C:\Documents and Settings\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@advertising[2].txt
C:\Documents and Settings\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atwola[1].txt
C:\Documents and Settings\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@statcounter[1].txt
C:\Documents and Settings\admin\Application Data\Microsoft\Windows\Cookies\admin@advertising[2].txt
C:\Documents and Settings\admin\Application Data\Microsoft\Windows\Cookies\admin@atwola[1].txt
C:\Documents and Settings\admin\Application Data\Microsoft\Windows\Cookies\admin@statcounter[1].txt
C:\Documents and Settings\admin\Cookies\admin@advertising[2].txt
C:\Documents and Settings\admin\Cookies\admin@atwola[1].txt
C:\Documents and Settings\admin\Cookies\admin@statcounter[1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@statcounter[2].txt
C:\Users\admin\Application Data\Microsoft\Windows\Cookies\admin@advertising[2].txt
C:\Users\admin\Application Data\Microsoft\Windows\Cookies\admin@atwola[1].txt
C:\Users\admin\Application Data\Microsoft\Windows\Cookies\admin@statcounter[2].txt
C:\Users\admin\Cookies\admin@advertising[2].txt
C:\Users\admin\Cookies\admin@atwola[1].txt
C:\Users\admin\Cookies\admin@statcounter[2].txt
Adware.Vundo Variant/Rel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\khfGvvtS.dll,#1 ]
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E2777073-7B3F-427E-9E53-99430B3E5CBE}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{E2777073-7B3F-427E-9E53-99430B3E5CBE}#NAMESERVER
Malwarebytes scan
Malwarebytes' Anti-Malware 1.30
Database version: 1321
Windows 6.0.6001 Service Pack 1
10/26/2008 9:19:48 AM
mbam-log-2008-10-26 (09-19-48).txt
Scan type: Quick Scan
Objects scanned: 53281
Time elapsed: 3 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\blueshirtstudio\tbblue.dll (Adware.HumourCanineToolbar) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\alewinsecure.winsecure (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\alewinsecure.winsecure.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.EXE (Adware.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bfcdcebe-e1fb-40f9-b4e2-7bb1138ef76c} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\blueshirtstudio\tbblue.dll (Adware.HumourCanineToolbar) -> Delete on reboot.
C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:46 AM, on 10/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cornerstoneprep.org/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://gearsoffear.elementfx.comO15 - Trusted Zone: http://*.x10hosting.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -
http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish.com/SnapfishActivia.cabO16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) -
http://mvod.web.aol.com/mce/new/ServiceMgr.CABO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
http://launch.gamespyarcade.com/software/launch/alaunch.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdven.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11388 bytes