Well...it's been happening for a few days now, but explorer.exe keeps crashing on me right after I log in. If it doesn't crash, then it keeps restarting. I've tried a lot of things, many of which I've learned from here, and as such, I'e found a lot of bad stuff on my computer (a Compaq laptop).
I've run the AVG anti-spyare program, Avast! Antivirus, and finally HijackThis, in order to try and solve the problam myself. However, I still haven't found the problem after working on this for a combined 14 hours (yesterday and today).
I can access the Task Manager, yes, so it' not a bother to me. However, my uncle gets mad easily, and having no Start menu or Desktop gets him riled up.
One last hting, I'm a senior in high-school, and, though very computer literate, I might not understand everything I get told, so I hope I don't come across as annoying if I ask whomever takes the time to help me to clarify anything they tell me.
So, the logs. FIrst off, I ran the AVG Anti-Spyware program off the pinned topic above. Most of the found stuff were tracking cookies (a lot of tracking cookies), among actual spyware and malware. Here's a list of the non-tracking cookie stuff it found (I'm shortening the list becuase the program had found 800+ objects on the laptop, with only 20-30 being actual potential problems, but I will post the cookie list if needed). I was forcedto run it in normal start-up becuase it kept giving me an error when I tried to start it in Safe Mode.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:22:01 PM 3/1/2008
+ Scan result:
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq219.tmp -> Adware.180Solution : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\HBTV\HBTV.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\HBTV\uninstaller.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\instafink.dll -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\Cml.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtCoreSrv.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtHostIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtHostOE.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtHostOL.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtOEAddOn.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtSrv.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtToolbar.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\Bin\4.8.4.0\HbtWallpaper.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq161.tmp\HBTV\HBTVHelper.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24F.tmp\Semantic Insight\SemanticInsight.exe -> Adware.RXBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temporary Internet Files\Content.IE5\KF272XEH\file[1].exe -> Downloader.Agent.ftu : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\TMP213.tmp -> Downloader.Agent.hql : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\TMP7B.tmp -> Downloader.Agent.idv : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\TMP2C.tmp -> Downloader.Agent.iug : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O789OTQD\n1404-4[1].htm -> Downloader.Agent.nw : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1275OinAdmin.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\!update.exe -> Downloader.PurityScan.fk : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\KEAWJ9U7\!update-4495[1].0000 -> Downloader.PurityScan.fk : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\RCXA.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\RCXD.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzalez\Local Settings\Temp\TMP24.tmp -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\McAfee.com\Agent\McRegWiz .Exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\McAfee.com\Agent\McRegWiz.Exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\QuickTime\QTTask.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\browser\ybrwicon.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\iTunes\iTunesHelper.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq148.tmp -> Not-A-Virus.Hoax.Win32.Renos.hp : Cleaned with backup (quarantined).
[cookie list originally here]
C:\WINDOWS\system32\werweg.dll.tmp -> Trojan.Kolweb.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsintsv.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\krnl32.dll -> Trojan.SpywareSoft.t : Cleaned with backup (quarantined).
C:\Documents and Settings\Gonzales\Local Settings\Temp\wintst.dll -> Trojan.SpywareSoft.t : Cleaned with backup (quarantined).
::Report end
--
I recognized at least one or two of those names from reading some topics here, so I knew somehting was up.
I then restarted the laptop, used Internet Explorer to delete the Temporary Internet Files (I haven't done it for a while, so I felt that now was a good time) and ran Avast! Anti-virus. Now, this is where it gets wierd. I used Avast! becuase I trusted it before and find it quite reliable. Log follows. I had this also in Normal Mode because I can't send stuff to the Chest (Avast!'s version of AVG's Quarrentine) in Safe Mode.
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Saturday, March 01, 2008 2:49:28 PM
* VPS: 080301-0, 03/01/2008
*
C:\WINDOWS\$hf_mig$\KB933729\update\update_SP2QFE.inf [E] File was skipped because of scanner settings. (42016)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieaksie.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieakui.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieapfltr.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iedkcs32.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieencode.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieframe.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iepeers.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\ieproxy.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iernonce.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iertutil.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT4.tmp\iesetup.dll [E] CAB archive is corrupted. (42127)
C:\WINDOWS\SoftwareDistribution\EventCache\{6CD77F3F-0C02-4D86-A5CE-F43B2E259262}.bin [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\system [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\system.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agentins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\agntlang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\HtmlUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\bg_left_1x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\bg_left_MSC_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\InstUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.cab\agentins.ui\SubInfoData.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agentins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\agntlang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\HtmlUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\bg_left_1x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\bg_left_MSC_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\InstUtil.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\agentins.ui\SubInfoData.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\appconst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\comctl.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\lang_mps.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\uninst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\uninstall.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\uninstall.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\en-us\us\mpscfg.cab\mpsrem.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\comctl.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\uninstall.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.cab\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuA.tmp\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\comctl.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mps\winnt\mps.cab\RemoveMPS.exe\%MAINDIR%\ForceMpsRem.ui\uninstall.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.cab\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\appcons.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\appinst.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\appinst.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\applang.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\config.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\default.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\header.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\bg_left_165x314.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_info_16x16.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_mcafee_61x61.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_progress_checked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_progress_hot_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\images\icon_progress_unchecked_13x13.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\instwiz.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\instxp.css [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\mcccom.lpk [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\mpsins.ini [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\pbar.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\setcss.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\mcuF1.tmp\mpsins.ui\vssver.scc [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Perflib_Perfdata_624.dat [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\CmnIds.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\arrow_right.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\btn_signup_52x20.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\more_info.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_bottom.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_bottom_red.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_top.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\sidetable_top_red.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\transpix.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\images\watermark_mys_150x130.gif [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\oemcfg.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\OEMIds.vbs [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\valert.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\valert_old.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UZE1GZ45\valert[1].ui\hs~valert.htm [E] Archive is password protected. (42056)
C:\WINDOWS\Temp\_avast4_\unp10608934.tmp\unp10608934 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp182024133.tmp\unp182024133 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp212821008.tmp\unp212821008 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp244806199.tmp\unp244806199 [E] The file is a decompression bomb. (42110)
C:\WINDOWS\Temp\_avast4_\unp2571321.tmp\unp2571321 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\unp80715129.tmp\unp80715129 [E] GZIP archive is corrupted. (42129)
C:\WINDOWS\Temp\_avast4_\Webshlock.txt [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Gonzales\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\fil6F18C8C1.dat\fil6F18C8C1 [L] Win32:Tibsis [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\filEDEAC361.dat\filEDEAC361 [L] Win32:Tibsis [Trj] (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\BlackBox.class [L] VBS:Malware-gen (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\VerifierBug.class [L] VBS:Malware-gen (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\Dummy.class [L] VBS:Malware-gen (0)
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28590ead-2d6c6ed7.zip\Beyond.class [L] Other:Malware-gen (0)
File was successfully moved to chest...
File was successfully moved to chest...
File was successfully moved to chest...
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6ccaea63.zip\vmain.class [L] Other:Malware-gen (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Gonzales\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\Documents and Settings\Gonzales\Local Settings\Temp\bndupd4.exe\$INSTDIR\BndDrive3.dll [L] Win32:AdBand [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\ismtpa1.exe\$SHELL[17]\ISM2\ISMPack6.exe [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SpywareSoftStop.exe\[Embedded#EXE1] [L] Win32:Zapchast-CN [Trj] (0)
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SpywareSoftStop.exe\[Embedded#EXE3] [L] Win32:Adware-gen [Adw] (0)
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SpywareSoftStop.exe [L] Win32:Zapchast-CN [Trj] (0)
C:\Documents and Settings\Gonzales\Local Settings\Temp\srsvc.exe\$INSTDIR\SSS.sys [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest...
While moving file to chest, error occurred: File is not packed.
While moving file to chest, error occurred: File is not packed.
While moving file to chest, error occurred: File is not packed.
C:\Documents and Settings\Gonzales\Local Settings\Temp\xpre.exe [L] Win32:Crypt-APY [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\xrun.exe\[MoleBox] [L] Win32:Agent-HYD [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temp\~GLH0001.TMP\Wise0012.bin [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\OZ6T8D2X\MSIMClientSetup.1.0.745.0-static[1].exe\n\nsis8.bin [E] Installer archive is corrupted. (42146)
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\YACU1CAW\aaqq[1].exe [L] Win32:Small-JNV [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\YACU1CAW\ooqq[1].exe [L] Win32:Small-JQJ [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Gonzales\Local Settings\Temporary Internet Files\Content.IE5\YACU1CAW\vvqq[1].exe\$SHELL[17]\QdrModule\QdrModule12.exe [E] Installer archive is corrupted. (42146)
Infected files: 17
Total files: 130098
Total folders: 3826
Total size: 8.5 GB
*
* Task stopped: Saturday, March 01, 2008 3:34:48 PM
* Run-time was 45 minute(s), 20 second(s)
*
--
I don't know where the compressed files came from, before anyone asks. ALso, I"m very worried of that "decompressor bomb". But it loosk like it was in an Avast! foldier, so I don't know.
I hope you're eyes aren't tired yet. After running Avast!, I restarted the computer and ran HijackThis in Normal Mode. Log follows. I'm not sure if it caught explorer.exe (it was restating constantly at the time) in the processes.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:45 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Titan FTP Server Tray App] C:\Program Files\South River Technologies\Titan FTP Server\srxTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DUSB] C:\WINDOWS\system32\DarksUSB.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ViewSonic Explorer V5.3] C:\WINDOWS\msdtcsw32.exe
O4 - HKCU\..\Run: [Tbsa] "C:\WINDOWS\system32\CROSOF~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [PSPHost] "C:\Program Files\PSPHost\PSPHost.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe
O4 - HKCU\..\Run: [Eybbnl] "C:\Program Files\?icrosoft.NET\n?lookup.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk572JHUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1140880270640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...1.10/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...d3cafd35fff1431
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.w...bex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12727 bytes
--
That's all the information I can give at this time.
Notes
1. I had the Task Manager running when HijackThis was scanning. I believe it listed in under the processes section.
2. Aside from shortening the AVG log, I have not modified the logs.
3. Anything and everything that was placed into AVG's Quarrentine and Avast!'s Chest are still there. Also, I have not removed anything with HojackThis.
4. As for the currupted archives Avast! found, I'm not sure whether to delete them or not, or even if I can delete them. The archive that's passworded is unkown to me, so I don't think I'll be able to open it.
I thank you, whomever decides to hlep me, for helping me. I'm not sure if it will fix the problem (that's the laptop's bad luck right there), but I plan to try anything and everyting you guys suggest.