Help with massive Spyware

I'm having problems with loads of spyware/adware on my computer. None of them have been detected by Spybot, Adaware, or Norton Antivirus. I'm including my Hijackthis log in the next couple posts(due to its extensive length). Thanks in advance!


Logfile of HijackThis v1.98.0
Scan saved at 1:33:51 PM, on 7/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ujisktf.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\FLsOCRY1q.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\System32\priispl.exe
C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\3Sow.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\System32\hlpogmsg.exe
C:\WINDOWS\System32\_1026c.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\eymgrk.exe
C:\WINDOWS\System32\ta.exe
C:\WINDOWS\System32\_437c.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\System32\IpuF.exe
C:\WINDOWS\System32\Dwyd37.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Desktop\hjtlog.exe
c:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [fkwytucbgjb] C:\WINDOWS\System32\ujisktf.exe
O4 - HKLM\..\Run: [FLsOCRY1q] C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\FLsOCRY1q.exe
O4 - HKLM\..\Run: [4HJ3FN#3PBSE7F] C:\WINDOWS\System32\Cvx13.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [Microsoft IT Update] winhlp.exe
O4 - HKLM\..\Run: [0FmR35l] priispl.exe
O4 - HKLM\..\Run: [3Sow] C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\3Sow.exe
O4 - HKLM\..\Run: [_1026c] C:\WINDOWS\System32\_1026c.exe
O4 - HKLM\..\Run: [ta] C:\WINDOWS\System32\ta.exe
O4 - HKLM\..\Run: [_437c] C:\WINDOWS\System32\_437c.exe
O4 - HKLM\..\Run: [eymgrk] C:\WINDOWS\System32\eymgrk.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] winhlp.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Microsoft IT Update] winhlp.exe
O4 - HKCU\..\Run: [Ho55RRJ3Q] hlpogmsg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.symantec.com/tec...supportutil.CAB
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/086db40e2dcfe1...ip/RdxIE601.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/...rm3/install.cab

Hey Luxar,

You have quite a few things going on in your log....

First let's deal with the pepper trojan.

Download PeperFix: http://downloads.subratam.org/PeperFix.exe
Save it to your Desktop.
Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files. Ensure that you are online before starting the fix. Make sure to run the fix twice.

Post a fresh HijackThis log.

Tom

Have you tried Pest Patrol? I once also had tonnes of spyware on mine which even Adaware wasn't able to remove. PestPatrol did the job well.

But just like any AV software, the files need to be regularly updated for it to be able to deal with the most recent threats.


Browsersite

Logfile of HijackThis v1.98.0
Scan saved at 1:41:46 AM, on 7/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\FLsOCRY1q.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\3Sow.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\wmsdll.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\System32\avtdd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\HPINST~1\common\MOTIVE~1.EXE
C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Desktop\hjtlog.exe
c:\hijackthis\hijackthis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [fkwytucbgjb] C:\WINDOWS\System32\ujisktf.exe
O4 - HKLM\..\Run: [FLsOCRY1q] C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\FLsOCRY1q.exe
O4 - HKLM\..\Run: [4HJ3FN#3PBSE7F] C:\WINDOWS\System32\Cvx13.exe
O4 - HKLM\..\Run: [Microsoft IT Update] winhlp.exe
O4 - HKLM\..\Run: [3Sow] C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\3Sow.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [0FmR35l] wmsdll.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] winhlp.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Microsoft IT Update] winhlp.exe
O4 - HKCU\..\Run: [Ho55RRJ3Q] avtdd.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.symantec.com/tec...supportutil.CAB
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/086db40e2dcfe1...ip/RdxIE601.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/...rm3/install.cab

No problem, glad you made it back.

You might want to print these instructions.

Disable System Restore:

1 Right-click My Computer, and then click Properties.
2 Click the System Restore tab.
3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
4 Click Apply
5 this will delete all existing restore points. Click Yes to do this.
6 Click OK.


You still have the peper trojan, we'll get it this time:

Download PeperFix: http://downloads.subratam.org/PeperFix.exe
Save it to your Desktop.
Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.

Logoff your internet connection.Please press Ctrl-Alt-Delete and open Task Manager. End the following processes, if running, by selecting it and pressing the End Process button and clicking Yes to the confirmation message:

ujisktf.exe
FLsOCRY1q.exe
Cvx13.exe
3Sow.exe
AutoUpdate.exe
wmsdll.exe
avtdd.exe


Run HijackThis, close all browsers and any other windows, place a checkmark next to the following items. Click "fix checked".

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [fkwytucbgjb] C:\WINDOWS\System32\ujisktf.exe
O4 - HKLM\..\Run: [FLsOCRY1q] C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\FLsOCRY1q.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4HJ3FN#3PBSE7F] C:\WINDOWS\System32\Cvx13.exe
O4 - HKLM\..\Run: [3Sow] C:\documents and settings\taylor higgins.gameroommachine\local settings\temp\3Sow.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [0FmR35l] wmsdll.exe
O4 - HKCU\..\Run: [Ho55RRJ3Q] avtdd.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/086db40e2dcfe1...ip/RdxIE601.cab


Does this seem like a familiar program? If not, have hihackThis fix these too:
O4 - HKLM\..\Run: [Microsoft IT Update] winhlp.exe
O4 - HKLM\..\RunServices: [Microsoft IT Update] winhlp.exe
O4 - HKCU\..\Run: [Microsoft IT Update] winhlp.exe


Boot into Safe Mode. Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode.

Show hidden files:
How to Show hidden files and folders.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html


Delete the following files:

C:\WINDOWS\System32\ujisktf.exe
Cvx13.exe
wmsdll.exe
avtdd.exe

Delete the following folders:

C:\Program Files\SysAI\
C:\Program Files\Common Files\midaddle\
C:\Program Files\AutoUpdate\

Then browse to C:\documents and settings\User Name(repeat for all users)\local settings\temp and delete all files and folders in it.

Then browse to the C:\Windows\Temp folder and delete all files and folders in it.

Then in internet explorer click Tools > Internet Options > General. Click on Delete Files, delete all offline content as well.

Then empty your Recycle Bin.

Reboot normally and post a fresh log.

Tom

Well, this is frustrating to say the very least. First problem I had, was that when I run PeperFix, it says "no peper files detected" after scanning. Second, for some reason now every time I run Hijackthis, after I click ok to "This will create a log file...etc" the entire program simply runs through without me pressing anything, including skipping past where I can delete files and such, and about 25% of the time it leaves me with an open log on notepad. I figure I ought to get these problems sorted out before moving ahead. I'll be rebooting now to get a fresh hijackthis log(hopefully!)

Let's have you go some virus scanning.

Perform an oline virus scan at two of the following sites:

Trend Micro Housecall
http://housecall.trendmicro.com/

Panda Active Scan
www.pandasoftware.com/activescan/activescan

Bitdefender
http://www.bitdefender.com/scan/licence.php

Post your results.

Tom

Here are the results from the first virus scan(Trend Micro):

BKDR Sandbox.A found in the PeperFix folder.
TROJ Alchemic.A
TROJ Agent.AE
TROJ Agent.BI
TROJ Imiserv.C all found in local user/temp folder of Taylor Higgins.
TROJ Revop.B
TROJ Agent.AE each found in C:\Windows
ADW Ruledor.C found at C:\ClrSchP072.exe
TROJ Small.KU found at C:\x.cav *VM.exe*

I have deleted all of them using Trend Micro. For some reason, the PeperFix found the peper trojan files(I suppose) and moved them, but did not delete them.(That is only my guess.)

Now I'll go do one of the other virus scans and post it's results as well.

Here are the results of the Panda ActiveScan:

Incident Status Location
Virus:Trj/Nedibed.A No disinfected Operating system
Virus:Trj/Downloader.L No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temp\Belt.exe
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\0PMJGXMJ\bridge[1].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\0PMJGXMJ\bridge[2].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\0PMJGXMJ\bridge[2].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\0PMJGXMJ\bridge[3].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\0PMJGXMJ\bridge[4].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\0PMJGXMJ\bridge[5].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\85QRO9YZ\bridge[1].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\85QRO9YZ\bridge[2].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\GVJRIGTT\bridge[1].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\GVJRIGTT\bridge[1].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\GVJRIGTT\bridge[1].cab[jao.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ISW2AI17\bridge[1].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ISW2AI17\bridge[2].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ISW2AI17\bridge[2].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[1].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[1].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[1].cab[jao.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[2].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[3].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[3].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\JMG77PCL\bridge[3].cab[jao.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[10].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[1].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[1].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[1].cab[jao.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[2].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[3].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[4].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[4].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[4].cab[jao.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[5].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[6].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[7].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[8].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[8].cab[bridge.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[8].cab[jao.dll]
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[9].cab
Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[9].cab[bridge.dll]

Virus:Trj/Briss.A No disinfected C:\Documents and Settings\Taylor Higgins.GAMEROOMMACHINE\Local Settings\Temporary Internet Files\Content.IE5\M51YZI5O\bridge[9].cab[jao.dll]
Virus:Trj/Briss.A N