Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Malware And Virus Problems


  • This topic is locked This topic is locked
28 replies to this topic

#1 dunetepes

dunetepes

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 17 August 2008 - 01:42 AM

Hi i'm new to this community i found it via a search of my problems through google, on one of the pages it recommended scanning my computer with panda online which i did and to display the log, the log is below but honestly it doesn't make a lot of sense to me i am not extremely savvy when it comes to coding, my desktop has the display warning your computer is iinfected you should download antivirus/spyware blue screen with yellow box, and can't be changed as well as many problems when i don't log online using mozilla firefox safemode if i go on regular internet explorer then i get redirected to strange searches and i don't want to use my msn incase someone can read the info/contacts e.t.c so i would really appreciate some help on this, thank you Dunetepes, i also attached the log from panda as a text document incase the one below is difficult to read

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-16 23:19:15
PROTECTIONS: 2
MALWARE: 56
SUSPECTS: 6
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ThreatFire 3.5.0.21 Yes No
avast! antivirus 4.8.1229 [VPS 080816-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00000431 adware/ist.istbar Adware No 1 Yes No hkey_current_user\software\ist
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader
00027660 adware/savenow Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
00027660 adware/savenow Adware No 0 Yes No hkey_classes_root\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\runmsc.loader.1
00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
00029258 application/altnet HackTools No 0 Yes No c:\windows\smdat32a.sys
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm4.adm4
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\adm25.adm25
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm4.adm4.1
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\appid\altnet signing module.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\appid\adm.exe
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\adm25.adm25
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\webhancer
00041487 adware/webhancer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
00042191 adware/ist.yoursitebar Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresultfilter
00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
00064489 adware/rxtoolbar Adware No 1 Yes No hkey_classes_root\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}
00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresultfilter.1
00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker
00064489 adware/rxtoolbar Adware No 1 Yes No hkey_local_machine\software\classes\rxresult.rxresulttracker.1
00064489 adware/rxtoolbar Adware No 1 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}
00064489 adware/rxtoolbar Adware No 1 Yes No hkey_classes_root\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.atdmt.com/]
00144497 Cookie/Intelli-tracker TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@www.intelli-tracker[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@yadro[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@counter.hitslink[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.adtech.de/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\w2vkb92v.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@media.adrevolver[2].txt
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@statse.webtrendslive[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@adultfriendfinder[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@target[1].txt
00211158 application/bestoffer HackTools No 0 Yes No c:\windows\smdat32m.sys
00217975 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000172.dat
00219004 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000198.dat
00241796 Application/MyWebSearch HackTools Yes 0 Yes No C:\Program Files\MyGlobalSearch\bar\1.bin\m9Plugin.DLL
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000171.dat
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP92\A0023466.dll
00241834 Application/MyWebSearch HackTools Yes 0 Yes No C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000178.dat
00255295 Application/FunWeb HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000157.dat
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Mark\Cookies\mark@atwola[1].txt
00268257 Application/FunWeb HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000155.dat
00274755 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000153.dat
00277945 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000176.dat
00297197 Application/MyWebSearch HackTools Yes 0 Yes No C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
00358465 application/myglobalsearch HackTools No 0 Yes No c:\program files\myglobalsearch
00358465 application/myglobalsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
00358465 application/myglobalsearch HackTools No 0 Yes No hkey_classes_root\myglobalsearchbar.toolbarplugin.1
00358465 application/myglobalsearch HackTools No 0 Yes No hkey_classes_root\myglobalsearchbar.toolbarplugin
00358465 application/myglobalsearch HackTools No 0 Yes No hkey_classes_root\myglobalsearchbar.settingsplugin.1
00358465 application/myglobalsearch HackTools No 0 Yes No hkey_classes_root\myglobalsearchbar.settingsplugin
00358465 application/myglobalsearch HackTools No 0 Yes No hkey_classes_root\clsid\{37b85a21-692b-4205-9cad-2626e4993404}
00358465 application/myglobalsearch HackTools No 0 Yes No hkey_local_machine\software\myglobalsearch
00416446 Generic Application HackTools No 0 Yes No C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
01020674 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000161.dat
01048695 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000151.dat
02077612 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe
02908099 W32/Autorun.SF.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP92\A0023469.inf
;===================================================================================================================================================================================
SUSPECTS
Sent Location t
;===================================================================================================================================================================================
No C:\WINDOWS\system32\ievida32.dll t
No C:\Documents and Settings\Mark\Local Settings\Temp\1E7C.tmp t
No C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\60HGODUF\crack_keygen.v.1.0.1018[1].exe
No C:\Program Files\rhctb0j0evl4\Uninstall.exe t
No C:\WINDOWS\system32\ievida32.dll t
No C:\WINDOWS\system32\videodsa.dll t
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description t
;===================================================================================================================================================================================
184379 MEDIUM MS08-001 t
182048 HIGH MS07-069 t
182043 HIGH MS07-064 t
176382 HIGH MS07-057 t
170907 HIGH MS07-046 t
170906 HIGH MS07-045 t
170904 HIGH MS07-043 t
164913 HIGH MS07-033 t
160623 HIGH MS07-027 t
150253 HIGH MS07-016 t
;===================================================================================================================================================================================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 dunetepes

dunetepes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 17 August 2008 - 02:07 AM

I also downloaded the hijackthis software and this is the log result

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:40 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE VideoStream - {B5B77C65-5849-48E4-999A-FACA72F7B822} - C:\WINDOWS\system32\ievida32.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Mark\LOCALS~1\Temp\setup1018.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\scan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mark\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...5d3c47945c52d3d
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDCB5D5B-A78F-41D2-BAF6-9BAB14F27595}: NameServer = 203.175.8.3,203.175.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAE85E44-7ECE-4135-84BC-2FE5F6E3EE66}: NameServer = 202.144.128.214 202.144.128.228
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SuperProServer - Unknown owner - D:\tally 6.3\spnsrvnt.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 8119 bytes

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:20 PM

Posted 28 August 2008 - 04:38 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:20 PM

Posted 02 September 2008 - 09:35 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:20 PM

Posted 04 September 2008 - 07:39 AM

Re-opened upon request.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#6 dunetepes

dunetepes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 04 September 2008 - 09:34 AM

Here is the information you asked for from kasper and hijackthis

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:09 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Advanced System Optimizer\wallpaper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mark\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...5d3c47945c52d3d
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDCB5D5B-A78F-41D2-BAF6-9BAB14F27595}: NameServer = 203.175.8.3,203.175.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAE85E44-7ECE-4135-84BC-2FE5F6E3EE66}: NameServer = 202.144.128.214 202.144.128.228
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SuperProServer - Unknown owner - D:\tally 6.3\spnsrvnt.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 8074 bytes


KasperSpy:

Scan statistics:
Files scanned: 60117
Threat name: 14
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 02:23:13


File name / Threat name / Threats count
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll/C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL/C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dh 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000151.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.al 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000153.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000154.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.af 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000155.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000157.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.cy 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000160.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000161.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.al 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000168.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000171.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000172.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000174.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.an 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000175.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000176.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.q 1
C:\Documents and Settings\Mark\Application Data\FoxieSpywareSwiftSweeper\file000198.dat Infected: not-a-virus:AdTool.Win32.MyWebSearch.ai 1
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\Program Files\IEAntiVirus\scan.exe Infected: not-a-virus:FraudTool.Win32.IEAntivirus.k 1
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dh 1
C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.


If you would prefer the files as attachments rather than copy and paste please let me know, any further help will be appreciated

dunetepes

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 04 September 2008 - 03:25 PM

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.

I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#8 dunetepes

dunetepes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 05 September 2008 - 12:36 AM

Thank you for your help, i will follow your instructions to the detail as i am not computer savvy, and also i think that there are other problems with my laptop which you may be able to help me with, looking forward to seeing your reply

dunetepes

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 05 September 2008 - 07:20 AM

Hello dunetepes.

Again, our apologies for the delay. We have hundreds of topics waiting to be answered. Let's get started.

If you don't mind me asking, do you live in Bhutan? Also is your Iternet Provider:
"SAMDEN TECH PRIVATE LIMITED"

I see some traces of MyWebSearch. MyGlobalSearch, and AskBar on your machine. These programs are considered adware, some even spyware. Please remove them using Add/Remove Programs, if the entries are there. If not, then skip this step.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • Wait a few moments for the list to be compiled.
  • To the left of each entry you will see a check box. Check the box next to the following entries:

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mark\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/...5d3c47945c52d3d
    O23 - Service: SuperProServer - Unknown owner - D:\tally 6.3\spnsrvnt.exe (file missing)

    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.

  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • The screen will clear itself.
  • Close out of HijackThis.

Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (< and
    info.txt (<


Please post back with:
-the RSIT logs

How is your computer running now? Please describe any problems you have.

With Regards,
The Panda

Edited by PropagandaPanda, 05 September 2008 - 07:21 AM.


#10 dunetepes

dunetepes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 05 September 2008 - 08:21 AM

Thanks for the prompt reply, i did as you said but when i got to the third step it failed during the "performing registry dump" part, if you can help me finish the third step then i will be able to tell you how your advice helped out regarding my computer's performance and also give you the logs from that program

dunetepes

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 05 September 2008 - 11:11 AM

Hello.

Since you are having problems with that, just post a new HijackThis log.

Thanks,
The Panda

#12 dunetepes

dunetepes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 05 September 2008 - 07:56 PM

When I got offline i tried the program again and it worked, here are the results for you (oh and yes i do live in Bhutan)

Logfile of random's system information tool (written by random/random)
Run by Mark at 2008-09-05 17:20:18
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 32 GB (56%) free of 57 GB
Total RAM: 382 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:27, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Mark\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Mark.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDCB5D5B-A78F-41D2-BAF6-9BAB14F27595}: NameServer = 203.175.8.3,203.175.8.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 6198 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF7C3CF0-4B15-11D1-ABED-709549C10000}]
IEPlugin Class - C:\Program Files\Advanced System Optimizer\IEHelper.dll [2004-05-08 83456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Systweak Wallpaper Changer"=C:\Program Files\Advanced System Optimizer\wallpaper.exe [2004-05-08 140800]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe [2006-08-01 3305472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2004-07-30 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc]
C:\WINDOWS\dc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\twinolds.exe P2D002 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fun]
C:\WINDOWS\system\Fun.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fXcC]
C:\WINDOWS\rmmdy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2006-02-20 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\WINDOWS\system32\Msmsgs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Blocker]
C:\Program Files\Pop-Up Blocker Full\Pop-UpBlockerFull.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2004-07-23 839770]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS1]
C:\WINDOWS\system32\system.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS2]
C:\WINDOWS\system32\bad1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS3]
C:\WINDOWS\system32\bad2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS4]
C:\WINDOWS\system32\bad3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]
C:\Program Files\Advanced System Optimizer\wallpaper.exe [2004-05-08 140800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-22 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\# K"h'9Ӝ3rWC:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^TA_Start.lnk]
C:\WINDOWS\system32\dwdsrngt.exe P2D002 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^Think-Adz.lnk]
C:\WINDOWS\system32\twinolds.exe P2D002 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=3
"iPodService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=1
"NoDispScrSavPage"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\utorrent\utorrent.exe"="C:\Program Files\utorrent\utorrent.exe:*:Disabled:Torrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4a27c3-20d7-11dd-a4a3-00163601b820}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bbefca-e6f3-11dc-a45a-00163601b820}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - E:\system.exe
shell\Open\command - E:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bc1c6e-34e8-11dc-a305-00163601b820}]
shell\Auto\command - E:\RavMonE.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f8beb7c-b396-11dc-a40f-00163601b820}]
shell\PlayWithPowerDVD\command - "C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4428140f-8175-11dc-a38c-00163601b820}]
shell\Auto\command - E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
shell\Browser\command - E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df69b24-2a95-11db-a0b6-00163601b820}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fb5334c-d0db-11db-a21a-00163601b820}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7107eae8-f0ad-11dc-a461-00163601b820}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7107eb67-f0ad-11dc-a461-00163601b820}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c0f1168-427f-11dd-a4b2-00163601b820}]
shell\AutoRun\command - isetup.exe
shell\explore\command - isetup.exe
shell\open\command - isetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f5fafe-e0d3-11db-a24c-00163601b820}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c465fb0-61e9-11dc-a35e-00163601b820}]
shell\Auto\command - E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
shell\Browser\command - E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e1a7c5-5440-11dd-a4c5-00163601b820}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb35d5e0-884b-11dc-a39c-00163601b820}]
shell\Auto\command - E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
shell\Browser\command - E:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e89b08-2bce-11dd-a4a9-00163601b820}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs


List of files/folders created in the last three months

2008-09-05 05:57:45 ----D---- C:\rsit
2008-09-05 05:33:50 ----RASHD---- C:\autorun.inf
2008-09-05 05:29:56 ----A---- C:\Program Files\Uninstall My Global Search Bar.dll
2008-08-22 17:06:15 ----D---- C:\Program Files\Sun
2008-08-22 17:05:43 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-22 17:05:43 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-22 17:05:43 ----A---- C:\WINDOWS\system32\java.exe
2008-08-16 23:57:57 ----D---- C:\Program Files\Trend Micro
2008-08-16 21:37:24 ----D---- C:\Program Files\Panda Security
2008-08-16 12:02:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-08-16 12:01:57 ----D---- C:\Program Files\Alwil Software
2008-08-16 11:42:51 ----D---- C:\Program Files\IEAntiVirus
2008-08-16 11:34:34 ----D---- C:\Documents and Settings\Mark\Application Data\rhctb0j0evl4
2008-08-16 11:34:09 ----D---- C:\Program Files\rhctb0j0evl4
2008-08-15 01:43:41 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-11 16:51:59 ----D---- C:\Program Files\Flash Favorite
2008-08-11 16:45:05 ----D---- C:\Documents and Settings\Mark\Application Data\DMCache
2008-08-11 06:53:44 ----D---- C:\Program Files\Flash FLV to Video Audio Converter
2008-08-11 06:53:44 ----A---- C:\WINDOWS\system32\libmp3lame-0.dll
2008-07-24 22:46:06 ----D---- C:\Program Files\Apple Software Update
2008-07-24 22:46:05 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-24 05:04:39 ----D---- C:\Program Files\Audacity
2008-07-17 10:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-07-16 10:15:20 ----D---- C:\WINDOWS\ie7updates
2008-07-16 10:13:24 ----D---- C:\WINDOWS\WBEM
2008-07-16 10:13:20 ----D---- C:\WINDOWS\system32\en-US
2008-07-16 10:12:04 ----HDC---- C:\WINDOWS\ie7
2008-07-16 10:11:50 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-07-16 10:11:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-07-16 10:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-07-16 10:11:00 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-07-16 10:09:28 ----D---- C:\WINDOWS\network diagnostic
2008-07-16 10:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-07-16 10:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-07-16 08:17:30 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-16 08:17:22 ----D---- C:\Program Files\AskSBar
2008-07-16 07:53:03 ----D---- C:\Documents and Settings\Mark\Application Data\BearShare
2008-07-16 07:52:54 ----D---- C:\Program Files\BearShare Applications
2008-07-13 03:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-07-13 03:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-07-13 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-07-13 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-07-13 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-07-13 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-07-13 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-07-13 03:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-07-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-07-13 03:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-07-13 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-07-13 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-07-13 03:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-07-13 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-07-13 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-07-13 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-12 05:59:34 ----D---- C:\Program Files\MSXML 4.0
2008-07-12 05:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-07-12 05:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-07-12 05:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-07-12 05:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-07-12 05:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-07-12 05:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-07-12 05:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-07-12 05:12:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-07-12 05:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-07-12 05:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-07-12 05:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-07-12 05:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-07-12 05:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-07-12 05:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-07-12 05:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-07-12 05:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-07-12 05:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-07-12 05:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-07-12 05:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-07-12 05:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-07-12 05:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-07-12 05:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-07-12 05:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-07-12 05:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-07-12 05:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-07-12 05:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-07-12 05:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-07-12 05:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-07-12 05:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-07-12 05:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-07-12 05:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-07-12 05:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-07-12 04:59:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-12 04:40:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-07-12 04:14:38 ----A---- C:\YServer.txt
2008-07-12 03:45:20 ----D---- C:\Documents and Settings\Mark\Application Data\.Torrent Swapper
2008-07-12 01:08:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 01:08:01 ----D---- C:\Program Files\ThreatFire
2008-07-12 01:08:01 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-12 00:00:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-07-11 23:59:41 ----D---- C:\Program Files\MSN Messenger
2008-07-11 23:38:12 ----D---- C:\Program Files\MyGlobalSearch

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-07-16 13056]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-05-06 17005]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-10-31 10368]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-01-18 55320]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-28 91577]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
S3 USB_RNDIS;TI Remote NDIS USB Network Device; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-04-24 66880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2006-08-31 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 SuperProServer;SuperProServer; D:\tally 6.3\spnsrvnt.exe []

-----------------EOF-----------------


info.txt logfile of random's system information tool 2008-09-05 17:20:37

Uninstall list

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced System Optimizer 2.01-->"C:\Program Files\Advanced System Optimizer\unins000.exe"
advertismen-->rundll32.exe C:\WINDOWS\system32\pushow87.dll Uninstall
AntivirXP08-->"C:\Program Files\rhctb0j0evl4\uninstall.exe"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVI Codec Pack-->C:\Program Files\AVI Codec Pack\uninstall.exe
BearShare-->C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.01.02.0729)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Cute MP3 Converter Free V1.9-->C:\PROGRA~1\CUTEMP~1\UNWISE.EXE C:\PROGRA~1\CUTEMP~1\INSTALL.LOG
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP User Guides 0002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1E8DC27-C3CD-4DD8-B37B-D26D7D7CFCBD}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IE AntiVirus-->C:\Program Files\IEAntiVirus\Uninstall.exe
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft DirectX 9.0 SDK Update (April 2005)-->MsiExec.exe /I{2CF71A78-2272-4233-B148-0D8BAEFC2BFC}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
My Web Search (Smiley Central)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Need2Find Bar-->rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Power2Go 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quick Launch Buttons 5.10 B2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Spelling Dictionaries For Adobe Reader Package-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
ThreatFire 3.5-->"C:\Program Files\ThreatFire\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB884575-->C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559-->C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD Media Codec 1.0.3-->C:\Program Files\XviD\uninst.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Security center information

AV: ThreatFire (outdated)
AV: avast! antivirus 4.8.1229 [VPS 080904-0] (disabled)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DXSDK_DIR"=C:\Program Files\Microsoft DirectX 9.0 SDK (April 2005)\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 06 September 2008 - 09:11 AM

Hello Dunetepes.

I see you have rogue programs on your computer, XP Antivirus 2008, and IEAntiVirus. These programs will give fake scan results to persuade you into perchasing their product. We will be removing these just like any other malware. Do not use the uninstallers as they are likely fake.

Your TheatFire program is outdated and will not provide you with sufficient protection. Uninstall it using Add/Remove Programs. While you are there, also remove:
  • J2SE Runtime Environment 5.0 Update 2
  • J2SE Runtime Environment 5.0 Update 6
  • My Web Search (Smiley Central)
  • Need2Find Bar
Posted ImageBackdoor Threat
I'm sorry to say that your computer was infected with one or more backdoor trojans. It looks to be gone, but you should be warned anyway.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BearShare). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Disable Realtime Protection
Disable Avast!'s realtime protection by right clicking on the try icon beside your clock that looks like Posted Image and selecting Stop On-Access Protection.

In the settings:
Posted Image
(Ignore the comment about ComboFix.)

Run OTMoveIt
  • Please download OTMoveIt2 by OldTimer to your desktop.
  • Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4a27c3-20d7-11dd-a4a3-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bbefca-e6f3-11dc-a45a-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bc1c6e-34e8-11dc-a305-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4428140f-8175-11dc-a38c-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bbefca-e6f3-11dc-a45a-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df69b24-2a95-11db-a0b6-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fb5334c-d0db-11db-a21a-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7107eae8-f0ad-11dc-a461-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7107eb67-f0ad-11dc-a461-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c0f1168-427f-11dd-a4b2-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f5fafe-e0d3-11db-a24c-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c465fb0-61e9-11dc-a35e-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e1a7c5-5440-11dd-a4c5-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb35d5e0-884b-11dc-a39c-00163601b820}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e89b08-2bce-11dd-a4a9-00163601b820}
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fun
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fXcC
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS1
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS2
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS3
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYS4
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Blocker
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^Think-Adz.lnk
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\# K"h'9œ3rWC:
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^TA_Start.lnk
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntivirXP08
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\advertismen
    C:\WINDOWS\system32\pushow87.dll
    C:\PROGRA~1\MYWEBS~1
    C:\PROGRA~1\NEED2F~1
    C:\Program Files\IEAntiVirus
    C:\Program Files\rhctb0j0evl4

  • Return to OTMoveIt2, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Click the red Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.

Please post back with:
-the OTMoveIt log
-the MalwareBytes log
-a new RSIT log (only the log.txt will appear this time)

How is your computer running now? Please describe any problems you still have.

With Regards,
The Panda

#14 dunetepes

dunetepes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 09 September 2008 - 10:05 PM

This is in reply to Panda,

Yes i do still need help my computer is still acting screwy, including going to a blue screen when i leave it idle and trying to restart itself all the time

dunetepes

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 PM

Posted 10 September 2008 - 10:45 AM

Hello.

Could you please complete the steps in my previous post and post back with the logs?

Thanks,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users