Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware/Trojan/Spyware incident


  • This topic is locked This topic is locked
26 replies to this topic

#1 chameleon437

chameleon437

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 10 February 2009 - 07:24 PM

Dear Colleagues,
Up until recently I was running a Triple Boot system - Windows XP Pro SP-3, Ultimate Edition 1.8 (WUBI install - i.e., Linux running in Windows), and Sabayon 3.5.1. I was doing some routine checks on my Windows Partition (C:\ drive) and noticed that out of the 150 Gb allocated there was about 15 Gb left; I decided to uninstall Ultimate Edition 1.8 which had used 15 Gb of the 150 Gb of space during its installation. To my surprise, instead of increasing to 30 Gb of free space it had shrunk to 1.6 Gb! I then recalled that some time ago I was hit by what appeared to be a virus (/trojan) as indicated in the Panda Internet Security report below (abstract):

Virus detected: Trj/Downloader.MDW Antivirus protection 19/01/09 20:08:31 Notified Path: popcap.com/webgames/popcaploader_v10.cab
Virus detected: Trj/Downloader.MDW Antivirus protection 19/01/09 20:08:31 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\vp2xzf34\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW Antivirus protection 19/01/09 20:13:31 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\vp2xzf34\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW Antivirus protection 19/01/09 20:13:32 Notified Path: www.popcap.com/webgames/popcaploader_v10.cab
Virus detected: Trj/Downloader.MDW Antivirus protection 19/01/09 20:13:32 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\yoi4qg5k\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW Antivirus protection 21/01/09 16:06:43 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\yoi4qg5k\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW Antivirus protection 21/01/09 16:06:52 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\vp2xzf34\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW Antivirus protection 21/01/09 16:07:03 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\yoi4qg5k\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW On-demand antivirus scan 21/01/09 17:28:01 Notified Path: C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\VP2XZF34\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW On-demand antivirus scan 21/01/09 17:28:01 Notified Path: C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\YOI4QG5K\popcaploader_v10[1].cab[PopCapLoader.dll]
Virus detected: Trj/Downloader.MDW Antivirus protection 21/01/09 18:16:00 Blocked Path: c:\documents and settings\john\local settings\temporary internet files\content.ie5\vp2xzf34\popcaploader_v10[1].cab[PopCapLoader.dll

which occurred after having attempted to purchase a game from PopCap games.com. Panda Internet Security reported that the virus had been neutralised but I was concerned with the references made in the Temp directory so I booted into Sabayon and deleted the named files/folders in the report, namely the folders commencing with VP2.. and YOI... [Please Note: I have removed the http and www references in the message so that there is no possible cross-contamination of someone else getting infected by being tempted to click on the web link generated by the Panda report]

Below is the DDS.txt:


DDS (Ver_09-02-01.01) - NTFSx86
Run by pc at 22:27:05.35 on 05/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.462 [GMT 0:00]

AV: Panda Internet Security 2008 *On-access scanning enabled* (Updated)
FW: Panda Internet Security 2008 *enabled*

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pc\Desktop\dds.scr

============== Pseudo HJT Report ===============

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [Uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2008\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2008\Inicio.exe"
mRun: [WireLessMouse] c:\program files\trust\r-series mouse and keyboard\StartAutorun.exe MouseDrv.exe
mRun: [WireLessKeyboard] c:\program files\trust\r-series mouse and keyboard\StartAutorun.exe PS2USBKbdDrv.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [OpenDNS Update] "c:\program files\opendns updater\OpenDNS Updater.exe"
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easy-p~1.lnk - c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
LSP: c:\program files\panda security\panda internet security 2008\pavlsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212595870651
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212594725745
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\3bg72ed7.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\opera\program\plugins\NPTURNMED.dll

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-6-3 17920]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-6-3 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-6-3 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-6-3 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-6-3 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-6-3 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-6-3 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-6-3 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-6-3 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-6-3 24760]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\trust\r-series mouse and keyboard\KMWDSrv.exe [2007-2-28 208896]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2008-6-5 8440]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2008\PsCtrlS.exe [2008-6-3 169264]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-6-3 83896]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2008\PAVFNSVR.EXE [2008-6-3 173360]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-6-3 178872]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2008-6-3 63024]
R2 PAVSRV;Panda anti-virus service;c:\program files\panda security\panda internet security 2008\PAVSRV51.EXE [2008-6-3 148272]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-6-3 143160]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 Vsp;Vsp;\??\c:\windows\system32\drivers\vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2009-02-05 19:22 <DIR> --d----- c:\program files\Trend Micro
2009-02-01 15:25 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-01 15:23 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-01 15:23 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-01 15:23 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-01 14:37 49,152 -----r-- c:\windows\system32\ChCfg.exe
2009-02-01 14:36 <DIR> --d----- c:\program files\AvRack
2009-02-01 14:36 164 -----r-- c:\windows\avrack.ini
2009-02-01 14:36 <DIR> --d----- c:\program files\Realtek AC97
2009-02-01 14:36 315,392 -----r-- c:\windows\alcupd.exe
2009-02-01 14:36 217,088 -----r-- c:\windows\alcrmv.exe
2009-02-01 14:33 147,456 -----r-- c:\windows\system32\RtlCPAPI.dll
2009-02-01 14:33 10,528,768 -----r-- c:\windows\system32\RTLCPL.exe
2009-02-01 14:33 141,016 -----r-- c:\windows\system32\alsndmgr.wav
2009-02-01 14:33 18,804,736 -----r-- c:\windows\system32\alsndmgr.cpl
2009-02-01 14:33 4,024,832 -----r-- c:\windows\system32\drivers\alcxwdm.sys
2009-02-01 14:33 577,536 -----r-- c:\windows\soundman.exe
2009-01-31 18:17 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-28 16:44 10,593 a------- c:\windows\CSTBox.INI
2009-01-28 16:41 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-28 15:56 256 a------- c:\windows\setup.iss
2009-01-28 15:55 11,776 a------- c:\windows\system32\pmsbfn32.dll
2009-01-28 15:53 <DIR> --d----- c:\program files\common files\PDFView
2009-01-28 15:53 <DIR> --d----- c:\windows\system32\Color
2009-01-28 15:53 <DIR> --d----- c:\program files\NewSoft
2009-01-28 15:51 416 a------- c:\windows\MAXLINK.INI
2009-01-28 15:50 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-01-28 15:49 <DIR> --d----- c:\program files\ScanSoft
2009-01-28 15:39 <DIR> --d----- c:\program files\common files\CANON
2009-01-28 15:38 106,496 a------- c:\windows\system32\cnqo4802.dll
2009-01-28 15:38 1,298,432 a------- c:\windows\system32\CNQC4802.DLL
2009-01-28 15:38 143,360 a------- c:\windows\system32\CNQL4802.DLL
2009-01-28 15:38 57,344 a------- c:\windows\system32\CNQI4802.DLL
2009-01-25 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OpenDNS Updater
2009-01-25 15:43 <DIR> --d----- c:\program files\OpenDNS Updater
2009-01-20 17:07 29,600 a------- c:\windows\system32\mxntdfg.exe
2009-01-08 18:14 8 a------- c:\windows\system32\nvModes.dat

==================== Find3M ====================

2009-02-05 20:28 1,244 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-02-05 20:28 1,244 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-02-05 20:28 393,088 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-02-05 20:28 393,088 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-02-05 18:11 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-05 18:11 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-04 22:35 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-12 18:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-10 14:17 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2004-10-01 14:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2001-11-23 04:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL
2008-07-06 08:39 80 ---shr-- c:\windows\CT4MET.BIN

============= FINISH: 22:27:40.18 ===============

Attached is the Attach.txt

I would also like to add that recently, the PC came up with a bizarre error message, requesting I insert the Windows XP SP-3 cd - I don't have a Service Pack CD - it was installed via the Microsoft Update. This seemed to appear after Fix-It 9 Professional claimed it was updating - it used to show up in the system tray with 'mxtask.exe' showing up twice in the Running Processes window of Task Manager.
I have run chkdsk and it came back with no errors and when the machine rebooted it reported the drive as clean. Also I have been unable to defrag the hard drive as you need a minimum of 15% free hard drive space which I clearly haven't.
Finally, I recently installed Secunia's Personal Software Inspector which advises as to what software is out-of-date on the system and a potential security threat due to end-of-life status etc.

Hope it is clearer to you than it is to me as to what the problem is!

Kind regards to all,
chameleon437

Attached Files


Edited by chameleon437, 10 February 2009 - 07:34 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 22 February 2009 - 09:40 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 22 February 2009 - 04:18 PM

Hi suebaby41,
Thanks for getting back to me. I did as you said regarding the RSIT.exe but two things happened:
1. RSIT.exe reported a problem and came up with the error message of:
Heading - HijackThis
Exclamation mark in a Yellow Triangle and the text:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\WINDOWS\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' with quotes, and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'." [end of warning message]

2. Panda Internet Security 2008 launched a pop-up message saying it had intercepted a dangerous operation.

Lastly this is what the 'hosts' file contains:
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

I don't know if you have seen my previous misplaced post for which I again apologise but Panda did intercept what would appear to have been a trojan whilst attempting to purchase a game from www.popcapgames.com.

Hope this is all you need for now.

kind regards,
chameleon437

Post Script: After I clicked on the o.k. message the program ran and created this log.txt file:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-22 21:03:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 249 MB (0%) free of 154 GB
Total RAM: 1022 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:33, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Documents and Settings\pc\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?p...ne&lang=eng
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Uniblue PowerSuite] C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-21-329068152-616249376-725345543-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'pc')
O4 - HKUS\S-1-5-21-329068152-616249376-725345543-1007\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'pc')
O4 - HKUS\S-1-5-21-329068152-616249376-725345543-1007\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (User 'pc')
O4 - HKUS\S-1-5-21-329068152-616249376-725345543-1007\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s (User 'pc')
O4 - Startup: Dialog Helper.lnk = C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Easy-PrintToolBox.lnk = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212595870651
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212594725745
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.maestroasp.com/innerpass_prod/D...ent/XUpload.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 8763 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Basic clean-up.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"APVXDWIN"=C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE [2007-11-23 406832]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe [2007-07-11 27952]
"WireLessMouse"=C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe [2007-03-06 212992]
"WireLessKeyboard"=C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe [2007-03-06 212992]
"NvMediaCenter"=C:\WINDOWS\SYSTEM32\NvMCTray.dll [2008-05-03 86016]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-16 1169776]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-02-16 1945960]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-16 149024]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]
"OpenDNS Update"=C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe [2009-02-17 315392]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uniblue PowerSuite"=C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe [2008-04-02 3202832]
"Uniblue SpyEraser"=C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 1424648]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2008-04-02 1885464]
"Uniblue SpeedUpMyPC"=C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-02 9442584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Easy-PrintToolBox.lnk - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Dialog Helper.lnk - C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\SYSTEM32\avldr.dll [2007-02-15 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======File associations======

.js - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
.vbs - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

======List of files/folders created in the last 1 months======

2009-02-22 21:03:52 ----D---- C:\rsit
2009-02-21 22:25:38 ----HDC---- C:\Documents and Settings\All Users\Application Data\{5C28D317-6AED-4C3B-90F1-EC0A723F01EA}
2009-02-19 22:47:24 ----D---- C:\Program Files\Common Files\Skype
2009-02-19 22:47:17 ----RD---- C:\Program Files\Skype
2009-02-11 18:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 21:00:58 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-10 20:58:42 ----D---- C:\Program Files\Common Files\Adobe
2009-02-06 23:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-02-06 23:50:50 ----D---- C:\Program Files\Common Files\iS3
2009-02-06 23:50:49 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-02-05 19:22:41 ----D---- C:\Program Files\Trend Micro
2009-02-05 18:52:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2009-02-05 17:05:47 ----D---- C:\Program Files\QuickTime
2009-02-01 15:25:06 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-01 15:24:56 ----D---- C:\Program Files\MSBuild
2009-02-01 15:24:34 ----D---- C:\Program Files\Reference Assemblies
2009-02-01 15:23:28 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-02-01 15:23:27 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-01 15:23:26 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-02-01 14:37:34 ----R---- C:\WINDOWS\system32\ChCfg.exe
2009-02-01 14:36:34 ----R---- C:\WINDOWS\avrack.ini
2009-02-01 14:36:34 ----D---- C:\Program Files\AvRack
2009-02-01 14:36:22 ----D---- C:\Program Files\Realtek AC97
2009-02-01 14:36:11 ----R---- C:\WINDOWS\alcupd.exe
2009-02-01 14:36:11 ----R---- C:\WINDOWS\alcrmv.exe
2009-02-01 14:33:23 ----R---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-02-01 14:33:19 ----R---- C:\WINDOWS\system32\RTLCPL.exe
2009-02-01 14:33:17 ----R---- C:\WINDOWS\soundman.exe
2009-01-31 18:17:49 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-01-31 14:57:56 ----D---- C:\Documents and Settings\Administrator\Application Data\NewSoft
2009-01-28 16:44:19 ----D---- C:\Documents and Settings\Administrator\Application Data\Canon
2009-01-28 16:44:18 ----A---- C:\WINDOWS\CSTBox.INI
2009-01-28 15:55:43 ----A---- C:\WINDOWS\system32\pmsbfn32.dll
2009-01-28 15:53:27 ----D---- C:\Program Files\Common Files\PDFView
2009-01-28 15:53:15 ----D---- C:\WINDOWS\system32\Color
2009-01-28 15:53:15 ----D---- C:\Program Files\NewSoft
2009-01-28 15:51:32 ----A---- C:\WINDOWS\MAXLINK.INI
2009-01-28 15:51:27 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-01-28 15:51:09 ----D---- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2009-01-28 15:50:33 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-01-28 15:50:32 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-01-28 15:49:37 ----D---- C:\Program Files\ScanSoft
2009-01-28 15:42:34 ----D---- C:\Program Files\ArcSoft
2009-01-28 15:39:56 ----D---- C:\Program Files\Common Files\CANON
2009-01-28 15:38:40 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-01-28 15:38:26 ----A---- C:\WINDOWS\system32\cnqo4802.dll
2009-01-28 15:38:24 ----A---- C:\WINDOWS\system32\CNQL4802.DLL
2009-01-28 15:38:24 ----A---- C:\WINDOWS\system32\CNQI4802.DLL
2009-01-28 15:38:24 ----A---- C:\WINDOWS\system32\CNQC4802.DLL
2009-01-28 15:38:19 ----HD---- C:\Program Files\CanonBJ
2009-01-25 15:43:20 ----D---- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
2009-01-25 15:43:13 ----D---- C:\Program Files\OpenDNS Updater
2009-01-25 12:20:28 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-02-22 21:03:55 ----D---- C:\WINDOWS\Temp
2009-02-22 19:52:26 ----D---- C:\WINDOWS\system32\drivers
2009-02-22 19:46:39 ----D---- C:\Program Files\Mozilla Firefox
2009-02-22 19:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-22 19:43:44 ----D---- C:\WINDOWS\Prefetch
2009-02-22 19:41:14 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-22 19:41:01 ----D---- C:\WINDOWS\system32
2009-02-22 14:26:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 13:42:32 ----D---- C:\Program Files\Mozilla Thunderbird
2009-02-22 13:35:13 ----D---- C:\Program Files\Uniblue
2009-02-21 22:26:05 ----SHD---- C:\WINDOWS\Installer
2009-02-21 22:26:05 ----SHD---- C:\Config.Msi
2009-02-21 11:44:59 ----SHD---- C:\System Volume Information
2009-02-19 23:45:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-02-19 22:47:24 ----D---- C:\Program Files\Common Files
2009-02-19 22:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-02-19 22:47:17 ----D---- C:\Program Files
2009-02-17 23:19:44 ----A---- C:\WINDOWS\win.ini
2009-02-17 11:00:21 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-02-17 09:38:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-16 23:16:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-16 13:31:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-16 11:41:59 ----D---- C:\WINDOWS
2009-02-11 18:22:26 ----HD---- C:\WINDOWS\inf
2009-02-11 18:22:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 18:22:16 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 18:21:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 18:21:53 ----D---- C:\Program Files\Internet Explorer
2009-02-11 18:21:33 ----D---- C:\WINDOWS\ie7updates
2009-02-10 21:01:45 ----D---- C:\Program Files\Adobe
2009-02-10 21:00:11 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-05 20:35:32 ----SHD---- C:\RECYCLER
2009-02-05 20:15:33 ----D---- C:\Documents and Settings\Administrator\Application Data\The Labyrinth Plus! Edition
2009-02-05 18:50:22 ----D---- C:\Program Files\Vuze
2009-02-05 18:45:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-05 18:44:16 ----D---- C:\WINDOWS\WinSxS
2009-02-05 17:10:15 ----D---- C:\Program Files\Safari
2009-02-05 00:19:56 ----HD---- C:\_Backup
2009-02-05 00:17:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-05 00:16:35 ----D---- C:\WINDOWS\security
2009-02-04 23:31:16 ----D---- C:\Program Files\Windows Media Player
2009-02-04 23:31:16 ----D---- C:\Program Files\VCOM
2009-02-04 23:31:13 ----D---- C:\Program Files\iTunes
2009-02-04 23:31:06 ----D---- C:\Program Files\Common Files\AVSMedia
2009-02-04 23:31:04 ----D---- C:\Documents and Settings\Administrator\Application Data\VCOM
2009-02-04 23:31:04 ----D---- C:\Documents and Settings\Administrator\Application Data\Acronis
2009-02-04 23:31:03 ----D---- C:\Documents and Settings\Administrator\Application Data\NCH Software
2009-02-04 23:31:03 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2009-02-04 23:31:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2009-02-04 23:31:02 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-02-04 23:31:02 ----D---- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
2009-02-04 23:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-02-04 23:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2009-02-04 23:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-02-04 23:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-02-04 23:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-02-04 22:53:35 ----D---- C:\Program Files\Common Files\LogiShrd
2009-02-04 22:50:27 ----D---- C:\Program Files\Logitech
2009-02-04 22:39:09 ----RSH---- C:\boot.ini
2009-02-03 23:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-03 14:39:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-01 20:40:06 ----A---- C:\WINDOWS\wininit.ini
2009-02-01 20:15:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-01 20:15:30 ----RSD---- C:\WINDOWS\assembly
2009-02-01 15:34:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-01 15:24:51 ----D---- C:\WINDOWS\system32\en-US
2009-02-01 15:24:46 ----RSD---- C:\WINDOWS\Fonts
2009-02-01 15:23:52 ----D---- C:\WINDOWS\system32\spool
2009-02-01 15:11:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-01 14:46:35 ----A---- C:\WINDOWS\RtlRack.ini
2009-02-01 14:36:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-31 16:38:58 ----D---- C:\WINDOWS\system32\Restore
2009-01-30 00:00:08 ----SD---- C:\WINDOWS\Tasks
2009-01-28 16:42:19 ----D---- C:\WINDOWS\Media
2009-01-28 15:50:29 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-28 15:39:20 ----D---- C:\Program Files\Canon
2009-01-28 15:38:39 ----D---- C:\WINDOWS\twain_32
2009-01-27 21:28:52 ----D---- C:\Program Files\Java
2009-01-27 21:27:30 ----D---- C:\Program Files\Common Files\Apple
2009-01-27 00:02:01 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []
R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2007-01-16 16512]
R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 24760]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 8440]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-28 83896]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-06-06 32768]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-06 4024832]
R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
R3 EL90XBC;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2002-08-13 74338]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 LVUVC;Logitech QuickCam E3500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97; C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 143160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-04-07 105088]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-10 7808]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\VIAudio.sys []
S3 Vsp;Vsp; \??\C:\WINDOWS\system32\drivers\Vsp.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]
R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 208896]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe [2007-07-12 169264]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe [2007-07-12 173360]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]
R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe [2007-09-28 148272]
R2 pmshellsrv;Panda Antispam Engine; C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe [2007-01-15 67120]
R2 PSHost;Panda Host Service; c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE [2007-04-04 226864]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe [2007-05-24 108592]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe [2007-10-24 406832]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Edited by chameleon437, 22 February 2009 - 04:23 PM.


#4 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 22 February 2009 - 05:36 PM

Hi suebaby41 again,
I notice that in addition to the log.txt there is an info.txt file that has been created as well - do you need me to post this? One thing that strikes me is why is there an Intel Driver apparently present in Common Files when I don't have an Intel machine - its AMD through and through.

regards once more,
chameleon437

Edited by chameleon437, 22 February 2009 - 05:39 PM.


#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 22 February 2009 - 07:08 PM

Intel products include:
* Processors
* Motherboards
* Chipsets
* Desktop
* Notebook
* Mobile Internet Devices (MIDs)
* Business PCs
* Server
* Workstation
* Intel Graphics
* Embedded & Communications
* Solid-State Drives and Caching
* Storage
* Consumer electronics
* Software
* Intel® Health

You could have some of their other products such as Intel Graphic card.

Right now, I just need the HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 22 February 2009 - 07:25 PM

Hi suebaby41,

Only graphics card is an Asus nVidia FX5700LE (256 Mb) graphics card - no onboard graphics.

regards,
chameleon437

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 23 February 2009 - 04:27 PM

There is something on your computer that requires an Intel driver. You could do a Search to find it if you need to know.

Let's get your computer hosts file back to basics.
  • Please download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert.
  • Click HostsXpert.exe to run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click Make Hosts Writable? in the upper corner (If available).
  • Click Restore Microsoft's Hosts files and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 23 February 2009 - 07:06 PM

Hi suebaby41,

Downloaded HostsXpert as you requested but when run get error message:

"ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts"

Also Panda Internet Security blocks it as a dangerous operation.

regards,
chameleon437

PS Did a search for Intel and PowerDesk 7.0 found these references:
usbintel.sys 15,872 13/04/2008 18:45 C:\WINDOWS\ServicePackFiles\i386\
usbintel.sys 15,872 13/04/2008 18:45 a C:\WINDOWS\system32\drivers\
mdmintel.PNF 27,208 03/06/2008 21:06 a C:\WINDOWS\inf\
mdmintel.inf 15,157 23/08/2001 12:00 a C:\WINDOWS\inf\
Mdmintel.in_ 2,327 23/08/2001 12:00 a C:\I386\
Kbdintel.dll 5,632 23/08/2001 12:00 a C:\I386\
intelppm.sys 36,352 13/04/2008 18:31 C:\WINDOWS\ServicePackFiles\i386\
intelppm.sys 36,352 13/04/2008 18:31 a C:\WINDOWS\system32\drivers\
intelppm.sy_ 21,909 03/08/2004 22:59 a C:\I386\
Intellip.txt 869 23/08/2001 12:00 a C:\I386\COMPDATA\
Intellip.htm 1,380 23/08/2001 12:00 a C:\I386\COMPDATA\
intellimirror.chm 17,944 23/08/2001 12:00 a C:\WINDOWS\Help\
Intellim.ch_ 10,335 23/08/2001 12:00 a C:\I386\
intelide.sys 5,504 13/04/2008 18:40 C:\WINDOWS\ServicePackFiles\i386\
Intelide.sy_ 2,897 03/08/2004 22:59 a C:\I386\
Intelata.txt 583 23/08/2001 12:00 a C:\I386\COMPDATA\
Intelata.htm 1,013 23/08/2001 12:00 a C:\I386\COMPDATA\
Intelapp.txt 314 23/08/2001 12:00 a C:\I386\COMPDATA\
Intelapp.htm 689 23/08/2001 12:00 a C:\I386\COMPDATA\
Intel32 0 05/06/2008 21:32 d C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\
Intel32 0 31/01/2009 14:53 d C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\
Intel32 0 01/02/2009 14:35 d C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\
Intel 32 0 28/01/2009 15:46 d C:\Program Files\Common Files\InstallShield\Driver\10\
Intel 32 0 04/06/2008 23:11 d C:\Program Files\Common Files\InstallShield\Driver\1050\
Intel 32 0 03/06/2008 21:34 d C:\Program Files\Common Files\InstallShield\Driver\7\
Intel 32 0 04/06/2008 15:45 d C:\Program Files\Common Files\InstallShield\Driver\8\
Intel 32 0 18/06/2008 18:36 d C:\Program Files\Common Files\InstallShield\Engine\6\
eff_blur_blurintel.png 5,063 16/01/2007 19:29 a C:\Program Files\Serif\PhotoPlus\11.0\Help\Help2057\img\

Edited by chameleon437, 23 February 2009 - 07:17 PM.


#9 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 February 2009 - 12:37 PM

Hi suebaby41,
Have you got any further yet? I posted the rsit log - do you want me to run Hijack this? as well and post back?

regards,
swarfendor437

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 01 March 2009 - 02:18 PM

Yes. Please run HijackThis and post it. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 01 March 2009 - 03:29 PM

Hi suebaby41,
Sorry about the confusion - here is the log (PS it reported it could not write to the hosts file).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:29, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security

2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security

2008\Inicio.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And

Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And

Keyboard\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk

Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program

Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common

Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster

2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC

3\SpeedUpMyPC.exe -s
O4 - Global Startup: Easy-PrintToolBox.lnk = C:\Program

Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/microsoftu...uweb_site.cab?1

212595870651
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftu...uweb_site.cab?1

212594725745
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -

https://www.maestroasp.com/innerpass_prod/D...ent/XUpload.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO

Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM -

C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program

Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program

Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program

Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program

Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International -

C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program

files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program

Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda

Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 7411 bytes

#12 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 01 March 2009 - 06:16 PM

Hi suebaby41 - uploading again as bits appeared to be missing on last posting. Sorry.

regards,
chameleon437

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:29, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Global Startup: Easy-PrintToolBox.lnk = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212595870651
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212594725745
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.maestroasp.com/innerpass_prod/D...ent/XUpload.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 7411 bytes

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 02 March 2009 - 07:42 AM

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

In Normal Mode, run an online malware check from at least two and preferably three (one may catch something that another one may not) of the following sites
BitDefender
Computer Associates Online Virus Scan
Kaspersky Online Virus Scanner
McAfee FreeScan
Panda's ActiveScan
Trend Micro™ HouseCall
Windows Live Safety Center Free Online Scan
WindowSecurity.com TrojanScan
When you have completed the scans, if you get a report of files that cannot be cleaned / deleted, make a note of the file location of anything that cannot be cleaned / deleted. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in a quarantine folder
Please post the edited list in your next reply.

Step 3

Please download Spybot-S&D©® and install Spybot-S&D©® .
  • Be sure to UNCHECK TeaTimer when presented with the option to install. You can enable it after you are clean.
  • Run Spybot-S&D©® , go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
  • Click the button "Search for Updates".
  • If any updates are found, install them by placing a check mark next to each one and clicking "Download Updates".
  • If you encounter any error messages while downloading the updates, manually download them from here.
  • Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
  • Click the button "Check for Problems".
  • When Spybot-S&D©® is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
  • Make certain there is a check mark beside all of the RED entries ONLY.
  • Choose "Fix Selected Problems" and allow Spybot-S&D©® to fix the RED entries.
  • REBOOT to complete the scan and clear memory.
Note: After Windows loads, Spybot-S&D©® may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

Step 4
  • Please download Ad-Aware 2008 Free to your desktop. The Ad-Aware 2008 Free installation file will be aaw2008.msi or aaw2008.exe.
  • Double-click the file and follow the on-screen instructions in the Installation Wizard to install.
  • When the Please Enter Your License Information screen appears, click Cancel and Ad-Aware 2008 Free will be installed.
  • When the Ad-Aware 2008 Has Been Successfully Installed Screen appears, click Finish to complete the installation and to launch Ad-Aware 2008 Free.
  • The Status screen will appear. You will see four sections.
    • System Protection Status section where you will see Real Time Protection with a check in the Off dialog box and Automatic Updates with a check in the On dialog box.
    • Update Status section
    • System Scan section
    • License Status section where you will see that the Type: will be Free Edition and License Expires in: Never.
  • In the list on the left of the screen, click Scan. You will be given a choice of Smart Scan, Full Scan, and Custom Scan. (Scheduler on the right of the screen is only available in Ad-Aware 2008 Plus and Ad-Aware Pro.)
  • In the list on the left of the screen, click Settings > Scanning tab. Use the default settings unless you see some changes that you want to make.
  • In the list on the left of the screen, click Status. In the System Scan section, click Scan Now.
  • When the scan finishes, the Critical Objects tab window appears.
  • Under Scan Results, you will see the list of Critical Objects that Ad-Aware 2008 Free found. You are given three choices, Add to ignore, Quarantine, Remove, and System Restore. You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If Critical Objects are found, select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
  • Click Remove.
  • If no Critical Objects are found, click the Privacy Objects tab.
  • If there are Privacy Objects listed, select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Select Add to ignore or Remove..
  • Click Remove.
  • If no Privacy Objects are found, click the Log File tab to see the statistics of the Ad-Aware 2008 Free scan.
  • Click Finish.
  • The next screen shows you the Scan Summary in the left panel and System Restore in the right panel.
    • You may choose to create a System Restore Point prior to removing any objects that you are unsure of removing or after a scan when you know the system is clean. If you choose to create a System Restore Point, click Set.
    • You may want to export the results Click Export and save the log on your computer .
    • Click Scan Again to repeat the scan.
  • You will be returned to the Status screen. Click on the X in the upper right corner to exit Ad-Aware 2008 Free.
Step 5

I recommend using Spyware Blaster.
  • Please download SpywareBlaster and save it to your desktop.
  • Double click on it to install the program.
  • Follow the prompts and choose the default locations when installing the program.
  • When the program is installed, it will place an icon on your desktop.
  • Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. On the first page of this tutorial, you will see some of the SpywareBlaster features
  • Click on the Next button to proceed to the second page of the tutorial.
  • If you want to purchase the software, then you should select Automatic Updating. If you do not plan on purchasing the software, then you should select the option for Manual Updating. Press the Next button.
  • At the next screen, click Finish.
  • At the next screen, Protection Status, click Enable All Protection.
  • Click Download Latest Protection Updates. This will ensure that SpywareBlaster has the latest definitions so that it can protect your browser more efficiently. You should update SpywareBlaster regularly, as much as every few days, in order to provide the best protection. Each time you update, be sure to click Enable All Protection.
Step 6

Malwarebytes' Anti-Malware is FREEWARE, however you may upgrade to the PRO version which contains realtime protection, scheduled scanning and updating.
  • Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
  • Double-click on mbam-rules.exe to install.
  • On the Scanner tab, make sure the Perform Quick Scan option is selected.
  • Click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Step 7
  • Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options, make sure the following are checked:
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software, click Scan your computer.
  • On the left, check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose Copy.
    • Click Close and Close again to exit the program.
  • Please post that information with a new HijackThis log.
Step 8
  • Please download the ATF-Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • Follow the same steps for Firefox or Opera. You have the option of checking No if you want to save your passwords.
  • Click Exit on the Main menu to close the program.
Do not run it yet.

Step 9

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 10

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 11

Please run HijackThis in Normal Mode and post:
  • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  • the log from MalwareBytes
  • the log from SUPERAntiSpyware
  • a new HijackThis log
Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 chameleon437

chameleon437
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 07 March 2009 - 06:24 AM

Hi suebaby41,

Just to update you I had a number of Trend Micro crashes (after installing the necessary flash files required to run - hit on another Active X control that appeared and it crashed) within Mozilla Firefox so I decided to uninstall Panda Internet Security 2008 and install C O M O D O Internet Security instead - it picked up some 'viruses' that weren't really - an official pop band's screensaver and some files it was not aware of. Currently running on-line Bit-defender and chose the option to show 'Detected problems'. Everything showing up as clean so far and noted that obviously during the scan there was a lot of 'Backup' folders and files in 'Documents and Settings/All Users/Application Data' - turns out that Panda has been creating Backup folders similar to 'System Restore' folders eating up 130 Gb of space!!!! Would I be correct in thinking I can safely delete all of these since I have removed Panda Internet Security 2008? Don't remember turning on the back up option as I use Acronis True Image from Acronis Disk Director 10.0 suite. Also, I cranked up the heuristic settings on C O M O D O which brought up an executable which has been quarantined - MOTA113.EXE.

sincere regards,
chameleon437

Edited by chameleon437, 07 March 2009 - 06:26 AM.


#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:39 PM

Posted 09 March 2009 - 04:01 PM

MOTA113.EXE is a false positive. Later updates will not target it. Have you noticed any programs reporting the file missing?

back up folders/files can be deleted safely.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users