View Full Version : Need help, my computer is crazy!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:03 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\tSD.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [reAppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\reAppleSyncNotifier.exe
O4 - HKLM\..\Run: [rele\Mobile Device Support\bin\reAppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\reAppleSyncNotifier.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-21-493546689-3512936192-40875340-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Everyone Else')
O4 - HKUS\S-1-5-21-493546689-3512936192-40875340-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Everyone Else')
O4 - HKUS\S-1-5-21-493546689-3512936192-40875340-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Everyone Else')
O4 - HKUS\S-1-5-21-493546689-3512936192-40875340-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174626374171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: awTJdBRk - awTJdBRk.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8074 bytes
I would very much appreciate anyone who could help a lending hand, I'm getting desperate.
Thanks in advance!
Hi Niggler
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
Hi Shaba,
Thanks for getting back to me, I really appreciate it. Fortunately I am purchasing a laptop in the near future, so this computer won't serve me much longer. However I would like to transfer a lot of media files over from this machine to the next, and I'm not sure I can do so with the computer in the shape it's in. Does this malware piggy-back onto external hard drives, or am I safe?
Either way, I would like to attempt to clean the machine, at least for a long enough period to ensure the transfer my music/documents/etc. over to my laptop.
Thank you so much!
No signs of that, at least not yet.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ComboFix 09-04-25.A3 - Alex 04/26/2009 16:08.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1650 [GMT -5:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFcx.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bold.log
c:\documents and settings\Alex\Application Data\wiaserva.log
c:\program files\Common Files\Apple\Mobile Device Support\bin\reAppleSyncNotifier.exe
c:\windows\setup.exe
c:\windows\system32\dqvwthlv.ini
c:\windows\system32\ntos.exe
c:\windows\system32\nughoqmj.ini
c:\windows\system32\ovfsthcwsmkvxpsrmvxpvrgkpmbyekrhsyxujd.dat
c:\windows\system32\ovfsthhjugcchohwbrfvcrmgvouhclhbsycikc.dat
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthpewivssrpibeaeegsfmqxgwfvpasbprd.dat
c:\windows\system32\qgbuwxdw.ini
c:\windows\system32\rybenqaw.ini
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\wceqymks.ini
c:\windows\system32\win32x.exe
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-25 02:53 . 2009-04-25 02:53 -------- d-----w c:\program files\ERUNT
2009-04-20 09:59 . 2009-04-20 09:59 146944 ----a-w c:\windows\Agolije.dat
2009-04-20 09:50 . 2009-04-20 09:50 -------- d-----w c:\documents and settings\Alex\Local Settings\Application Data\{923552BB-77F9-4092-97AF-C88345D1C227}
2009-04-20 09:38 . 2009-04-20 09:38 0 ----a-w C:\jjomgvxe.exe
2009-04-20 09:38 . 2009-04-20 09:38 0 ----a-w C:\wljvhddw.exe
2009-04-20 09:38 . 2009-04-20 09:38 0 ----a-w C:\yxly.exe
2009-04-20 09:38 . 2009-04-20 09:38 0 ----a-w C:\cdheei.exe
2009-04-20 09:38 . 2009-04-20 09:38 45568 ----a-w C:\kgayofb.exe
2009-04-18 03:12 . 2009-04-24 18:24 72923168 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-18 03:12 . 2009-04-24 18:24 418028 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 18:43 . 2009-04-25 02:34 -------- d-----w c:\program files\Spyware Doctor
2009-04-17 18:21 . 2009-04-17 18:40 -------- d-----w C:\ComboFix
2009-04-16 08:04 . 2009-04-16 08:04 434 ----a-w c:\windows\system32\MRT.INI
2009-04-15 17:41 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 17:41 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 17:41 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 17:41 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 17:41 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 17:41 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 17:41 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 17:41 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 17:41 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 17:39 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 17:39 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 17:39 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 17:33 . 2009-04-12 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 18:57 . 2009-04-11 18:57 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-11 18:50 . 2009-04-20 22:30 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-11 18:50 . 2009-04-11 18:50 -------- d-----w c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com
2009-04-11 05:49 . 2009-04-20 23:56 7059 ----a-w c:\windows\wininit.ini
2009-04-11 03:44 . 2009-04-11 03:44 -------- d-----w c:\program files\Lavasoft
2009-04-10 05:40 . 2009-04-16 08:04 1374 ----a-w c:\windows\imsins.BAK
2009-04-10 04:36 . 2009-04-26 13:05 -------- d--h--w C:\$AVG8.VAULT$
2009-04-10 04:25 . 2009-04-10 04:54 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 04:25 . 2009-04-10 04:52 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 04:25 . 2009-04-10 04:46 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-10 04:25 . 2009-04-10 04:54 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 04:25 . 2009-04-26 12:50 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 04:25 . 2009-04-20 09:41 -------- d-----w c:\documents and settings\Alex\Application Data\AVGTOOLBAR
2009-04-08 03:28 . 2009-04-08 03:28 73208 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-05 17:43 . 2008-07-08 19:54 148496 ----a-w c:\windows\system32\drivers\43420595.sys
2009-04-05 01:38 . 2009-04-05 01:38 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 02:34 . 2008-03-10 03:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-24 23:37 . 2007-08-19 01:59 -------- d-----w c:\program files\AC Tool
2009-04-20 21:44 . 2009-02-20 03:15 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-17 18:59 . 2007-03-23 05:45 -------- d---a-w c:\documents and settings\Alex\Application Data\uTorrent
2009-04-17 18:54 . 2009-02-21 03:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-16 08:01 . 2009-03-06 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-12 17:33 . 2007-03-23 07:52 -------- d-----w c:\program files\iTunes
2009-04-12 17:33 . 2007-03-23 07:52 -------- d-----w c:\program files\iPod
2009-04-12 17:33 . 2007-07-08 19:32 -------- d-----w c:\program files\Common Files\Apple
2009-04-11 19:02 . 2009-02-21 03:55 -------- d-----w c:\program files\RogueRemover FREE
2009-04-11 18:49 . 2007-06-04 05:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-11 06:04 . 2007-06-04 05:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-11 05:25 . 2007-06-04 05:14 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 05:41 . 2009-02-21 04:34 -------- d-----w c:\program files\CCleaner
2009-04-10 05:35 . 2004-09-28 20:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 05:34 . 2004-09-28 20:57 -------- d-----w c:\program files\Sony
2009-04-10 05:31 . 2008-01-05 22:47 -------- d-----w c:\program files\AC3Filter
2009-04-10 05:29 . 2007-06-04 07:57 -------- d-----w c:\program files\SpywareBlaster
2009-04-10 05:10 . 2007-03-23 07:50 -------- d-----w c:\program files\Ares
2009-04-07 01:23 . 2007-03-23 05:39 -------- d---a-w c:\documents and settings\Alex\Application Data\Apple Computer
2009-04-06 20:32 . 2009-02-21 03:57 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-02-21 03:57 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 20:48 . 2009-03-14 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 20:46 . 2009-01-17 23:19 -------- d-----w c:\program files\Bonjour
2009-03-14 20:45 . 2007-05-13 19:31 -------- d-----w c:\program files\QuickTime
2009-03-14 20:35 . 2008-08-03 04:39 -------- d-----w c:\program files\Safari
2009-03-12 15:44 . 2009-01-07 16:39 86904 ----a-w c:\documents and settings\Everyone Else\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-11 01:30 . 2007-03-23 05:03 86904 ----a-w c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-09-28 19:54 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 04:59 . 2009-03-14 20:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 04:59 . 2008-08-03 08:10 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 03:31 . 2007-03-23 03:58 -------- d-----w c:\program files\Microsoft Works
2009-03-06 03:31 . 2007-03-23 14:17 -------- d-----w c:\program files\MSBuild
2009-03-06 03:29 . 2009-03-06 03:29 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 03:28 . 2007-03-23 04:02 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-06 03:23 . 2009-03-06 03:23 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-27 00:19 . 2008-10-27 05:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 23:44 . 2009-02-25 23:44 -------- d-----w c:\documents and settings\Alex\Application Data\Galcon
2009-02-21 23:13 . 2009-02-21 22:35 136 ----a-w C:\VundoFix.txt
2009-02-09 12:10 . 2004-09-28 19:54 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-09-28 19:54 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-09-28 19:54 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-09-28 19:54 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-09-28 19:54 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-09-28 19:54 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-03 23:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-09-28 19:54 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-09-28 19:54 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-05 04:15 . 2007-08-22 02:29 54248 ----a-w c:\documents and settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-03-23 14:17 . 2007-03-23 14:17 106096 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-03-23 05:03 . 2007-03-23 05:03 127 ----a-w c:\documents and settings\Alex\Local Settings\Application Data\fusioncache.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-25 983552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8429568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2009-04-11 2468200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AutoRun"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-12 02:53 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-10 04:54 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-10 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 is-U5PPMdrv;is-U5PPMdrv;c:\windows\system32\DRIVERS\43420595.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-04-26 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Alex.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-21 20:32]
2009-04-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for Alex.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-21 20:32]
2009-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-04-26 c:\windows\Tasks\User_Feed_Synchronization-{A18305FF-A000-4D37-ABFD-78DEB4F70543}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 08:01]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-rele\Mobile Device Support\bin\reAppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\reAppleSyncNotifier.exe
Notify-awTJdBRk - awTJdBRk.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\08zq7izy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\08zq7izy.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npoctoshape.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Octoshape Streaming Services\Alex\octoprogram-L03-N00-U00-C00_0706180_000\npoctoshape.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 16:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-493546689-3512936192-40875340-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,fe,65,68,9e,c6,17,09,4b,bc,cd,c2,80,d0,1b,9c,8c,12,18,76,85,e1,29,
88,42,23,c1,38,33,9c,03,2b,50,12,ab,27,86,14,4b,54,6e,13,ad,5a,cd,95,d4,52,\
"??"=hex:28,7e,ba,43,21,88,fa,a3,e1,e6,45,d0,68,6a,b4,d6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3984)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-26 16:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 21:45
Pre-Run: 42,096,906,240 bytes free
Post-Run: 40,173,748,224 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
300 --- E O F --- 2009-04-24 02:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:01 PM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174626374171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7605 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC Tool
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Premiere Standard
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Alarm 2.0.4
Any Video Converter 2.6.7
Apple Mobile Device Support
Apple Software Update
Ares 2.1.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
Bonjour
BugOff 1.10
CCleaner (remove only)
Click to DVD 2.0 Menu Data
Click to DVD 2.1.10
CmdHere Powertoy For Windows XP
Combined Community Codec Pack 2007-02-22
Compatibility Pack for the 2007 Office system
CONNECT
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVgate Plus
ERUNT 1.1j
EVEREST Home Edition v2.20
EVGA Display Driver
Google Earth
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Movielink eHome version 1.1
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Ogg Codecs 0.81.15562
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.0.00
OpenOffice.org 2.4
Opera 9.21
Photo Story 3 for Windows
PictureGear Studio 2.0
PowerISO
Proxy Finder Pro
Proxy Vampire v.2.1
Quicken 2005
QuickTime
Realtek High Definition Audio Driver
RemoveIT Pro v4 - SE
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype 3.2
Skype Plugin Manager
Sonic Encoders
Sonic RecordNow!
SonicStage 2.1.00
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Plugins 1.3
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony TV Tuner Library 1.0
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Professional
TBS WMP Plug-in
Timershot Powertoy for Windows XP
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6a
Viewpoint Media Player
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
X Codec Pack
Xvid 1.1.2 final uninstall
As per forum rules (http://forums.spybot.info/showthread.php?t=282), you will need to uninstall µTorrent.
Please post back a fresh uninstall list after that.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC Tool
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Premiere Standard
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Alarm 2.0.4
Any Video Converter 2.6.7
Apple Mobile Device Support
Apple Software Update
Ares 2.1.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
Bonjour
BugOff 1.10
CCleaner (remove only)
Click to DVD 2.0 Menu Data
Click to DVD 2.1.10
CmdHere Powertoy For Windows XP
Combined Community Codec Pack 2007-02-22
Compatibility Pack for the 2007 Office system
CONNECT
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVgate Plus
ERUNT 1.1j
EVEREST Home Edition v2.20
EVGA Display Driver
Google Earth
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Movielink eHome version 1.1
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Ogg Codecs 0.81.15562
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.0.00
OpenOffice.org 2.4
Opera 9.21
Photo Story 3 for Windows
PictureGear Studio 2.0
PowerISO
Proxy Finder Pro
Proxy Vampire v.2.1
Quicken 2005
QuickTime
Realtek High Definition Audio Driver
RemoveIT Pro v4 - SE
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype 3.2
Skype Plugin Manager
Sonic Encoders
Sonic RecordNow!
SonicStage 2.1.00
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Plugins 1.3
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony TV Tuner Library 1.0
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Professional
TBS WMP Plug-in
Timershot Powertoy for Windows XP
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6a
Viewpoint Media Player
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
X Codec Pack
Xvid 1.1.2 final uninstall
I can't thank you enough for helping me Shaba! Thank you!
Ares 2.1.1 needs to go as well, my bad.
Please post a fresh uninstall after that and we will continue :)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC Tool
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Premiere Standard
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Alarm 2.0.4
Any Video Converter 2.6.7
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
Bonjour
BugOff 1.10
CCleaner (remove only)
Click to DVD 2.0 Menu Data
Click to DVD 2.1.10
CmdHere Powertoy For Windows XP
Combined Community Codec Pack 2007-02-22
Compatibility Pack for the 2007 Office system
CONNECT
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVgate Plus
ERUNT 1.1j
EVEREST Home Edition v2.20
EVGA Display Driver
Google Earth
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
Intel Application Accelerator
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
MediaCoder 0.6.0
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Movielink eHome version 1.1
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Ogg Codecs 0.81.15562
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.0.00
OpenOffice.org 2.4
Opera 9.21
Photo Story 3 for Windows
PictureGear Studio 2.0
PowerISO
Proxy Finder Pro
Proxy Vampire v.2.1
Quicken 2005
QuickTime
Realtek High Definition Audio Driver
RemoveIT Pro v4 - SE
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype 3.2
Skype Plugin Manager
Sonic Encoders
Sonic RecordNow!
SonicStage 2.1.00
SonicStage Mastering Studio 1.3
SonicStage Mastering Studio Plugins 1.3
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony TV Tuner Library 1.0
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Professional
TBS WMP Plug-in
Timershot Powertoy for Windows XP
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6a
Viewpoint Media Player
Winamp
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
X Codec Pack
Xvid 1.1.2 final uninstall
It's no problem, thanks for your help. I'm not downloading or torrenting anything on this computer these days anyhow. ;)
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\windows\Agolije.dat
C:\jjomgvxe.exe
C:\wljvhddw.exe
C:\yxly.exe
C:\cdheei.exe
C:\kgayofb.exe
Folder::
c:\documents and settings\Alex\Application Data\uTorrent
c:\program files\Ares
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=-
"c:\\Program Files\\uTorrent\\utorrent.exe"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 09-04-27.02 - Alex 04/27/2009 22:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1314 [GMT -5:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFxx.exe
Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
C:\cdheei.exe
C:\jjomgvxe.exe
C:\kgayofb.exe
c:\windows\Agolije.dat
C:\wljvhddw.exe
C:\yxly.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cdheei.exe
c:\documents and settings\Alex\Application Data\uTorrent
c:\documents and settings\Alex\Application Data\uTorrent\[isoHunt] Warcraft 3.torrent
c:\documents and settings\Alex\Application Data\uTorrent\[isoHunt] Warcraft III.iso.torrent
c:\documents and settings\Alex\Application Data\uTorrent\[isoHunt].Warcraft_3(www.fulldls.com).torrent
c:\documents and settings\Alex\Application Data\uTorrent\[TBox] Der[1].Da.Vinci.Code.German.MVCD-BR.rar.torrent
c:\documents and settings\Alex\Application Data\uTorrent\[TBox] Warcraft III.1.torrent
c:\documents and settings\Alex\Application Data\uTorrent\[TBox] Warcraft III.2.torrent
c:\documents and settings\Alex\Application Data\uTorrent\[TBox] Warcraft III.3.torrent
c:\documents and settings\Alex\Application Data\uTorrent\[TBox] Warcraft III.torrent
c:\documents and settings\Alex\Application Data\uTorrent\dht.dat
c:\documents and settings\Alex\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Alex\Application Data\uTorrent\resume.dat
c:\documents and settings\Alex\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Alex\Application Data\uTorrent\settings.dat
c:\documents and settings\Alex\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Alex\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Alex\Application Data\uTorrent\Warcraft III - Reign Of Chaos(www elrincondelasdescargas com).torrent
c:\documents and settings\Alex\Application Data\uTorrent\Warcraft.III.Reign.Of.Chaos-RAZOR1911.3474716.TPB.torrent
c:\documents and settings\Alex\Application Data\uTorrent\Warcraft_3.torrent
c:\documents and settings\Alex\Application Data\uTorrent\Warcraft_3_PC.torrent
C:\jjomgvxe.exe
C:\kgayofb.exe
c:\program files\Ares
c:\program files\Ares\Ares.exe
c:\program files\Ares\AsyncEx.ax
c:\program files\Ares\bass.dll
c:\program files\Ares\chatServer.exe
c:\program files\Ares\data\anonproxies.txt.sample
c:\program files\Ares\data\Blocked.txt.sample
c:\program files\Ares\data\Blocked_Keywords.txt
c:\program files\Ares\data\Blocked_Keywords.txt.sample
c:\program files\Ares\data\ChanListFilter.txt
c:\program files\Ares\data\ChatConf.txt
c:\program files\Ares\data\ChatLang.txt.sample
c:\program files\Ares\data\ChatLang_en.txt
c:\program files\Ares\data\ChatLang_es.txt
c:\program files\Ares\data\ChatroomIPs.dat
c:\program files\Ares\data\flvplayer.swf
c:\program files\Ares\data\GUI\Bloody\buttonsbitmap.bmp
c:\program files\Ares\data\GUI\Bloody\chat.bmp
c:\program files\Ares\data\GUI\Bloody\emotic.bmp
c:\program files\Ares\data\GUI\Bloody\libbig.bmp
c:\program files\Ares\data\GUI\Bloody\listviewbitmap.bmp
c:\program files\Ares\data\GUI\Bloody\logo.bmp
c:\program files\Ares\data\GUI\Bloody\mainbitmap.bmp
c:\program files\Ares\data\GUI\Bloody\mimesmall.bmp
c:\program files\Ares\data\GUI\Bloody\mplayer.bmp
c:\program files\Ares\data\GUI\Bloody\mshareset.bmp
c:\program files\Ares\data\GUI\Bloody\prefs.txt
c:\program files\Ares\data\GUI\Bloody\searchpnl.bmp
c:\program files\Ares\data\GUI\Bloody\searchstars.bmp
c:\program files\Ares\data\GUI\Bloody\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\Bloody\tabsBitmap.bmp
c:\program files\Ares\data\GUI\Bloody\tabssmall.bmp
c:\program files\Ares\data\GUI\Bloody\trackbar.bmp
c:\program files\Ares\data\GUI\Bloody\transfer.bmp
c:\program files\Ares\data\GUI\Borravino\buttonsbitmap.bmp
c:\program files\Ares\data\GUI\Borravino\chat.bmp
c:\program files\Ares\data\GUI\Borravino\emotic.bmp
c:\program files\Ares\data\GUI\Borravino\libbig.bmp
c:\program files\Ares\data\GUI\Borravino\listviewbitmap.bmp
c:\program files\Ares\data\GUI\Borravino\logo.bmp
c:\program files\Ares\data\GUI\Borravino\mainbitmap.bmp
c:\program files\Ares\data\GUI\Borravino\mimesmall.bmp
c:\program files\Ares\data\GUI\Borravino\mplayer.bmp
c:\program files\Ares\data\GUI\Borravino\mshareset.bmp
c:\program files\Ares\data\GUI\Borravino\prefs.txt
c:\program files\Ares\data\GUI\Borravino\searchpnl.bmp
c:\program files\Ares\data\GUI\Borravino\searchstars.bmp
c:\program files\Ares\data\GUI\Borravino\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\Borravino\tabsBitmap.bmp
c:\program files\Ares\data\GUI\Borravino\tabssmall.bmp
c:\program files\Ares\data\GUI\Borravino\trackbar.bmp
c:\program files\Ares\data\GUI\Borravino\transfer.bmp
c:\program files\Ares\data\GUI\Esmeralda\buttonsbitmap.bmp
c:\program files\Ares\data\GUI\Esmeralda\chat.bmp
c:\program files\Ares\data\GUI\Esmeralda\emotic.bmp
c:\program files\Ares\data\GUI\Esmeralda\libbig.bmp
c:\program files\Ares\data\GUI\Esmeralda\listviewbitmap.bmp
c:\program files\Ares\data\GUI\Esmeralda\logo.bmp
c:\program files\Ares\data\GUI\Esmeralda\mainbitmap.bmp
c:\program files\Ares\data\GUI\Esmeralda\mimesmall.bmp
c:\program files\Ares\data\GUI\Esmeralda\mplayer.bmp
c:\program files\Ares\data\GUI\Esmeralda\mshareset.bmp
c:\program files\Ares\data\GUI\Esmeralda\prefs.txt
c:\program files\Ares\data\GUI\Esmeralda\searchpnl.bmp
c:\program files\Ares\data\GUI\Esmeralda\searchstars.bmp
c:\program files\Ares\data\GUI\Esmeralda\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\Esmeralda\tabsBitmap.bmp
c:\program files\Ares\data\GUI\Esmeralda\tabssmall.bmp
c:\program files\Ares\data\GUI\Esmeralda\trackbar.bmp
c:\program files\Ares\data\GUI\Esmeralda\transfer.bmp
c:\program files\Ares\data\GUI\General\buttonsbitmap.bmp
c:\program files\Ares\data\GUI\General\chat.bmp
c:\program files\Ares\data\GUI\General\emotic.bmp
c:\program files\Ares\data\GUI\General\libbig.bmp
c:\program files\Ares\data\GUI\General\listviewbitmap.bmp
c:\program files\Ares\data\GUI\General\logo.bmp
c:\program files\Ares\data\GUI\General\mainbitmap.bmp
c:\program files\Ares\data\GUI\General\mimesmall.bmp
c:\program files\Ares\data\GUI\General\mplayer.bmp
c:\program files\Ares\data\GUI\General\mshareset.bmp
c:\program files\Ares\data\GUI\General\player.bmp
c:\program files\Ares\data\GUI\General\playlistbtns.bmp
c:\program files\Ares\data\GUI\General\prefs.txt
c:\program files\Ares\data\GUI\General\searchpnl.bmp
c:\program files\Ares\data\GUI\General\searchstars.bmp
c:\program files\Ares\data\GUI\General\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\General\tabsbig.bmp
c:\program files\Ares\data\GUI\General\tabsBitmap.bmp
c:\program files\Ares\data\GUI\General\tabssmall.bmp
c:\program files\Ares\data\GUI\General\trackbar.bmp
c:\program files\Ares\data\GUI\General\transfer.bmp
c:\program files\Ares\data\GUI\General\webanim.bmp
c:\program files\Ares\data\GUI\OsThemes\chat.bmp
c:\program files\Ares\data\GUI\OsThemes\emotic.bmp
c:\program files\Ares\data\GUI\OsThemes\libbig.bmp
c:\program files\Ares\data\GUI\OsThemes\logo.bmp
c:\program files\Ares\data\GUI\OsThemes\mimesmall.bmp
c:\program files\Ares\data\GUI\OsThemes\mshareset.bmp
c:\program files\Ares\data\GUI\OsThemes\prefs.txt
c:\program files\Ares\data\GUI\OsThemes\searchpnl.bmp
c:\program files\Ares\data\GUI\OsThemes\searchstars.bmp
c:\program files\Ares\data\GUI\OsThemes\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\OsThemes\tabsbig.bmp
c:\program files\Ares\data\GUI\OsThemes\tabssmall.bmp
c:\program files\Ares\data\GUI\OsThemes\transfer.bmp
c:\program files\Ares\data\HomePage.dat
c:\program files\Ares\data\HomePage.url
c:\program files\Ares\data\motd.txt
c:\program files\Ares\data\no-avatar.bmp
c:\program files\Ares\data\P2PFilter.txt
c:\program files\Ares\lang\arabic.txt
c:\program files\Ares\lang\Chinese.txt
c:\program files\Ares\lang\chinese_cn.txt
c:\program files\Ares\lang\chinese_tw.txt
c:\program files\Ares\lang\czech.txt
c:\program files\Ares\lang\Danish.txt
c:\program files\Ares\lang\dutch.txt
c:\program files\Ares\lang\finland.txt
c:\program files\Ares\lang\Finnish.txt
c:\program files\Ares\lang\french.txt
c:\program files\Ares\lang\german.txt
c:\program files\Ares\lang\italian.txt
c:\program files\Ares\lang\japanese.txt
c:\program files\Ares\lang\Kirghiz.txt
c:\program files\Ares\lang\kurdish.txt
c:\program files\Ares\lang\kyrgyz.txt
c:\program files\Ares\lang\polish.txt
c:\program files\Ares\lang\portugues.txt
c:\program files\Ares\lang\Portuguese.txt
c:\program files\Ares\lang\Russian.txt
c:\program files\Ares\lang\slovak.txt
c:\program files\Ares\lang\spanish.txt
c:\program files\Ares\lang\spanishLA.txt
c:\program files\Ares\lang\swedish.txt
c:\program files\Ares\lang\turkish.txt
c:\program files\Ares\libfaad2.dll
c:\program files\Ares\MP3Source.ax
c:\program files\Ares\tcpip_patcher.sys
c:\program files\Ares\Uninstall.exe
c:\windows\Agolije.dat
C:\wljvhddw.exe
C:\yxly.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-25 02:53 . 2009-04-25 02:53 -------- d-----w c:\program files\ERUNT
2009-04-20 09:50 . 2009-04-20 09:50 -------- d-----w c:\documents and settings\Alex\Local Settings\Application Data\{923552BB-77F9-4092-97AF-C88345D1C227}
2009-04-18 03:12 . 2009-04-28 03:24 105101344 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-17 18:43 . 2009-04-25 02:34 -------- d-----w c:\program files\Spyware Doctor
2009-04-17 18:21 . 2009-04-17 18:40 -------- d-----w C:\ComboFix
2009-04-15 17:41 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 17:41 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 17:41 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 17:41 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 17:41 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 17:41 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 17:41 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 17:41 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 17:41 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 17:39 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 17:39 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 17:33 . 2009-04-12 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 18:57 . 2009-04-11 18:57 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-11 18:50 . 2009-04-20 22:30 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-11 18:50 . 2009-04-11 18:50 -------- d-----w c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com
2009-04-11 03:44 . 2009-04-11 03:44 -------- d-----w c:\program files\Lavasoft
2009-04-10 04:36 . 2009-04-27 14:46 -------- d--h--w C:\$AVG8.VAULT$
2009-04-10 04:25 . 2009-04-10 04:54 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 04:25 . 2009-04-10 04:46 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-10 04:25 . 2009-04-10 04:52 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 04:25 . 2009-04-10 04:54 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 04:25 . 2009-04-27 20:50 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 04:25 . 2009-04-20 09:41 -------- d-----w c:\documents and settings\Alex\Application Data\AVGTOOLBAR
2009-04-08 03:28 . 2009-04-08 03:28 73208 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-05 17:43 . 2008-07-08 19:54 148496 ----a-w c:\windows\system32\drivers\43420595.sys
2009-04-05 01:38 . 2009-04-05 01:38 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 21:01 . 2009-02-20 01:42 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-24 23:37 . 2007-08-19 01:59 -------- d-----w c:\program files\AC Tool
2009-04-24 18:24 . 2009-04-18 03:12 418028 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 18:54 . 2009-02-21 03:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-12 17:33 . 2007-03-23 07:52 -------- d-----w c:\program files\iTunes
2009-04-12 17:33 . 2007-03-23 07:52 -------- d-----w c:\program files\iPod
2009-04-12 17:33 . 2007-07-08 19:32 -------- d-----w c:\program files\Common Files\Apple
2009-04-11 19:02 . 2009-02-21 03:55 -------- d-----w c:\program files\RogueRemover FREE
2009-04-11 18:49 . 2007-06-04 05:30 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-11 06:04 . 2007-06-04 05:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 05:41 . 2009-02-21 04:34 -------- d-----w c:\program files\CCleaner
2009-04-10 05:35 . 2004-09-28 20:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 05:34 . 2004-09-28 20:57 -------- d-----w c:\program files\Sony
2009-04-10 05:31 . 2008-01-05 22:47 -------- d-----w c:\program files\AC3Filter
2009-04-10 05:29 . 2007-06-04 07:57 -------- d-----w c:\program files\SpywareBlaster
2009-04-06 20:32 . 2009-02-21 03:57 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-02-21 03:57 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 21:32 . 2008-01-29 17:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-14 20:46 . 2009-01-17 23:19 -------- d-----w c:\program files\Bonjour
2009-03-14 20:45 . 2007-05-13 19:31 -------- d-----w c:\program files\QuickTime
2009-03-14 20:35 . 2008-08-03 04:39 -------- d-----w c:\program files\Safari
2009-03-12 15:44 . 2009-01-07 16:39 86904 ----a-w c:\documents and settings\Everyone Else\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-11 01:30 . 2007-03-23 05:03 86904 ----a-w c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-09-28 19:54 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 04:59 . 2009-03-14 20:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 04:59 . 2008-08-03 08:10 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 03:31 . 2007-03-23 03:58 -------- d-----w c:\program files\Microsoft Works
2009-03-06 03:31 . 2007-03-23 14:17 -------- d-----w c:\program files\MSBuild
2009-03-06 03:29 . 2009-03-06 03:29 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 03:28 . 2007-03-23 04:02 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-06 03:23 . 2009-03-06 03:23 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-09 12:10 . 2004-09-28 19:54 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-09-28 19:54 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-09-28 19:54 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-09-28 19:54 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-09-28 19:54 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-09-28 19:54 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-03 23:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-09-28 19:54 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-09-28 19:54 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-26_21.39.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 21:13 . 2009-04-26 21:13 16384 c:\windows\temp\Perflib_Perfdata_7d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-13 8429568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2009-04-11 2468200]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AutoRun"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-04-12 02:53 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-10 04:54 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-10 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 is-U5PPMdrv;is-U5PPMdrv;c:\windows\system32\DRIVERS\43420595.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-12 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-04-27 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Alex.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-21 20:32]
2009-04-27 c:\windows\Tasks\Malwarebytes' Scheduled Update for Alex.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-21 20:32]
2009-04-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-04-28 c:\windows\Tasks\User_Feed_Synchronization-{A18305FF-A000-4D37-ABFD-78DEB4F70543}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 08:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\08zq7izy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\08zq7izy.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npoctoshape.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Octoshape Streaming Services\Alex\octoprogram-L03-N00-U00-C00_0706180_000\npoctoshape.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 22:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-493546689-3512936192-40875340-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b5,fe,65,68,9e,c6,17,09,4b,bc,cd,c2,80,d0,1b,9c,8c,12,18,76,85,e1,29,
88,42,23,c1,38,33,9c,03,2b,50,12,ab,27,86,14,4b,54,6e,13,ad,5a,cd,95,d4,52,\
"??"=hex:28,7e,ba,43,21,88,fa,a3,e1,e6,45,d0,68,6a,b4,d6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Alex\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-28 22:26
ComboFix-quarantined-files.txt 2009-04-28 03:26
ComboFix2.txt 2009-04-26 21:45
Pre-Run: 39,918,362,624 bytes free
Post-Run: 39,906,381,824 bytes free
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
386 --- E O F --- 2009-04-27 18:59
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.