View Full Version : My Log -- HELP!!
JayAmin213
2009-05-14, 04:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:14 PM, on 5/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\» Jay «\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\RunOnce: [ws_uninst] C:\DOCUME~1\JAY~1\LOCALS~1\Temp\ws_uninst.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F1D372-C2AC-4486-885E-4469073F22E8}: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS.0\system32\rserver30\RServer3.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - file:///C:\WINDOWS.0\privacy_danger\index.htm
--
End of file - 10405 bytes
Hi JayAmin213
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
JayAmin213
2009-05-14, 21:29
Acrobat.com
Acrobat.com
Active@ Password Changer Demo
Active@ Password Changer Professional
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
Advanced IP Scanner v1.5
Allway Sync version 7.1.2
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
Ask Toolbar
ATI Display Driver
AviSynth 2.5
Bonjour
Call of Duty 4: Modern Warfare
Counter-Strike 1.6
Counter-Strike: Source
Counter-Strike: Source v17
Creative Audio Console
DivX Web Player
Driver Updater Pro
Driver Updater Pro
DVDConv
ERUNT 1.1j
ExpressZIP v4.0
GameSpy Arcade
Ghajini
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo and Imaging 2.2 - Scanjet 3970 Series
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
LimeWire Music
LIVE gaming on Windows Runtime Version 1.0.6027
Megaupload Toolbar
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Broadband Networking
Microsoft Digital Image Suite 2006
Microsoft Halo Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nib
NVIDIA PhysX v8.10.13
P2P_Energy Toolbar
Panda ActiveScan
PeerGuardian 2.0
Pocket Tanks v1.3
QuickTime
QuickTime Alternative 1.95
Radmin Server 3.2
Radmin Viewer 3.3
RealPlayer
Sansa Updater
ScreenSmelter
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Source SDK Base 2007
Steam
ToggleEN Toolbar
Tweak UI
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943559)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6f
Videora iPod touch Converter 4.07
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar
YouTube Downloader App 1.02
Zune Desktop Theme
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Ares 2.0.9
BitTorrent DNA
LimeWire Music
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Uninstall also these:
Ask Toolbar
P2P_Energy Toolbar
ToggleEN Toolbar
Please run a new uninstall list scan when finished and post the log back here.
JayAmin213
2009-05-14, 21:45
Acrobat.com
Acrobat.com
Active@ Password Changer Demo
Active@ Password Changer Professional
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
Advanced IP Scanner v1.5
Allway Sync version 7.1.2
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AviSynth 2.5
Bonjour
Call of Duty 4: Modern Warfare
Counter-Strike 1.6
Counter-Strike: Source
Counter-Strike: Source v17
Creative Audio Console
DivX Web Player
DVDConv
ERUNT 1.1j
ExpressZIP v4.0
GameSpy Arcade
Ghajini
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Photo and Imaging 2.2 - Scanjet 3970 Series
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
LIVE gaming on Windows Runtime Version 1.0.6027
Megaupload Toolbar
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Broadband Networking
Microsoft Digital Image Suite 2006
Microsoft Halo Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nib
NVIDIA PhysX v8.10.13
Panda ActiveScan
PeerGuardian 2.0
Pocket Tanks v1.3
QuickTime
QuickTime Alternative 1.95
Radmin Server 3.2
Radmin Viewer 3.3
RealPlayer
Sansa Updater
ScreenSmelter
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Source SDK Base 2007
Steam
Tweak UI
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943559)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Word 2007 (KB934173)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6f
Videora iPod touch Converter 4.07
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar
YouTube Downloader App 1.02
Zune Desktop Theme
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
After that, please post back a fresh HijackThis log.
JayAmin213
2009-05-15, 03:40
I installed AntiVir and completed a full scan. My problem still persists. I cannot visit the Spybot site and when I click a link, my browser takes me to a completely irrelevant, seemingly random website.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:42 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\» Jay «\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F1D372-C2AC-4486-885E-4469073F22E8}: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - file:///C:\WINDOWS.0\privacy_danger\index.htm
--
End of file - 9580 bytes
BitTorrent DNA is still there.
Please uninstall it, delete this folder C:\Program Files\DNA and post back a fresh HijackThis log afterwards.
JayAmin213
2009-05-16, 19:15
I could not delete it until I ended the btdna process from Task Manager.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:32 PM, on 5/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\» Jay «\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F1D372-C2AC-4486-885E-4469073F22E8}: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - file:///C:\WINDOWS.0\privacy_danger\index.htm
--
End of file - 9546 bytes
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
Post:
- mbam log
- rsit logs (taken after mbam run)
JayAmin213
2009-05-16, 19:40
I could not use the given links to download the program. (Page Load Error). I succeeded in downloading it from download.com. The program does not start after the installation, and still does not start after double clicking the desktop icon. Also, the link to the updates is yet another Page Load Error.
Yes that is due to infection.
Rename executable and it should run after that.
JayAmin213
2009-05-16, 22:51
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
5/16/2009 3:39:47 PM
mbam-log-2009-05-16 (15-39-47).txt
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 244263
Time elapsed: 59 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64de95e5-0a25-4dd9-a472-97bc1d419101} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20f1d372-c2ac-4486-885e-4469073f22e8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{20f1d372-c2ac-4486-885e-4469073f22e8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{20f1d372-c2ac-4486-885e-4469073f22e8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\» Jay «\Start Menu\Programs\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDConv (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\» Jay «\Start Menu\Programs\DVDConv\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDConv\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
JayAmin213
2009-05-16, 22:52
Logfile of random's system information tool 1.06 (written by random/random)
Run by » Jay « at 2009-05-16 15:48:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (29%) free of 114 GB
Total RAM: 1024 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:07 PM, on 5/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\» Jay «\Desktop\RSIT(2).exe
C:\Documents and Settings\» Jay «\Desktop\» Jay «.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - (no file)
--
End of file - 9201 bytes
======Scheduled tasks folder======
C:\WINDOWS.0\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-115176313-682003330-1005.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-07 185632]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-10-22 75584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"WinBlueSoft"=C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-04 15360]
"SetDefaultMIDI"=C:\WINDOWS.0\MIDIDef.exe [2005-04-22 73728]
"Taskbar Hide"=C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start []
"DriverUpdaterPro"=C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]
"Google Update"=C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo R260 Series on SHILPARISHI-PC]
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU C:\WINDOWS.0\TEMP\E_S1E.tmp /EF HKCU []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS.0\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU C:\WINDOWS.0\TEMP\E_S39E.tmp /EF HKCU []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 SPIRun.dll,RunDLLEntry []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
RunDll32 P17RunE.dll,RunDLLEntry []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3
"idsvc"=3
"SCardSvr"=3
"ehSched"=2
"Ati HotKey Poller"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS.0\system32\Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS.0\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=01000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Halo\halo.exe"="D:\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Steam\steamapps\renegade_jp\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\renegade_jp\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\supreme_nigger\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\supreme_nigger\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS.0\system32\rserver30\rserver3.exe"="C:\WINDOWS.0\system32\rserver30\rserver3.exe:*:Enabled:Radmin Server 3"
"C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\» Jay «\Local Settings\Temp\Rar$EX64.125\vncviewer.exe"="C:\Documents and Settings\» Jay «\Local Settings\Temp\Rar$EX64.125\vncviewer.exe:*:Enabled:vncviewer"
"C:\Documents and Settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\cstrike.exe"="C:\Program Files\Counter-Strike 1.6\cstrike.exe:*:Enabled:Counter-Strike 1.6"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
======List of files/folders created in the last 1 months======
2009-05-16 15:48:50 ----DC---- C:\rsit
2009-05-16 12:54:41 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Malwarebytes
2009-05-16 12:52:10 ----D---- C:\Program Files\ABC
2009-05-16 12:34:10 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2009-05-16 12:34:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-14 15:06:16 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2009-05-14 15:06:16 ----D---- C:\Program Files\Avira
2009-05-13 21:21:06 ----D---- C:\Program Files\ERUNT
2009-05-12 22:13:23 ----DC---- C:\Documents and Settings\» Jay «\Application Data\GetRightToGo
2009-05-12 15:16:44 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft
2009-05-12 14:59:37 ----D---- C:\Program Files\Panda Security
2009-05-11 13:08:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-30 10:44:43 ----D---- C:\Program Files\FXLabs
2009-04-29 14:25:58 ----D---- C:\WINDOWS.0\system32\AGEIA
2009-04-29 14:25:58 ----D---- C:\Program Files\AGEIA Technologies
2009-04-29 14:25:36 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll
2009-04-29 14:25:36 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll
2009-04-29 14:25:35 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll
2009-04-29 14:25:35 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll
2009-04-29 14:25:35 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll
2009-04-29 14:25:33 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll
2009-04-29 14:25:33 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll
2009-04-29 14:25:33 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll
2009-04-29 14:25:32 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll
2009-04-29 14:25:32 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll
2009-04-29 14:25:32 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll
2009-04-29 14:25:31 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll
2009-04-29 14:25:31 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll
2009-04-29 14:25:30 ----A---- C:\WINDOWS.0\system32\D3DX9_38.dll
2009-04-29 14:25:30 ----A---- C:\WINDOWS.0\system32\d3dx10_38.dll
2009-04-29 14:25:30 ----A---- C:\WINDOWS.0\system32\D3DCompiler_38.dll
2009-04-29 14:25:29 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll
2009-04-29 14:25:29 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll
2009-04-29 14:25:27 ----A---- C:\WINDOWS.0\system32\xactengine2_10.dll
2009-04-29 14:25:26 ----A---- C:\WINDOWS.0\system32\d3dx9_36.dll
2009-04-29 14:25:26 ----A---- C:\WINDOWS.0\system32\d3dx10_36.dll
2009-04-29 14:25:26 ----A---- C:\WINDOWS.0\system32\D3DCompiler_36.dll
2009-04-29 14:25:25 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll
2009-04-29 14:25:24 ----A---- C:\WINDOWS.0\system32\d3dx9_35.dll
2009-04-29 14:25:24 ----A---- C:\WINDOWS.0\system32\d3dx10_35.dll
2009-04-29 14:25:24 ----A---- C:\WINDOWS.0\system32\D3DCompiler_35.dll
2009-04-29 14:24:35 ----D---- C:\WINDOWS.0\Logs
2009-04-29 11:47:02 ----D---- C:\Program Files\YouTube Downloader
2009-04-29 10:18:13 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Red Kawa
2009-04-29 10:14:52 ----D---- C:\Program Files\Regensoft
2009-04-29 10:14:43 ----D---- C:\Program Files\AviSynth 2.5
2009-04-29 10:14:38 ----D---- C:\Program Files\Red Kawa
2009-04-29 09:29:11 ----DC---- C:\Documents and Settings\» Jay «\Application Data\LimeWire Music
2009-04-29 09:18:07 ----DC---- C:\Documents and Settings\» Jay «\Application Data\DNA
2009-04-27 20:37:56 ----D---- C:\Program Files\iPod
2009-04-27 20:37:50 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 20:37:50 ----D---- C:\Program Files\iTunes
2009-04-27 20:36:58 ----D---- C:\Program Files\Bonjour
2009-04-27 20:34:27 ----D---- C:\Program Files\Apple Software Update
2009-04-27 20:32:16 ----A---- C:\WINDOWS.0\system32\usbaaplrc.dll
2009-04-27 20:22:41 ----D---- C:\Program Files\Counter-Strike 1.6
2009-04-27 13:20:31 ----D---- C:\Program Files\Google
2009-04-25 01:09:37 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Yahoo! Companion
2009-04-25 01:09:37 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Yahoo!
2009-04-25 01:08:58 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-04-25 01:08:56 ----D---- C:\Program Files\Yahoo!
======List of files/folders modified in the last 1 months======
2009-05-16 15:46:30 ----D---- C:\Program Files\Mozilla Firefox
2009-05-16 15:44:46 ----D---- C:\WINDOWS.0\system32\CatRoot2
2009-05-16 15:43:55 ----DC---- C:\Documents and Settings
2009-05-16 15:43:26 ----D---- C:\WINDOWS.0\system32\drivers
2009-05-16 15:43:02 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2009-05-16 15:39:47 ----RD---- C:\Program Files
2009-05-16 12:54:50 ----D---- C:\WINDOWS.0\Prefetch
2009-05-16 12:13:02 ----D---- C:\WINDOWS.0\TEMP
2009-05-15 14:57:19 ----HD---- C:\WINDOWS.0\inf
2009-05-14 22:21:05 ----D---- C:\Program Files\Steam
2009-05-14 20:35:23 ----D---- C:\WINDOWS.0
2009-05-14 20:31:53 ----D---- C:\WINDOWS.0\system32
2009-05-14 15:05:35 ----SHD---- C:\WINDOWS.0\Installer
2009-05-14 15:05:35 ----HDC---- C:\Config.Msi
2009-05-14 15:05:34 ----D---- C:\WINDOWS.0\WinSxS
2009-05-14 14:36:57 ----DC---- C:\Documents and Settings\» Jay «\Application Data\MegauploadToolbar
2009-05-14 14:35:36 ----DC---- C:\Documents and Settings\» Jay «\Application Data\uTorrent
2009-05-13 22:22:39 ----D---- C:\Program Files\Common Files
2009-05-13 21:07:55 ----D---- C:\Program Files\MediaRing
2009-05-13 21:06:30 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype
2009-05-13 21:03:44 ----DC---- C:\WINDOWS.0\system32\DRVSTORE
2009-05-13 21:01:11 ----DC---- C:\Nexon
2009-05-13 20:58:46 ----D---- C:\Program Files\Sonic the Hedgehog Adventure 3
2009-05-13 20:58:27 ----ADC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2009-05-12 15:18:59 ----SD---- C:\WINDOWS.0\Tasks
2009-05-06 11:03:03 ----SHD---- C:\RECYCLER
2009-04-30 10:47:06 ----D---- C:\WINDOWS.0\system32\DirectX
2009-04-30 10:46:49 ----RSD---- C:\WINDOWS.0\assembly
2009-04-30 10:44:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-29 13:40:13 ----DC---- C:\Documents and Settings\» Jay «\Application Data\LimeWire
2009-04-29 09:27:30 ----D---- C:\Program Files\LimeWire
2009-04-29 09:08:48 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Apple Computer
2009-04-27 20:39:05 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Microsoft
2009-04-27 20:37:55 ----D---- C:\Program Files\Common Files\Apple
2009-04-27 20:36:34 ----D---- C:\Program Files\QuickTime Alternative
2009-04-27 20:32:19 ----D---- C:\WINDOWS.0\system32\ReinstallBackups
2009-04-26 16:38:16 ----DC---- C:\Documents and Settings\» Jay «\Application Data\skypePM
2009-04-25 16:38:26 ----D---- C:\Program Files\Counter-Strike Source
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 raddrvv3;raddrvv3; \??\C:\WINDOWS.0\system32\rserver30\raddrvv3.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS.0\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.0\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS.0\System32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS.0\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mirrorv3;mirrorv3; C:\WINDOWS.0\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS.0\system32\drivers\P17xfi.sys [2007-06-13 1174528]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtnicxp.sys [2007-06-01 95488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS.0\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinxsxx.sys [2004-08-04 63488]
S3 catchme;catchme; \??\C:\DOCUME~1\JAY~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS.0\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS.0\system32\drivers\EagleNT.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MSW_USB;Microsoft Broadband Networking Wireless USB Driver; C:\WINDOWS.0\System32\DRIVERS\MSWUSB51.sys [2002-07-15 51712]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 P17;SB Live! 24-bit; C:\WINDOWS.0\system32\drivers\P17.sys [2007-06-13 1131520]
S3 p17xfilt;p17xfilt; C:\WINDOWS.0\system32\drivers\p17xfilt.sys [2007-06-15 1657728]
S3 PCDCODEC;ATI WDM Specialized PCD Codec (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinpdxx.sys [2004-08-04 14336]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS.0\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS.0\system32\drivers\ScreamingBAudio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS.0\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS.0\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS.0\System32\tcpsvcs.exe [2001-08-23 19456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.0\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-21 36864]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS.0\System32\tcpsvcs.exe [2001-08-23 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RServer3;Radmin Server V3; C:\WINDOWS.0\system32\rserver30\RServer3.exe /service []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2006-02-21 405504]
S4 ehSched;Media Center Scheduler Service; C:\WINDOWS.0\ehome\ehSched.exe [2002-08-29 62464]
S4 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-16 15:49:14
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Active@ Password Changer Demo-->"C:\Program Files\Active Data Recovery Software\Active Password Changer Demo\UNWISE.EXE" "C:\Program Files\Active Data Recovery Software\Active Password Changer Demo\INSTALL.LOG"
Active@ Password Changer Professional-->C:\PROGRA~1\ACTIVE~1\ACTIVE~2\UNWISE.EXE C:\PROGRA~1\ACTIVE~1\ACTIVE~2\INSTALL.LOG
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS.0\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS.0\system32\Macromed\SHOCKW~1\Install.log
Advanced IP Scanner v1.5-->C:\Program Files\Advanced IP Scanner\uninstal.exe
Allway Sync version 7.1.2-->"C:\Program Files\Allway Sync\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS.0\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7940
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
Counter-Strike: Source v17-->C:\Program Files\Counter-Strike Source\Uninstal.exe
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ExpressZIP v4.0-->"C:\Program Files\ExpressZIP\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Ghajini-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BF3505-6C60-42F0-A4BB-0B621821DA7F}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\» Jay «\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS.0\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS.0\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS.0\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS.0\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS.0\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Photo and Imaging 2.2 - Scanjet 3970 Series-->MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Malwarebytes' Anti-Malware-->"C:\Program Files\ABC\unins000.exe"
Megaupload Toolbar-->C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS.0\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS.0\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS.0\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS.0\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Broadband Networking-->MsiExec.exe /I{06B2B442-19FE-4398-BD4B-F5C00928DD8E}
Microsoft Digital Image Suite 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE VERSION=11
Microsoft Halo Trial-->"D:\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Protection Service-->MsiExec.exe /I{C3FF6543-A3DA-42AE-AEF4-973061B92F9E}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nib-->MsiExec.exe /X{EA72CA22-F02D-465F-98F1-930CAF18C628}
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Panda ActiveScan-->C:\WINDOWS.0\system32\ASUninst.exe Panda ActiveScan
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Pocket Tanks v1.3-->"D:\PT\Pocket Tanks\unins000.exe"
QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Radmin Server 3.2-->MsiExec.exe /X{ED87EE42-C14B-4119-8686-C3A630F2A463}
Radmin Viewer 3.3-->MsiExec.exe /X{EEAA3E5E-1296-45AD-A59E-5D63F604867D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sansa Updater-->C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
ScreenSmelter-->C:\PROGRA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~1\SCREEN~1\INSTALL.LOG
Security Update for Excel 2007 (KB936509)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS.0\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Office 2007 (KB934062)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS.0\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS.0\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS.0\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS.0\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS.0\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS.0\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS.0\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS.0\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS.0\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS.0\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS.0\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS.0\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS.0\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS.0\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS.0\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS.0\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS.0\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS.0\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS.0\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS.0\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS.0\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS.0\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS.0\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS.0\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS.0\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS.0\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS.0\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS.0\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS.0\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS.0\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS.0\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS.0\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS.0\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS.0\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS.0\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS.0\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS.0\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS.0\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS.0\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS.0\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS.0\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS.0\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS.0\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS.0\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS.0\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS.0\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS.0\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS.0\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS.0\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS.0\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS.0\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS.0\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS.0\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS.0\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS.0\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS.0\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS.0\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS.0\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS.0\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS.0\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS.0\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS.0\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS.0\$NtUninstallKB943460$\spuninst\spuninst.exe"
Source SDK Base 2007-->"C:\Program Files\Steam\steam.exe" steam://uninstall/218
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tweak UI-->"C:\WINDOWS.0\system32\mshta.exe" "res://C:\WINDOWS.0\system32\TweakUI.exe/uninstall.hta"
Update for Office 2007 (KB932080)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
Update for Windows XP (KB894391)-->"C:\WINDOWS.0\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS.0\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS.0\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS.0\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS.0\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS.0\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB914882)-->"C:\WINDOWS.0\$NtUninstallKB914882$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS.0\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS.0\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS.0\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS.0\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB923845)-->"C:\WINDOWS.0\$NtUninstallKB923845$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS.0\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS.0\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS.0\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS.0\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS.0\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS.0\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS.0\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Word 2007 (KB934173)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod touch Converter 4.07-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS.0\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS.0\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS.0\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Creativity Fun Packs - Windows Movie Maker 2-->MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
Windows XP Hotfix - KB873339-->C:\WINDOWS.0\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS.0\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS.0\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS.0\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS.0\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS.0\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS.0\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS.0\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS.0\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YouTube Downloader App 1.02-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: VAIOPCATHOME
Event Code: 7005
Message: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.
Record Number: 122361
Source Name: Service Control Manager
Time Written: 20090511094044.000000-240
Event Type: error
User:
Computer Name: VAIOPCATHOME
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 122353
Source Name: Windows Update Agent
Time Written: 20090510210927.000000-240
Event Type: error
User:
Computer Name: VAIOPCATHOME
Event Code: 7023
Message: The Background Intelligent Transfer Service service terminated with the following error:
The specified module could not be found.
Record Number: 122341
Source Name: Service Control Manager
Time Written: 20090510210735.000000-240
Event Type: error
User:
Computer Name: VAIOPCATHOME
Event Code: 7005
Message: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.
Record Number: 122340
Source Name: Service Control Manager
Time Written: 20090510210735.000000-240
Event Type: error
User:
Computer Name: VAIOPCATHOME
Event Code: 7005
Message: The LoadUserProfile call failed with the following error:
The system cannot find the file specified.
Record Number: 122339
Source Name: Service Control Manager
Time Written: 20090510210735.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: VAIOPCATHOME
Event Code: 1500
Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system cannot find the file specified.
Record Number: 2043
Source Name: Userenv
Time Written: 20071227101744.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: VAIOPCATHOME
Event Code: 1500
Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system cannot find the file specified.
Record Number: 2040
Source Name: Userenv
Time Written: 20071227002439.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: VAIOPCATHOME
Event Code: 1500
Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system cannot find the file specified.
Record Number: 2039
Source Name: Userenv
Time Written: 20071227002437.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: VAIOPCATHOME
Event Code: 1500
Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system cannot find the file specified.
Record Number: 2036
Source Name: Userenv
Time Written: 20071226214123.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: VAIOPCATHOME
Event Code: 1500
Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - The system cannot find the file specified.
Record Number: 2035
Source Name: Userenv
Time Written: 20071226214121.000000-300
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime Alternative\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Please use the following link to download ERUNT (http://aumha.org/downloads/erunt-setup.exe)
Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.
Note:to restore your registry, go to the folder and start ERDNT.exe
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
Copy the lines in the codebox below.
:files
C:\Program Files\Ares
C:\Program Files\DNA
C:\Program Files\BitTorrent
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music
C:\Documents and Settings\» Jay «\Application Data\DNA
C:\Documents and Settings\» Jay «\Application Data\uTorrent
C:\Documents and Settings\» Jay «\Application Data\LimeWire
C:\Program Files\LimeWire
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Ares\Ares.exe"=-
"C:\Program Files\DNA\btdna.exe"=-
"C:\Program Files\BitTorrent\bittorrent.exe"=-
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Re-run rsit.
Post:
- a fresh rsit log
- otmoveit3 log
JayAmin213
2009-05-17, 19:07
========== FILES ==========
File/Folder C:\Program Files\Ares not found.
File/Folder C:\Program Files\DNA not found.
File/Folder C:\Program Files\BitTorrent not found.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\xml\schemas moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\xml\misc moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\xml\data moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\xml moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\windows_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\white_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\valentine_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\red_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\pinstripes_theme_osx moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\pink_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\pink_and_black_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\patriotic_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\party_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\other_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\ocean_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\holiday_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\halloween_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\GTK_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\green_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\classic_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\CarbonClassic_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\brushed_metal_theme_osx moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\brown_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\brown_and_pink_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\black_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\amber_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes\addax_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music\themes moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire Music moved successfully.
C:\Documents and Settings\» Jay «\Application Data\DNA moved successfully.
C:\Documents and Settings\» Jay «\Application Data\uTorrent moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\xml\schemas moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\xml\misc moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\themes\windows_theme moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\promotion moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\mozilla-profile moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\certificate moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\res\html moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\res\fonts moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\res\entityTables moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\res\dtd moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\res moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\plugins moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\modules moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\greprefs moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\dictionaries moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults\profile moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults\pref moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\defaults moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\components moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner\chrome moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser\xulrunner moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\browser moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\» Jay «\Application Data\LimeWire moved successfully.
C:\Program Files\LimeWire\lib moved successfully.
C:\Program Files\LimeWire moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Ares\Ares.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_120446
Logfile of random's system information tool 1.06 (written by random/random)
Run by » Jay « at 2009-05-17 12:06:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (29%) free of 114 GB
Total RAM: 1024 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:49 PM, on 5/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\» Jay «\Desktop\RSIT(2).exe
C:\Documents and Settings\» Jay «\Desktop\» Jay «.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - (no file)
--
End of file - 9042 bytes
======Scheduled tasks folder======
C:\WINDOWS.0\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
C:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-115176313-682003330-1005.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []
"P17Helper"=Rundll32 SPIRun.dll,RunDLLEntry []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-07 185632]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-10-22 75584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"WinBlueSoft"=C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-04 15360]
"SetDefaultMIDI"=C:\WINDOWS.0\MIDIDef.exe [2005-04-22 73728]
"Taskbar Hide"=C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start []
"DriverUpdaterPro"=C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]
"Google Update"=C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo R260 Series on SHILPARISHI-PC]
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU C:\WINDOWS.0\TEMP\E_S1E.tmp /EF HKCU []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS.0\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R260 Series]
C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU C:\WINDOWS.0\TEMP\E_S39E.tmp /EF HKCU []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 SPIRun.dll,RunDLLEntry []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
RunDll32 P17RunE.dll,RunDLLEntry []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3
"idsvc"=3
"SCardSvr"=3
"ehSched"=2
"Ati HotKey Poller"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS.0\system32\Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS.0\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=01000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\Halo\halo.exe"="D:\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Steam\steamapps\renegade_jp\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\renegade_jp\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\supreme_nigger\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\supreme_nigger\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS.0\system32\rserver30\rserver3.exe"="C:\WINDOWS.0\system32\rserver30\rserver3.exe:*:Enabled:Radmin Server 3"
"C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\» Jay «\Local Settings\Temp\Rar$EX64.125\vncviewer.exe"="C:\Documents and Settings\» Jay «\Local Settings\Temp\Rar$EX64.125\vncviewer.exe:*:Enabled:vncviewer"
"C:\Documents and Settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike 1.6\cstrike.exe"="C:\Program Files\Counter-Strike 1.6\cstrike.exe:*:Enabled:Counter-Strike 1.6"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
======List of files/folders created in the last 1 months======
2009-05-17 12:04:46 ----DC---- C:\_OTMoveIt
2009-05-16 15:48:50 ----DC---- C:\rsit
2009-05-16 12:54:41 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Malwarebytes
2009-05-16 12:52:10 ----D---- C:\Program Files\ABC
2009-05-16 12:34:10 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2009-05-16 12:34:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-14 15:06:16 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avira
2009-05-14 15:06:16 ----D---- C:\Program Files\Avira
2009-05-13 21:21:06 ----D---- C:\Program Files\ERUNT
2009-05-12 22:13:23 ----DC---- C:\Documents and Settings\» Jay «\Application Data\GetRightToGo
2009-05-12 15:16:44 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft
2009-05-12 14:59:37 ----D---- C:\Program Files\Panda Security
2009-05-11 13:08:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-30 10:44:43 ----D---- C:\Program Files\FXLabs
2009-04-29 14:25:58 ----D---- C:\WINDOWS.0\system32\AGEIA
2009-04-29 14:25:58 ----D---- C:\Program Files\AGEIA Technologies
2009-04-29 14:25:36 ----A---- C:\WINDOWS.0\system32\d3dx10_40.dll
2009-04-29 14:25:36 ----A---- C:\WINDOWS.0\system32\D3DCompiler_40.dll
2009-04-29 14:25:35 ----A---- C:\WINDOWS.0\system32\XAudio2_3.dll
2009-04-29 14:25:35 ----A---- C:\WINDOWS.0\system32\XAPOFX1_2.dll
2009-04-29 14:25:35 ----A---- C:\WINDOWS.0\system32\D3DX9_40.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\XAudio2_2.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\XAPOFX1_1.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\xactengine3_3.dll
2009-04-29 14:25:34 ----A---- C:\WINDOWS.0\system32\X3DAudio1_5.dll
2009-04-29 14:25:33 ----A---- C:\WINDOWS.0\system32\xactengine3_2.dll
2009-04-29 14:25:33 ----A---- C:\WINDOWS.0\system32\d3dx10_39.dll
2009-04-29 14:25:33 ----A---- C:\WINDOWS.0\system32\D3DCompiler_39.dll
2009-04-29 14:25:32 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll
2009-04-29 14:25:32 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll
2009-04-29 14:25:32 ----A---- C:\WINDOWS.0\system32\D3DX9_39.dll
2009-04-29 14:25:31 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll
2009-04-29 14:25:31 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll
2009-04-29 14:25:30 ----A---- C:\WINDOWS.0\system32\D3DX9_38.dll
2009-04-29 14:25:30 ----A---- C:\WINDOWS.0\system32\d3dx10_38.dll
2009-04-29 14:25:30 ----A---- C:\WINDOWS.0\system32\D3DCompiler_38.dll
2009-04-29 14:25:29 ----A---- C:\WINDOWS.0\system32\XAudio2_0.dll
2009-04-29 14:25:29 ----A---- C:\WINDOWS.0\system32\xactengine3_0.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\X3DAudio1_3.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\D3DX9_37.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\d3dx10_37.dll
2009-04-29 14:25:28 ----A---- C:\WINDOWS.0\system32\D3DCompiler_37.dll
2009-04-29 14:25:27 ----A---- C:\WINDOWS.0\system32\xactengine2_10.dll
2009-04-29 14:25:26 ----A---- C:\WINDOWS.0\system32\d3dx9_36.dll
2009-04-29 14:25:26 ----A---- C:\WINDOWS.0\system32\d3dx10_36.dll
2009-04-29 14:25:26 ----A---- C:\WINDOWS.0\system32\D3DCompiler_36.dll
2009-04-29 14:25:25 ----A---- C:\WINDOWS.0\system32\xactengine2_9.dll
2009-04-29 14:25:24 ----A---- C:\WINDOWS.0\system32\d3dx9_35.dll
2009-04-29 14:25:24 ----A---- C:\WINDOWS.0\system32\d3dx10_35.dll
2009-04-29 14:25:24 ----A---- C:\WINDOWS.0\system32\D3DCompiler_35.dll
2009-04-29 14:24:35 ----D---- C:\WINDOWS.0\Logs
2009-04-29 11:47:02 ----D---- C:\Program Files\YouTube Downloader
2009-04-29 10:18:13 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Red Kawa
2009-04-29 10:14:52 ----D---- C:\Program Files\Regensoft
2009-04-29 10:14:43 ----D---- C:\Program Files\AviSynth 2.5
2009-04-29 10:14:38 ----D---- C:\Program Files\Red Kawa
2009-04-27 20:37:56 ----D---- C:\Program Files\iPod
2009-04-27 20:37:50 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 20:37:50 ----D---- C:\Program Files\iTunes
2009-04-27 20:36:58 ----D---- C:\Program Files\Bonjour
2009-04-27 20:34:27 ----D---- C:\Program Files\Apple Software Update
2009-04-27 20:32:16 ----A---- C:\WINDOWS.0\system32\usbaaplrc.dll
2009-04-27 20:22:41 ----D---- C:\Program Files\Counter-Strike 1.6
2009-04-27 13:20:31 ----D---- C:\Program Files\Google
2009-04-25 01:09:37 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Yahoo! Companion
2009-04-25 01:09:37 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Yahoo!
2009-04-25 01:08:58 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-04-25 01:08:56 ----D---- C:\Program Files\Yahoo!
======List of files/folders modified in the last 1 months======
2009-05-17 12:04:49 ----RD---- C:\Program Files
2009-05-17 12:02:53 ----D---- C:\WINDOWS.0\erdnt
2009-05-17 12:01:50 ----D---- C:\Program Files\Mozilla Firefox
2009-05-17 11:45:50 ----D---- C:\WINDOWS.0\system32\CatRoot2
2009-05-17 11:45:20 ----DC---- C:\Documents and Settings
2009-05-17 04:11:55 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2009-05-16 15:49:05 ----D---- C:\WINDOWS.0\Prefetch
2009-05-16 15:43:26 ----D---- C:\WINDOWS.0\system32\drivers
2009-05-16 12:13:02 ----D---- C:\WINDOWS.0\TEMP
2009-05-15 14:57:19 ----HD---- C:\WINDOWS.0\inf
2009-05-14 22:21:05 ----D---- C:\Program Files\Steam
2009-05-14 20:35:23 ----D---- C:\WINDOWS.0
2009-05-14 20:31:53 ----D---- C:\WINDOWS.0\system32
2009-05-14 15:05:35 ----SHD---- C:\WINDOWS.0\Installer
2009-05-14 15:05:35 ----HDC---- C:\Config.Msi
2009-05-14 15:05:34 ----D---- C:\WINDOWS.0\WinSxS
2009-05-14 14:36:57 ----DC---- C:\Documents and Settings\» Jay «\Application Data\MegauploadToolbar
2009-05-13 22:22:39 ----D---- C:\Program Files\Common Files
2009-05-13 21:07:55 ----D---- C:\Program Files\MediaRing
2009-05-13 21:06:30 ----DC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Skype
2009-05-13 21:03:44 ----DC---- C:\WINDOWS.0\system32\DRVSTORE
2009-05-13 21:01:11 ----DC---- C:\Nexon
2009-05-13 20:58:46 ----D---- C:\Program Files\Sonic the Hedgehog Adventure 3
2009-05-13 20:58:27 ----ADC---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2009-05-12 15:18:59 ----SD---- C:\WINDOWS.0\Tasks
2009-05-06 11:03:03 ----SHD---- C:\RECYCLER
2009-04-30 10:47:06 ----D---- C:\WINDOWS.0\system32\DirectX
2009-04-30 10:46:49 ----RSD---- C:\WINDOWS.0\assembly
2009-04-30 10:44:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-29 09:08:48 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Apple Computer
2009-04-27 20:39:05 ----DC---- C:\Documents and Settings\» Jay «\Application Data\Microsoft
2009-04-27 20:37:55 ----D---- C:\Program Files\Common Files\Apple
2009-04-27 20:36:34 ----D---- C:\Program Files\QuickTime Alternative
2009-04-27 20:32:19 ----D---- C:\WINDOWS.0\system32\ReinstallBackups
2009-04-26 16:38:16 ----DC---- C:\Documents and Settings\» Jay «\Application Data\skypePM
2009-04-25 16:38:26 ----D---- C:\Program Files\Counter-Strike Source
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 raddrvv3;raddrvv3; \??\C:\WINDOWS.0\system32\rserver30\raddrvv3.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS.0\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.0\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS.0\System32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS.0\system32\drivers\ctusfsyn.sys [2006-08-07 162176]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mirrorv3;mirrorv3; C:\WINDOWS.0\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688]
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio; C:\WINDOWS.0\system32\drivers\P17xfi.sys [2007-06-13 1174528]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtnicxp.sys [2007-06-01 95488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS.0\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinrvxx.sys [2004-08-04 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atintuxx.sys [2004-08-04 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinraxx.sys [2004-08-04 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinxsxx.sys [2004-08-04 63488]
S3 catchme;catchme; \??\C:\DOCUME~1\JAY~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS.0\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS.0\system32\drivers\EagleNT.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MSW_USB;Microsoft Broadband Networking Wireless USB Driver; C:\WINDOWS.0\System32\DRIVERS\MSWUSB51.sys [2002-07-15 51712]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.0\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.0\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 P17;SB Live! 24-bit; C:\WINDOWS.0\system32\drivers\P17.sys [2007-06-13 1131520]
S3 p17xfilt;p17xfilt; C:\WINDOWS.0\system32\drivers\p17xfilt.sys [2007-06-15 1657728]
S3 PCDCODEC;ATI WDM Specialized PCD Codec (Microsoft Corporation); C:\WINDOWS.0\system32\DRIVERS\atinpdxx.sys [2004-08-04 14336]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS.0\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS.0\system32\drivers\ScreamingBAudio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS.0\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS.0\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS.0\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS.0\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS.0\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS.0\System32\tcpsvcs.exe [2001-08-23 19456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.0\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-21 36864]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS.0\System32\tcpsvcs.exe [2001-08-23 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RServer3;Radmin Server V3; C:\WINDOWS.0\system32\rserver30\RServer3.exe /service []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\system32\Ati2evxx.exe [2006-02-21 405504]
S4 ehSched;Media Center Scheduler Service; C:\WINDOWS.0\ehome\ehSched.exe [2002-08-29 62464]
S4 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
-----------------EOF-----------------
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
JayAmin213
2009-05-18, 05:11
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 17, 2009 18:37:34
Records in database: 2188594
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 177784
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:02:11
File name / Threat name / Threats count
C:\WINDOWS.0\movctrlswd.dll Infected: Trojan.Win32.Vapsup.io 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:49 PM, on 5/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS.0\system32\NOTEPAD.EXE
C:\Documents and Settings\» Jay «\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Taskbar Hide] C:\PROGRA~1\TASKBA~1\TaskBar.exe -Start
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - (no file)
--
End of file - 9066 bytes
Delete this file:
C:\WINDOWS.0\movctrlswd.dll
Empty Recycle Bin.
Still problems?
JayAmin213
2009-05-18, 08:31
I deleted that file, however when I click links the browser still takes me to other pages.
Does that happen on Firefox only or also in IE?
JayAmin213
2009-05-20, 05:07
So now what?
Well I would appreciate if you could answer my question :)
JayAmin213
2009-05-20, 19:32
Both. This page appears before I am redirected to a site different from the one I clicked the link to go to.
http://img132.imageshack.us/img132/8053/37118214.th.png (http://img132.imageshack.us/my.php?image=37118214.png)
Direct link to screenshot: http://img132.imageshack.us/img132/8053/37118214.png
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
JayAmin213
2009-05-21, 03:20
By the way, before I am redirected, the status bar says Waiting for counter.fastclick.net....
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-20 20:18:43
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT F7EA9BAE ZwCreateKey
SSDT F7EA9BA4 ZwCreateThread
SSDT F7EA9BB3 ZwDeleteKey
SSDT F7EA9BBD ZwDeleteValueKey
SSDT F7EA9BC2 ZwLoadKey
SSDT F7EA9B90 ZwOpenProcess
SSDT F7EA9B95 ZwOpenThread
SSDT F7EA9BCC ZwReplaceKey
SSDT F7EA9BC7 ZwRestoreKey
SSDT F7EA9BB8 ZwSetValueKey
SSDT F7EA9B9F ZwTerminateProcess
Code 863F10D8 ZwEnumerateKey
Code 863F1D58 ZwFlushInstructionCache
Code 863EE63E IofCallDriver
Code 863EE2E6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 863EE643
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 863EE2EB
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EEB0 4 Bytes JMP 863F10DC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 805769EA 5 Bytes JMP 863F1D5C
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS.0\system32\spoolsv.exe[2036] msvcrt.dll!tan 77C4D5C4 2 Bytes [83, 7C]
.text C:\WINDOWS.0\system32\spoolsv.exe[2036] msvcrt.dll!tan + 3 77C4D5C7 5 Bytes [08, 01, 75, 19, 6A]
.text C:\WINDOWS.0\system32\spoolsv.exe[2036] msvcrt.dll!tan + 9 77C4D5CD 28 Bytes [6A, 00, 68, BC, 6C, 90, 7C, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2C1 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A030F C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A0290 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A02D4 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A021C C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A0256 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A034A C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4056] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F31676 C:\WINDOWS.0\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\ole32.dll [USER32.dll!CreateWindowExA] [0041413F] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\ole32.dll [USER32.dll!CreateWindowExW] [004141B5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\ole32.dll [USER32.dll!ShowWindow] [0041422B] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\wininet.dll [USER32.dll!CreateWindowExW] [004141B5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\wininet.dll [USER32.dll!SetWindowPos] [004142D5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [0041413F] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [004141B5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [004142D5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041422B] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\shell32.dll [USER32.dll!CreateWindowExW] [004141B5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\shell32.dll [USER32.dll!ShowWindow] [0041422B] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\shell32.dll [USER32.dll!SetWindowPos] [004142D5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\USERENV.dll [USER32.dll!SetWindowPos] [004142D5] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
IAT C:\WINDOWS.0\TEMP\tempo-3948359.tmp[3184] @ C:\WINDOWS.0\system32\USERENV.dll [USER32.dll!ShowWindow] [0041422B] C:\WINDOWS.0\TEMP\tempo-3948359.tmp
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\gxvxceyavtlspusqtjxbomexwnofckdyivydl.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [268] 0x10000000
Library C:\WINDOWS.0\system32\dll.dll (*** hidden *** ) @ C:\WINDOWS.0\system32\spoolsv.exe [2036] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxceyavtlspusqtjxbomexwnofckdyivydl.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [4056] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS.0\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxceyavtlspusqtjxbomexwnofckdyivydl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxceyavtlspusqtjxbomexwnofckdyivydl.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\\xbb Jay \xab\Application Data\Real\RealPlayer\Update\RealPlayer11GOLD.exe 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\\xbb Jay \xab\Application Data\Real\Update\setup\setup.exe 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\\xbb Jay \xab\Application Data\Real\Update\setup\schedule.exe 1
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3NRLIF2L\HVPN[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6S8AG4L7\HWireless[1].htm 23440 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6S8AG4L7\Wireless_Advanced[2].htm 28697 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X9JSKOG\Forward[2].htm 28930 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X9JSKOG\Triggering[1].htm 26070 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X9JSKOG\VPN[2].htm 15873 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X9JSKOG\WL_WPATable[1].htm 24977 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X9JSKOG\HFilters[2].htm 14953 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X9JSKOG\HForward[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HP7N700K\Status_Wireless[1].htm 18572 bytes
File C:\WINDOWS.0\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys 37888 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS.0\system32\drivers\gxvxcserv.sys 47616 bytes executable
File C:\WINDOWS.0\system32\gxvxccounter 4 bytes
File C:\WINDOWS.0\system32\gxvxceyavtlspusqtjxbomexwnofckdyivydl.dll 28673 bytes executable
---- EOF - GMER 1.0.15 ----
Yes you have rootkit.
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
JayAmin213
2009-05-22, 07:27
ComboFix 09-05-21.01 - » Jay « 05/22/2009 0:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024.706 [GMT -4:00]
Running from: c:\documents and settings\» Jay «\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\» Jay «\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows.0\search_res.txt
c:\windows.0\system32\drivers\gxvxciqvxxlvmoedfejailccyhtlxftdqwgsw.sys
c:\windows.0\system32\drivers\gxvxcoyuwqvpktprqdhmknselkbuyrexecpje.sys
c:\windows.0\system32\drivers\gxvxcserv.sys
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\gxvxccounter
c:\windows.0\system32\gxvxceyavtlspusqtjxbomexwnofckdyivydl.dll
c:\windows.0\system32\Process.exe
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\WS2Fix.exe
c:\windows.0\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://thenetworkcom.com
hxxp://onsafepro.com
hxxp://www.thenetworkcom.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gxvxcserv.sys
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-20 17:33 . 2009-05-20 17:33 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-20 17:19 . 2009-05-20 17:19 -------- dc----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-20 17:19 . 2009-05-20 17:33 -------- dc----w c:\documents and settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2009-05-20 17:18 . 2009-05-20 17:18 -------- d-----w c:\program files\SeekingAlpha
2009-05-20 16:39 . 2009-05-20 16:39 -------- d-----w c:\program files\LunaPlayer
2009-05-20 02:08 . 2009-05-22 04:13 -------- dc----w c:\documents and settings\» Jay «\Application Data\DNA
2009-05-20 02:08 . 2009-05-21 18:49 -------- d-----w c:\program files\DNA
2009-05-20 02:08 . 2009-05-20 02:08 -------- d-----w c:\program files\AskBarDis
2009-05-17 16:04 . 2009-05-17 16:04 -------- dc----w C:\_OTMoveIt
2009-05-16 19:48 . 2009-05-16 19:49 -------- dc----w C:\rsit
2009-05-16 16:54 . 2009-05-16 16:54 -------- dc----w c:\documents and settings\» Jay «\Application Data\Malwarebytes
2009-05-16 16:52 . 2009-05-16 16:54 -------- d-----w c:\program files\ABC
2009-05-16 16:34 . 2009-04-06 19:32 15504 ----a-w c:\windows.0\system32\drivers\mbam.sys
2009-05-16 16:34 . 2009-04-06 19:32 38496 ----a-w c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-05-16 16:34 . 2009-05-16 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 16:34 . 2009-05-16 16:34 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2009-05-14 19:06 . 2009-03-30 14:33 96104 ----a-w c:\windows.0\system32\drivers\avipbb.sys
2009-05-14 19:06 . 2009-03-24 20:08 55640 ----a-w c:\windows.0\system32\drivers\avgntflt.sys
2009-05-14 19:06 . 2009-02-13 16:29 22360 ----a-w c:\windows.0\system32\drivers\avgntmgr.sys
2009-05-14 19:06 . 2009-02-13 16:17 45416 ----a-w c:\windows.0\system32\drivers\avgntdd.sys
2009-05-14 19:06 . 2009-05-14 19:06 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Avira
2009-05-14 19:06 . 2009-05-14 19:06 -------- d-----w c:\program files\Avira
2009-05-14 01:21 . 2009-05-14 01:21 -------- d-----w c:\program files\ERUNT
2009-05-13 02:13 . 2009-05-14 01:34 -------- dc----w c:\documents and settings\» Jay «\Application Data\GetRightToGo
2009-05-12 19:16 . 2009-05-14 01:03 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft
2009-05-12 18:59 . 2009-05-14 01:04 -------- d-----w c:\program files\Panda Security
2009-05-11 17:08 . 2009-05-14 01:04 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 14:44 . 2009-04-30 14:44 -------- d-----w c:\program files\FXLabs
2009-04-29 21:07 . 2009-04-29 21:07 -------- dc----w c:\documents and settings\ Jay
2009-04-29 18:24 . 2009-04-29 18:24 -------- d-----w c:\windows.0\Logs
2009-04-29 17:36 . 2009-04-29 17:36 -------- dc----w c:\documents and settings\? Jay ?
2009-04-29 17:35 . 2009-04-29 17:35 4096 ----a-w c:\windows.0\d3dx.dat
2009-04-29 15:47 . 2009-04-29 15:47 -------- d-----w c:\program files\YouTube Downloader
2009-04-29 14:18 . 2009-04-29 14:18 -------- dc----w c:\documents and settings\» Jay «\Application Data\Red Kawa
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\Regensoft
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\AviSynth 2.5
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\Red Kawa
2009-04-29 13:18 . 2009-04-29 13:18 -------- dc----w c:\documents and settings\» Jay «\Local Settings\Application Data\DNA
2009-04-28 00:37 . 2009-04-28 00:37 -------- d-----w c:\program files\iPod
2009-04-28 00:37 . 2009-04-28 00:38 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-28 00:37 . 2009-04-28 00:38 -------- d-----w c:\program files\iTunes
2009-04-28 00:36 . 2009-04-28 00:36 -------- d-----w c:\program files\Bonjour
2009-04-28 00:34 . 2009-04-28 00:34 -------- d-----w c:\program files\Apple Software Update
2009-04-28 00:32 . 2009-03-26 19:23 36864 ----a-w c:\windows.0\system32\drivers\usbaapl.sys
2009-04-28 00:32 . 2009-03-26 19:23 1900544 ----a-w c:\windows.0\system32\usbaaplrc.dll
2009-04-28 00:22 . 2009-05-08 16:47 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----w c:\program files\Google
2009-04-25 05:10 . 2009-04-25 05:10 -------- dc----w c:\documents and settings\» Jay «\Local Settings\Application Data\Yahoo
2009-04-25 05:09 . 2009-04-25 14:27 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo! Companion
2009-04-25 05:09 . 2009-04-25 05:09 -------- dc----w c:\documents and settings\» Jay «\Application Data\Yahoo!
2009-04-25 05:08 . 2009-03-18 21:55 607472 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-04-25 05:08 . 2009-04-25 05:10 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-04-25 05:08 . 2009-04-25 05:09 -------- d-----w c:\program files\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 16:28 . 2007-11-17 19:02 -------- dc----w c:\documents and settings\» Jay «\Application Data\MegauploadToolbar
2009-05-18 20:21 . 2007-10-29 22:35 -------- dc--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2009-05-15 02:21 . 2007-09-13 02:22 -------- d-----w c:\program files\Steam
2009-05-14 01:07 . 2009-01-25 18:12 -------- d-----w c:\program files\MediaRing
2009-05-14 01:06 . 2009-01-25 18:33 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Skype
2009-05-14 01:01 . 2008-09-15 23:46 335872 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGMResource.dll
2009-05-14 00:58 . 2008-03-16 15:19 -------- d-----w c:\program files\Sonic the Hedgehog Adventure 3
2009-04-30 14:44 . 2006-12-02 23:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 18:26 . 2009-04-29 18:25 -------- d-----w c:\program files\AGEIA Technologies
2009-04-29 13:08 . 2008-05-13 01:54 -------- dc----w c:\documents and settings\» Jay «\Application Data\Apple Computer
2009-04-28 00:37 . 2008-05-13 01:52 -------- d-----w c:\program files\Common Files\Apple
2009-04-28 00:36 . 2007-11-12 22:43 -------- d-----w c:\program files\QuickTime Alternative
2009-04-26 20:38 . 2009-01-25 18:36 -------- dc----w c:\documents and settings\» Jay «\Application Data\skypePM
2009-04-25 20:38 . 2007-09-26 19:05 -------- d-----w c:\program files\Counter-Strike Source
2009-04-04 17:50 . 2009-04-04 17:50 585728 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\pmv302a-0902180-0-libOctoshapeClient.dll
2009-04-04 17:50 . 2009-04-04 17:50 120088 -c--a-w c:\documents and settings\» Jay «\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-04-04 17:50 . 2009-04-04 17:50 -------- dc----w c:\documents and settings\» Jay «\Application Data\Octoshape
2009-04-02 20:29 . 2009-04-02 20:29 75048 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-30 15:57 . 2009-04-04 17:50 409088 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-libOctoshapeClient.dll
2009-03-30 15:57 . 2009-04-04 17:50 120088 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-npoctoshape.dll
2009-03-30 15:57 . 2009-04-04 17:50 132376 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-apoctoshape.dll
2009-03-27 17:36 . 2009-03-27 17:36 57344 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-37886cad-n\Decora-SSE.dll
2009-03-27 17:36 . 2009-03-27 17:36 24064 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3a40350d-n\Decora-D3D.dll
2009-03-27 17:36 . 2009-03-27 17:36 315392 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl.dll
2009-03-27 17:36 . 2009-03-27 17:36 20480 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl_awt.dll
2009-03-27 17:36 . 2009-03-27 17:36 20480 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-49f39cec-n\gluegen-rt.dll
2009-03-27 17:36 . 2009-03-27 17:36 114688 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl_cg.dll
2009-03-27 17:36 . 2009-03-27 17:36 499712 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\msvcp71.dll
2009-03-27 17:36 . 2009-03-27 17:36 499712 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\jmc.dll
2009-03-27 17:36 . 2009-03-27 17:36 348160 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\msvcr71.dll
2009-03-27 17:35 . 2007-03-31 18:10 -------- d-----w c:\program files\Java
2009-03-27 17:35 . 2009-03-27 17:35 152576 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows.0\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2009-01-02 06:01 410984 ----a-w c:\windows.0\system32\deploytk.dll
2007-09-18 02:40 . 2007-09-18 02:40 4564112 ----a-w c:\program files\dxnt.cab
2007-09-13 00:57 . 2007-09-13 00:57 1904 ----a-w c:\program files\Daily Planner Plus 5.0.lnk
2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w c:\program files\BDANT.cab
2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w c:\program files\BDA.cab
2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w c:\program files\dsetup32.dll
2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24 325000 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Google Update"="c:\documents and settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-20 321344]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows.0\MIDIDEF.EXE [2005-04-22 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 185632]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17RunE"="P17RunE.dll" - c:\windows.0\system32\P17RunE.dll [2007-04-09 14848]
"P17Helper"="SPIRun.dll" - c:\windows.0\system32\SPIRun.dll [2006-07-03 10752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="%windir%\Resources\LogonUI\zune\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"ehSched"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Halo\\halo.exe"=
"c:\\Program Files\\Steam\\steamapps\\renegade_jp\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\supreme_nigger\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS.0\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\» Jay «\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47062:TCP"= 47062:TCP:limewire
R1 raddrvv3;raddrvv3;c:\windows.0\system32\rserver30\raddrvv3.sys [4/24/2008 8:49 AM 45848]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/14/2009 3:06 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 11:07 PM 24652]
R3 mirrorv3;mirrorv3;c:\windows.0\system32\drivers\rminiv3.sys [11/1/2006 6:01 AM 3328]
S3 RServer3;Radmin Server V3;"c:\windows.0\system32\rserver30\RServer3.exe" /service --> c:\windows.0\system32\rserver30\RServer3.exe [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows.0\system32\drivers\ScreamingBAudio.sys --> c:\windows.0\system32\drivers\ScreamingBAudio.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-19 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Taskbar Hide - c:\progra~1\TASKBA~1\TaskBar.exe
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1269415
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows.0\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows.0\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\» Jay «\Application Data\Mozilla\Firefox\Profiles\clp1skg0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\npNxGameUS.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 00:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\windows.0\system32\Ati2evxx.dll
.
Completion time: 2009-05-22 0:25
ComboFix-quarantined-files.txt 2009-05-22 04:25
ComboFix2.txt 2007-11-14 21:35
Pre-Run: 34,946,936,832 bytes free
Post-Run: 36,249,452,544 bytes free
245 --- E O F --- 2007-11-13 20:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:37 AM, on 5/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Documents and Settings\» Jay «\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - (no file)
--
End of file - 8364 bytes
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\» Jay «\Application Data\DNA
c:\program files\DNA
c:\program files\AskBarDis
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47062:TCP"=-
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
JayAmin213
2009-05-22, 23:41
ComboFix 09-05-22.04 - » Jay « 05/22/2009 16:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024.667 [GMT -4:00]
Running from: c:\documents and settings\» Jay «\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\» Jay «\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\» Jay «\Application Data\DNA
c:\documents and settings\» Jay «\Application Data\DNA\dht.dat
c:\documents and settings\» Jay «\Application Data\DNA\dht.dat.old
c:\documents and settings\» Jay «\Application Data\DNA\dna.lng
c:\documents and settings\» Jay «\Application Data\DNA\resume.dat
c:\documents and settings\» Jay «\Application Data\DNA\resume.dat.old
c:\documents and settings\» Jay «\Application Data\DNA\rss.dat
c:\documents and settings\» Jay «\Application Data\DNA\rss.dat.old
c:\documents and settings\» Jay «\Application Data\DNA\settings.dat
c:\documents and settings\» Jay «\Application Data\DNA\settings.dat.old
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\000D0FC0
c:\program files\AskBarDis\bar\Cache\000D1425
c:\program files\AskBarDis\bar\Cache\000D157C.bin
c:\program files\AskBarDis\bar\Cache\000D1609.bin
c:\program files\AskBarDis\bar\Cache\000D1657.bin
c:\program files\AskBarDis\bar\Cache\000D1696.bin
c:\program files\AskBarDis\bar\Cache\000D1703.bin
c:\program files\AskBarDis\bar\Cache\000D1751.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 17:00 . 2009-05-22 20:31 -------- dc----w c:\documents and settings\» Jay «\Application Data\uTorrent
2009-05-20 17:33 . 2009-05-20 17:33 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-20 17:19 . 2009-05-20 17:19 -------- dc----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-20 17:19 . 2009-05-20 17:33 -------- dc----w c:\documents and settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2009-05-20 17:18 . 2009-05-20 17:18 -------- d-----w c:\program files\SeekingAlpha
2009-05-20 16:39 . 2009-05-20 16:39 -------- d-----w c:\program files\LunaPlayer
2009-05-17 16:04 . 2009-05-17 16:04 -------- dc----w C:\_OTMoveIt
2009-05-16 19:48 . 2009-05-16 19:49 -------- dc----w C:\rsit
2009-05-16 16:54 . 2009-05-16 16:54 -------- dc----w c:\documents and settings\» Jay «\Application Data\Malwarebytes
2009-05-16 16:52 . 2009-05-16 16:54 -------- d-----w c:\program files\ABC
2009-05-16 16:34 . 2009-04-06 19:32 15504 ----a-w c:\windows.0\system32\drivers\mbam.sys
2009-05-16 16:34 . 2009-04-06 19:32 38496 ----a-w c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-05-16 16:34 . 2009-05-16 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 16:34 . 2009-05-16 16:34 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2009-05-14 19:06 . 2009-03-30 14:33 96104 ----a-w c:\windows.0\system32\drivers\avipbb.sys
2009-05-14 19:06 . 2009-03-24 20:08 55640 ----a-w c:\windows.0\system32\drivers\avgntflt.sys
2009-05-14 19:06 . 2009-02-13 16:29 22360 ----a-w c:\windows.0\system32\drivers\avgntmgr.sys
2009-05-14 19:06 . 2009-02-13 16:17 45416 ----a-w c:\windows.0\system32\drivers\avgntdd.sys
2009-05-14 19:06 . 2009-05-14 19:06 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Avira
2009-05-14 19:06 . 2009-05-14 19:06 -------- d-----w c:\program files\Avira
2009-05-14 01:21 . 2009-05-14 01:21 -------- d-----w c:\program files\ERUNT
2009-05-13 02:13 . 2009-05-14 01:34 -------- dc----w c:\documents and settings\» Jay «\Application Data\GetRightToGo
2009-05-12 19:16 . 2009-05-14 01:03 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft
2009-05-12 18:59 . 2009-05-14 01:04 -------- d-----w c:\program files\Panda Security
2009-05-11 17:08 . 2009-05-14 01:04 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 14:44 . 2009-04-30 14:44 -------- d-----w c:\program files\FXLabs
2009-04-29 21:07 . 2009-04-29 21:07 -------- dc----w c:\documents and settings\ Jay
2009-04-29 18:24 . 2009-04-29 18:24 -------- d-----w c:\windows.0\Logs
2009-04-29 17:36 . 2009-04-29 17:36 -------- dc----w c:\documents and settings\? Jay ?
2009-04-29 17:35 . 2009-04-29 17:35 4096 ----a-w c:\windows.0\d3dx.dat
2009-04-29 15:47 . 2009-04-29 15:47 -------- d-----w c:\program files\YouTube Downloader
2009-04-29 14:18 . 2009-04-29 14:18 -------- dc----w c:\documents and settings\» Jay «\Application Data\Red Kawa
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\Regensoft
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\AviSynth 2.5
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\Red Kawa
2009-04-29 13:18 . 2009-04-29 13:18 -------- dc----w c:\documents and settings\» Jay «\Local Settings\Application Data\DNA
2009-04-28 00:37 . 2009-04-28 00:37 -------- d-----w c:\program files\iPod
2009-04-28 00:37 . 2009-04-28 00:38 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-28 00:37 . 2009-04-28 00:38 -------- d-----w c:\program files\iTunes
2009-04-28 00:36 . 2009-04-28 00:36 -------- d-----w c:\program files\Bonjour
2009-04-28 00:34 . 2009-04-28 00:34 -------- d-----w c:\program files\Apple Software Update
2009-04-28 00:32 . 2009-03-26 19:23 36864 ----a-w c:\windows.0\system32\drivers\usbaapl.sys
2009-04-28 00:32 . 2009-03-26 19:23 1900544 ----a-w c:\windows.0\system32\usbaaplrc.dll
2009-04-28 00:22 . 2009-05-08 16:47 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----w c:\program files\Google
2009-04-25 05:10 . 2009-04-25 05:10 -------- dc----w c:\documents and settings\» Jay «\Local Settings\Application Data\Yahoo
2009-04-25 05:09 . 2009-04-25 14:27 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo! Companion
2009-04-25 05:09 . 2009-04-25 05:09 -------- dc----w c:\documents and settings\» Jay «\Application Data\Yahoo!
2009-04-25 05:08 . 2009-03-18 21:55 607472 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-04-25 05:08 . 2009-04-25 05:10 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-04-25 05:08 . 2009-04-25 05:09 -------- d-----w c:\program files\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 16:28 . 2007-11-17 19:02 -------- dc----w c:\documents and settings\» Jay «\Application Data\MegauploadToolbar
2009-05-18 20:21 . 2007-10-29 22:35 -------- dc--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2009-05-15 02:21 . 2007-09-13 02:22 -------- d-----w c:\program files\Steam
2009-05-14 01:07 . 2009-01-25 18:12 -------- d-----w c:\program files\MediaRing
2009-05-14 01:06 . 2009-01-25 18:33 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Skype
2009-05-14 01:01 . 2008-09-15 23:46 335872 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGMResource.dll
2009-05-14 00:58 . 2008-03-16 15:19 -------- d-----w c:\program files\Sonic the Hedgehog Adventure 3
2009-04-30 14:44 . 2006-12-02 23:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 18:26 . 2009-04-29 18:25 -------- d-----w c:\program files\AGEIA Technologies
2009-04-29 13:08 . 2008-05-13 01:54 -------- dc----w c:\documents and settings\» Jay «\Application Data\Apple Computer
2009-04-28 00:37 . 2008-05-13 01:52 -------- d-----w c:\program files\Common Files\Apple
2009-04-28 00:36 . 2007-11-12 22:43 -------- d-----w c:\program files\QuickTime Alternative
2009-04-26 20:38 . 2009-01-25 18:36 -------- dc----w c:\documents and settings\» Jay «\Application Data\skypePM
2009-04-25 20:38 . 2007-09-26 19:05 -------- d-----w c:\program files\Counter-Strike Source
2009-04-04 17:50 . 2009-04-04 17:50 585728 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\pmv302a-0902180-0-libOctoshapeClient.dll
2009-04-04 17:50 . 2009-04-04 17:50 120088 -c--a-w c:\documents and settings\» Jay «\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-04-04 17:50 . 2009-04-04 17:50 -------- dc----w c:\documents and settings\» Jay «\Application Data\Octoshape
2009-04-02 20:29 . 2009-04-02 20:29 75048 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-30 15:57 . 2009-04-04 17:50 409088 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-libOctoshapeClient.dll
2009-03-30 15:57 . 2009-04-04 17:50 120088 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-npoctoshape.dll
2009-03-30 15:57 . 2009-04-04 17:50 132376 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-apoctoshape.dll
2009-03-27 17:36 . 2009-03-27 17:36 57344 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-37886cad-n\Decora-SSE.dll
2009-03-27 17:36 . 2009-03-27 17:36 24064 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3a40350d-n\Decora-D3D.dll
2009-03-27 17:36 . 2009-03-27 17:36 315392 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl.dll
2009-03-27 17:36 . 2009-03-27 17:36 20480 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl_awt.dll
2009-03-27 17:36 . 2009-03-27 17:36 20480 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-49f39cec-n\gluegen-rt.dll
2009-03-27 17:36 . 2009-03-27 17:36 114688 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl_cg.dll
2009-03-27 17:36 . 2009-03-27 17:36 499712 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\msvcp71.dll
2009-03-27 17:36 . 2009-03-27 17:36 499712 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\jmc.dll
2009-03-27 17:36 . 2009-03-27 17:36 348160 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\msvcr71.dll
2009-03-27 17:35 . 2007-03-31 18:10 -------- d-----w c:\program files\Java
2009-03-27 17:35 . 2009-03-27 17:35 152576 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows.0\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2009-01-02 06:01 410984 ----a-w c:\windows.0\system32\deploytk.dll
2007-09-18 02:40 . 2007-09-18 02:40 4564112 ----a-w c:\program files\dxnt.cab
2007-09-13 00:57 . 2007-09-13 00:57 1904 ----a-w c:\program files\Daily Planner Plus 5.0.lnk
2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w c:\program files\BDANT.cab
2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w c:\program files\BDA.cab
2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w c:\program files\dsetup32.dll
2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-22_04.22.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 16:55 . 2009-05-22 16:55 16384 c:\windows.0\TEMP\Perflib_Perfdata_7d0.dat
+ 2009-05-22 04:25 . 2009-05-22 16:54 32768 c:\windows.0\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-29 04:20 . 2009-05-22 16:54 32768 c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-29 04:20 . 2009-05-21 18:40 32768 c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-29 04:20 . 2009-05-22 16:54 16384 c:\windows.0\system32\config\systemprofile\Cookies\index.dat
- 2007-08-29 04:20 . 2009-05-21 18:40 16384 c:\windows.0\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Google Update"="c:\documents and settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows.0\MIDIDEF.EXE [2005-04-22 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 185632]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17RunE"="P17RunE.dll" - c:\windows.0\system32\P17RunE.dll [2007-04-09 14848]
"P17Helper"="SPIRun.dll" - c:\windows.0\system32\SPIRun.dll [2006-07-03 10752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="%windir%\Resources\LogonUI\zune\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"ehSched"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Halo\\halo.exe"=
"c:\\Program Files\\Steam\\steamapps\\renegade_jp\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\supreme_nigger\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS.0\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\» Jay «\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
R1 raddrvv3;raddrvv3;c:\windows.0\system32\rserver30\raddrvv3.sys [4/24/2008 8:49 AM 45848]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/14/2009 3:06 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 11:07 PM 24652]
R3 mirrorv3;mirrorv3;c:\windows.0\system32\drivers\rminiv3.sys [11/1/2006 6:01 AM 3328]
S3 RServer3;Radmin Server V3;"c:\windows.0\system32\rserver30\RServer3.exe" /service --> c:\windows.0\system32\rserver30\RServer3.exe [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows.0\system32\drivers\ScreamingBAudio.sys --> c:\windows.0\system32\drivers\ScreamingBAudio.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-19 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1269415
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows.0\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows.0\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\» Jay «\Application Data\Mozilla\Firefox\Profiles\clp1skg0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\npNxGameUS.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 16:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows.0\system32\Ati2evxx.dll
.
Completion time: 2009-05-22 16:39
ComboFix-quarantined-files.txt 2009-05-22 20:38
ComboFix2.txt 2009-05-22 04:25
ComboFix3.txt 2007-11-14 21:35
Pre-Run: 33,196,011,520 bytes free
Post-Run: 33,172,590,592 bytes free
256 --- E O F --- 2007-11-13 20:17
Have you lately used uTorrent?
You are not allowed to use or install any p2p programs as per forum rules.
JayAmin213
2009-05-24, 20:43
Yes, I'm sorry but my cousin who lives with me downloaded it again and used it. He now knows the situation. D:
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
c:\documents and settings\» Jay «\Application Data\uTorrent
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
JayAmin213
2009-05-26, 00:40
ComboFix 09-05-23.04 - » Jay « 05/24/2009 14:17.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024.671 [GMT -4:00]
Running from: c:\documents and settings\» Jay «\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\» Jay «\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\» Jay «\Application Data\uTorrent
c:\documents and settings\» Jay «\Application Data\uTorrent\Crank.High.Voltage.READNFO.R5.XviD-DEViSE.torrent
c:\documents and settings\» Jay «\Application Data\uTorrent\dht.dat
c:\documents and settings\» Jay «\Application Data\uTorrent\dht.dat.old
c:\documents and settings\» Jay «\Application Data\uTorrent\resume.dat
c:\documents and settings\» Jay «\Application Data\uTorrent\resume.dat.old
c:\documents and settings\» Jay «\Application Data\uTorrent\rss.dat
c:\documents and settings\» Jay «\Application Data\uTorrent\rss.dat.old
c:\documents and settings\» Jay «\Application Data\uTorrent\settings.dat
c:\documents and settings\» Jay «\Application Data\uTorrent\settings.dat.old
.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.
2009-05-20 17:33 . 2009-05-20 17:33 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-20 17:19 . 2009-05-20 17:19 -------- dc----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-20 17:19 . 2009-05-20 17:33 -------- dc----w c:\documents and settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2009-05-20 17:18 . 2009-05-20 17:18 -------- d-----w c:\program files\SeekingAlpha
2009-05-20 16:39 . 2009-05-20 16:39 -------- d-----w c:\program files\LunaPlayer
2009-05-17 16:04 . 2009-05-17 16:04 -------- dc----w C:\_OTMoveIt
2009-05-16 19:48 . 2009-05-16 19:49 -------- dc----w C:\rsit
2009-05-16 16:54 . 2009-05-16 16:54 -------- dc----w c:\documents and settings\» Jay «\Application Data\Malwarebytes
2009-05-16 16:52 . 2009-05-16 16:54 -------- d-----w c:\program files\ABC
2009-05-16 16:34 . 2009-04-06 19:32 15504 ----a-w c:\windows.0\system32\drivers\mbam.sys
2009-05-16 16:34 . 2009-04-06 19:32 38496 ----a-w c:\windows.0\system32\drivers\mbamswissarmy.sys
2009-05-16 16:34 . 2009-05-16 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 16:34 . 2009-05-16 16:34 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2009-05-14 19:06 . 2009-03-30 14:33 96104 ----a-w c:\windows.0\system32\drivers\avipbb.sys
2009-05-14 19:06 . 2009-03-24 20:08 55640 ----a-w c:\windows.0\system32\drivers\avgntflt.sys
2009-05-14 19:06 . 2009-02-13 16:29 22360 ----a-w c:\windows.0\system32\drivers\avgntmgr.sys
2009-05-14 19:06 . 2009-02-13 16:17 45416 ----a-w c:\windows.0\system32\drivers\avgntdd.sys
2009-05-14 19:06 . 2009-05-14 19:06 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Avira
2009-05-14 19:06 . 2009-05-14 19:06 -------- d-----w c:\program files\Avira
2009-05-14 01:21 . 2009-05-14 01:21 -------- d-----w c:\program files\ERUNT
2009-05-13 02:13 . 2009-05-14 01:34 -------- dc----w c:\documents and settings\» Jay «\Application Data\GetRightToGo
2009-05-12 19:16 . 2009-05-14 01:03 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Lavasoft
2009-05-12 18:59 . 2009-05-14 01:04 -------- d-----w c:\program files\Panda Security
2009-05-11 17:08 . 2009-05-14 01:04 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-30 14:44 . 2009-04-30 14:44 -------- d-----w c:\program files\FXLabs
2009-04-29 21:07 . 2009-04-29 21:07 -------- dc----w c:\documents and settings\ Jay
2009-04-29 18:24 . 2009-04-29 18:24 -------- d-----w c:\windows.0\Logs
2009-04-29 17:36 . 2009-04-29 17:36 -------- dc----w c:\documents and settings\? Jay ?
2009-04-29 17:35 . 2009-04-29 17:35 4096 ----a-w c:\windows.0\d3dx.dat
2009-04-29 15:47 . 2009-04-29 15:47 -------- d-----w c:\program files\YouTube Downloader
2009-04-29 14:18 . 2009-04-29 14:18 -------- dc----w c:\documents and settings\» Jay «\Application Data\Red Kawa
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\Regensoft
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\AviSynth 2.5
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\program files\Red Kawa
2009-04-29 13:18 . 2009-04-29 13:18 -------- dc----w c:\documents and settings\» Jay «\Local Settings\Application Data\DNA
2009-04-28 00:37 . 2009-04-28 00:37 -------- d-----w c:\program files\iPod
2009-04-28 00:37 . 2009-04-28 00:38 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-28 00:37 . 2009-04-28 00:38 -------- d-----w c:\program files\iTunes
2009-04-28 00:36 . 2009-04-28 00:36 -------- d-----w c:\program files\Bonjour
2009-04-28 00:34 . 2009-04-28 00:34 -------- d-----w c:\program files\Apple Software Update
2009-04-28 00:32 . 2009-03-26 19:23 36864 ----a-w c:\windows.0\system32\drivers\usbaapl.sys
2009-04-28 00:32 . 2009-03-26 19:23 1900544 ----a-w c:\windows.0\system32\usbaaplrc.dll
2009-04-28 00:22 . 2009-05-08 16:47 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-27 17:20 . 2009-04-27 17:20 -------- d-----w c:\program files\Google
2009-04-25 05:10 . 2009-04-25 05:10 -------- dc----w c:\documents and settings\» Jay «\Local Settings\Application Data\Yahoo
2009-04-25 05:09 . 2009-04-25 14:27 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo! Companion
2009-04-25 05:09 . 2009-04-25 05:09 -------- dc----w c:\documents and settings\» Jay «\Application Data\Yahoo!
2009-04-25 05:08 . 2009-03-18 21:55 607472 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-04-25 05:08 . 2009-04-25 05:10 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-04-25 05:08 . 2009-04-25 05:09 -------- d-----w c:\program files\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 20:50 . 2007-09-13 02:22 -------- d-----w c:\program files\Steam
2009-05-20 16:28 . 2007-11-17 19:02 -------- dc----w c:\documents and settings\» Jay «\Application Data\MegauploadToolbar
2009-05-18 20:21 . 2007-10-29 22:35 -------- dc--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2009-05-14 01:07 . 2009-01-25 18:12 -------- d-----w c:\program files\MediaRing
2009-05-14 01:06 . 2009-01-25 18:33 -------- dc----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Skype
2009-05-14 01:01 . 2008-09-15 23:46 335872 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\NGMResource.dll
2009-05-14 00:58 . 2008-03-16 15:19 -------- d-----w c:\program files\Sonic the Hedgehog Adventure 3
2009-04-30 14:44 . 2006-12-02 23:01 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 18:26 . 2009-04-29 18:25 -------- d-----w c:\program files\AGEIA Technologies
2009-04-29 13:08 . 2008-05-13 01:54 -------- dc----w c:\documents and settings\» Jay «\Application Data\Apple Computer
2009-04-28 00:37 . 2008-05-13 01:52 -------- d-----w c:\program files\Common Files\Apple
2009-04-28 00:36 . 2007-11-12 22:43 -------- d-----w c:\program files\QuickTime Alternative
2009-04-26 20:38 . 2009-01-25 18:36 -------- dc----w c:\documents and settings\» Jay «\Application Data\skypePM
2009-04-25 20:38 . 2007-09-26 19:05 -------- d-----w c:\program files\Counter-Strike Source
2009-04-04 17:50 . 2009-04-04 17:50 585728 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\pmv302a-0902180-0-libOctoshapeClient.dll
2009-04-04 17:50 . 2009-04-04 17:50 120088 -c--a-w c:\documents and settings\» Jay «\Application Data\Mozilla\Plugins\npoctoshape.dll
2009-04-04 17:50 . 2009-04-04 17:50 -------- dc----w c:\documents and settings\» Jay «\Application Data\Octoshape
2009-04-02 20:29 . 2009-04-02 20:29 75048 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-30 15:57 . 2009-04-04 17:50 409088 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-libOctoshapeClient.dll
2009-03-30 15:57 . 2009-04-04 17:50 120088 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-npoctoshape.dll
2009-03-30 15:57 . 2009-04-04 17:50 132376 -c--a-w c:\documents and settings\» Jay «\Application Data\Octoshape\Octoshape Streaming Services\sua-0903300-0-apoctoshape.dll
2009-03-27 17:36 . 2009-03-27 17:36 57344 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-37886cad-n\Decora-SSE.dll
2009-03-27 17:36 . 2009-03-27 17:36 24064 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-3a40350d-n\Decora-D3D.dll
2009-03-27 17:36 . 2009-03-27 17:36 315392 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl.dll
2009-03-27 17:36 . 2009-03-27 17:36 20480 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl_awt.dll
2009-03-27 17:36 . 2009-03-27 17:36 20480 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-49f39cec-n\gluegen-rt.dll
2009-03-27 17:36 . 2009-03-27 17:36 114688 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-6939ab23-n\jogl_cg.dll
2009-03-27 17:36 . 2009-03-27 17:36 499712 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\msvcp71.dll
2009-03-27 17:36 . 2009-03-27 17:36 499712 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\jmc.dll
2009-03-27 17:36 . 2009-03-27 17:36 348160 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-12a76870-n\msvcr71.dll
2009-03-27 17:35 . 2007-03-31 18:10 -------- d-----w c:\program files\Java
2009-03-27 17:35 . 2009-03-27 17:35 152576 -c--a-w c:\documents and settings\» Jay «\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 20:32 . 2009-03-19 20:32 23400 -c--a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows.0\system32\drivers\GEARAspiWDM.sys
2009-03-09 09:19 . 2009-01-02 06:01 410984 ----a-w c:\windows.0\system32\deploytk.dll
2007-09-18 02:40 . 2007-09-18 02:40 4564112 ----a-w c:\program files\dxnt.cab
2007-09-13 00:57 . 2007-09-13 00:57 1904 ----a-w c:\program files\Daily Planner Plus 5.0.lnk
2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w c:\program files\BDANT.cab
2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w c:\program files\BDAXP.cab
2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w c:\program files\BDA.cab
2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w c:\program files\dsetup32.dll
2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-22_04.22.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-24 17:39 . 2009-05-24 17:39 16384 c:\windows.0\TEMP\Perflib_Perfdata_80.dat
+ 2009-05-22 04:25 . 2009-05-24 17:38 32768 c:\windows.0\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-29 04:20 . 2009-05-24 17:38 32768 c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-29 04:20 . 2009-05-21 18:40 32768 c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-29 04:20 . 2009-05-24 17:38 16384 c:\windows.0\system32\config\systemprofile\Cookies\index.dat
- 2007-08-29 04:20 . 2009-05-21 18:40 16384 c:\windows.0\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Google Update"="c:\documents and settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows.0\MIDIDEF.EXE [2005-04-22 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 185632]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"P17RunE"="P17RunE.dll" - c:\windows.0\system32\P17RunE.dll [2007-04-09 14848]
"P17Helper"="SPIRun.dll" - c:\windows.0\system32\SPIRun.dll [2006-07-03 10752]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="%windir%\Resources\LogonUI\zune\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"ehSched"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"d:\\Halo\\halo.exe"=
"c:\\Program Files\\Steam\\steamapps\\renegade_jp\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\supreme_nigger\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS.0\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\» Jay «\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
R1 raddrvv3;raddrvv3;c:\windows.0\system32\rserver30\raddrvv3.sys [4/24/2008 8:49 AM 45848]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/14/2009 3:06 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 11:07 PM 24652]
R3 mirrorv3;mirrorv3;c:\windows.0\system32\drivers\rminiv3.sys [11/1/2006 6:01 AM 3328]
S3 RServer3;Radmin Server V3;"c:\windows.0\system32\rserver30\RServer3.exe" /service --> c:\windows.0\system32\rserver30\RServer3.exe [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows.0\system32\drivers\ScreamingBAudio.sys --> c:\windows.0\system32\drivers\ScreamingBAudio.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-19 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1269415
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows.0\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows.0\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\» Jay «\Application Data\Mozilla\Firefox\Profiles\clp1skg0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\All Users.WINDOWS.0\Application Data\NexonUS\NGM\npNxGameUS.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 14:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows.0\system32\Ati2evxx.dll
.
Completion time: 2009-05-24 14:24
ComboFix-quarantined-files.txt 2009-05-24 18:23
ComboFix2.txt 2009-05-22 20:39
ComboFix3.txt 2009-05-22 04:25
ComboFix4.txt 2007-11-14 21:35
Pre-Run: 27,673,792,512 bytes free
Post-Run: 27,654,049,792 bytes free
229 --- E O F --- 2007-11-13 20:17
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
JayAmin213
2009-05-27, 05:11
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 26, 2009 21:48:38
Records in database: 2253631
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 171966
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 05:55:28
No malware has been detected. The scan area is clean.
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:40 PM, on 5/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\System32\tcpsvcs.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\» Jay «\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\» Jay «\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188362464718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188376184828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS.0\system32\rserver30\RServer3.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - (no file)
--
End of file - 8558 bytes
That looks good :)
Still problems?
JayAmin213
2009-05-27, 20:20
No problems. :)
THANK YOU! :thanks:
Great :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can fix these, they are leftovers:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O24 - Desktop Component 0: My Current Home Page - (no file)
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.