Hi,
I have previously used this site to fix my computer, I was assisted by one of you staff and I was very pleased with how my cup was working I was a bit younger but good at computer now imp better and dealing with cpu problems on my own most of the time. But these viruses caused me to need to reinstall my whole computer. Format and reinstall, the last time this virus attack my computer had no virus protection, but now I have comodo internet security the latest version (so I think), avast home edition, and winpatrol. When I put the flash stick in my port comodo noticed a file started to act up and change things in the registry with my previous experience dealing with the registry, I managed to find and remove both registry key that disabled the task manger and regedit. I got the registry working by using hijackthis's misc. tools that scanned the CPU I will post the last one i scaned since i dont have the one before and after the viruse got on, i will post what i deleted in blue.

old log file with what i deleted in blue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:04 PM, on 11/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://d:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.gamedip.com
O15 - Trusted Zone: http://www.gamevial.com
O15 - Trusted Zone: http://www.maidmarian.com
O15 - Trusted Zone: http://*.majorgeeks.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://www.runescape.com
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe

--
End of file - 6493 bytes




new log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:17 PM, on 11/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\poweroff.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://d:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.gamedip.com
O15 - Trusted Zone: http://www.gamevial.com
O15 - Trusted Zone: http://www.maidmarian.com
O15 - Trusted Zone: http://*.majorgeeks.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://www.runescape.com
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe

--
End of file - 7381 bytes


i ran avast and removed what it found, beside's what i know for sure isnt a virus, and what could be repaired was repaired.thanks for your help and i would like to know if i got rid of the virus or not i zipped a copy of it before i removed it from my pc. it was in the java/bin folder in disk drive c:/program files. its name was jusched.exe. anyway thanks for your help.

also i used comodos registry key protector to protect the areas attack by that virus since most viruses that attack my computer do that. or at least i hope they do. once again thanks for your help.:thanks: i hope what i did was correct. i am fixing alot of computer at my schoool and home.thats were my exp. is from these programs that i mention includeing spyware blaster and atf cleaner.

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------


i would like to know if i got rid of the virus or not i zipped a copy of it before i removed it from my pc. it was in the java/bin folder in disk drive c:/program files. its name was jusched.exe. anyway thanks for your help.

jusched.exe is a valid Java file, not an infection.


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

here is the log.txt content

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-23 18:19:37
WIN_XP Service Pack 2
System drive C: has 2 GB (10%) free of 25 GB
Total RAM: 247 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:20 PM, on 11/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\poweroff.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\RSIT.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=eng
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-1801674531-1592454029-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1801674531-1592454029-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1801674531-1592454029-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1801674531-1592454029-839522115-500\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Poweroff - Jorgen Bosman - C:\WINDOWS\system32\poweroff.exe

--
End of file - 6901 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-08-24 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-08-24 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-08-24 114688]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NWEReboot"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-08-24 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\STHIW\stInstall.exe"="F:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\groove.exe"="C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-11-23 18:19:37 ----D---- C:\rsit
2009-11-23 18:18:39 ----A---- C:\RSIT.exe
2009-11-18 19:35:02 ----D---- C:\WINDOWS\pss
2009-11-04 16:42:43 ----D---- C:\Documents and Settings\All Users\Application Data\pixelStorm
2009-10-30 20:56:38 ----SHD---- C:\FOUND.003
2009-10-30 17:47:06 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-30 15:22:22 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-30 15:16:29 ----D---- C:\Program Files\Microsoft Works
2009-10-30 15:15:59 ----D---- C:\Program Files\MSBuild
2009-10-30 15:14:55 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-30 15:14:53 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-30 15:12:07 ----D---- C:\Program Files\Microsoft.NET
2009-10-30 14:57:37 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-10-30 14:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-30 14:53:07 ----RHD---- C:\MSOCache

======List of files/folders modified in the last 1 months======

2009-11-19 18:04:48 ----SH---- C:\boot.ini
2009-11-19 18:04:48 ----A---- C:\WINDOWS\win.ini
2009-11-19 18:04:48 ----A---- C:\WINDOWS\system.ini
2009-11-18 21:58:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-18 19:36:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-29 17:38:40 ----A---- C:\WINDOWS\videoimp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-07-15 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-07-15 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-07-15 15781]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-05 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-08-24 1052732]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 snpstd;D-Link CIF Webcam; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-18 299776]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-07-15 707152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Poweroff;Poweroff; C:\WINDOWS\system32\poweroff.exe [2003-08-16 172032]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-02 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------



the info.txt content
info.txt logfile of random's system information tool 1.06 2009-11-23 18:20:33

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D5DFD1A-5B25-48B7-B4D5-E04778BDC676}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems PCI Soft Modem-->agrsmdel
Alone in the Dark - www.classic-gaming.net-->"d:\Program Files\CGN\Alone in the Dark\unins000.exe"
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\setup.exe" -l0x9 -uninst
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED10343F-D30A-4200-9B00-665FC45F52B4}\setup.exe" -l0x9 -uninst
Asterisk Key 9.3-->e:\Program Files\Passware\un-ariskkey.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Blood - Plasma Pak - www.classic-gaming.net-->"d:\Program Files\CGN\Blood - Plasma Pak\unins000.exe"
Blood 2 - The Chosen - www.classic-gaming.net-->"e:\Blood\unins000.exe"
Cheat Engine 5.5-->"d:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Cottage Of Doom 1.0-->"d:\Program Files\Cottage Of Doom\unins000.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Deathtrap Dungeon - www.classic-gaming.net-->"d:\Program Files\CGN\Deathtrap Dungeon\unins000.exe"
D-Link CIF Webcam-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110.txt
Emicsoft FLV Converter-->"e:\Program Files\Emicsoft Studio\Emicsoft FLV Converter\unins000.exe"
FIFA 97 - www.classic-gaming.net-->"d:\Program Files\CGN\FIFA 97\unins000.exe"
Free Download Manager 3.0-->"d:\Program Files\Free Download Manager\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Half-Life-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
HijackThis 2.0.2-->"D:\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) Network Connections 14.0.40.0-->MsiExec.exe /i{888019C0-54D4-40C2-9274-27B9DAB17017} ARPREMOVE=1
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
K-Lite Codec Pack 3.2.5 Full-->"d:\Program Files\K-Lite Codec Pack\unins000.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo Custom Edition-->"C:\Program Files\Microsoft Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Halo-->"c:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NAM - www.classic-gaming.net-->"d:\Program Files\CGN\NAM\unins000.exe"
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Pizza Tycoon - www.classic-gaming.net-->"d:\Program Files\CGN\Pizza Tycoon\unins000.exe"
Powerbullet Presenter-->E:\Powerbullet\unins000.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Riva FLV Encoder 2.0-->"e:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SWF Opener-->"d:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
Tales of Pirates Online-->"D:\Program Files\Tales of Pirates Online\unins000.exe"
tazti-->MsiExec.exe /I{3B23DF51-DB1D-4083-BC33-672B5FC424C5}
TekWar - www.classic-gaming.net-->"d:\Program Files\CGN\TekWar\unins000.exe"
The Sims 2-->d:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims-->C:\WINDOWS\IsUninst.exe -f"d:\Program Files\Maxis\The Sims\Uninst.isu"
TRUST 120 SPACEC@M-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC2110a.ini
TypeFaster Typing Tutor-->"d:\Program Files\TypeFaster\uninstall.exe"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Speech Recognition Macros-->MsiExec.exe /X{8DC197D6-F4AB-44E0-ACF7-210355E6F389}
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

=====HijackThis Backups=====

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-19]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-11-19]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

gmer didnt want to work to start with it gave me 2 errors :confused:

then when i restarted the computer at the logon screen i got a message with three small boxs like when you have text in a diffrent language that you cant see and an ok button no close button:confused: i clicked ok:D: i renamed gmer to look but to no prevail:sad: it starts but encounters an error at some point:sad: i tried redownloading, restarting and disableing the internet and all virus programs:police:
also to no prevail:sad:

p.s: my commodo internet sequrity has some reg keys put under safe:police: as in nothing can change them or add things too them.thanks for the help so far, but i thought you might want to know the program that is for java that i deleted but zipped, commodo showed in the firewall events and proccess's that it had changed many reg keys and added a few includeing one called registrydisable or something like that thats why i removed it.:bigthumb: good job so far. i cant control this situation im not a :crowned:
of computers like you guys. but i am good at fixing other stuff in cpu's not as in hardware but certain software.
thanks for the help again

It's possible that Comodo was interfering with GMER.
Does COMODO Internet Security include an Antivirus component, or is it just the firewall that you are using ?

There is no obvious sign of infection, but let's have a last scan.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

i have the commodo internet sequrity which includes the commodo firewall and antivirus but at the time gmer was running as i mentioned i had all virus programs and firewalls off.

also i started the kaspersky scan yesterday i camee today to my surpirse:confused: they scan had stopped at 75% and the timer wouldn't move i waited for a while but to no avail so i just stoped the scan to see the report that it had come up with but it wouldnt show me. i remember the amount of infected files they were 21 and the threats were 5. if thats any help i am restarting the kaspersky scan now for a second time. hopefully it wont stop now.:rockon:

:wav::wav::wav::wav:

kaspersky has managed to anger me once again it stopped at 10% once and now at 65% i am really loseing my grip here need some help with what to do as it wont finish i have all antivirus programs off and all firewalls off i even tried it with them on that was worse. so as i said above any suggestion oh i thought you might want to know i have played many java based games that for some reason tend to eventually do that. any ideas.

:crowned: peace out,
dangerous:D:

oh i thought you might want to know i have played many java based games that for some reason tend to eventually do that. any ideas.

:crowned: peace out,
dangerous:D:

It's probably due to the low amount of RAM you have

Total RAM: 247 MB (29% free)

Please try this scanner instead.


Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.

wow i forgot about my ram, for the last few months, my ram has been going down a slope for some reason its decreaseing i dont know why but it has my dads computer is older by like 2 years but its ram is fine. but whats important is hat i will be buying some rams shorty after my computer is disinfected or at least i hope so. anyway here is the log

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-25 20:08:23
PROTECTIONS: 2
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
COMODO Antivirus 3.9 Yes Yes
avast! antivirus 4.8.1335 [VPS 091125-0] 4.8.1335 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\dangerous\cookies\dangerous@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\hannah\cookies\hannah@atdmt[2].txt
00192050 Sniffer/WpePro HackTools No 0 Yes No c:\downloads\wpe pro.exe
00192050 Sniffer/WpePro HackTools No 0 Yes No c:\downloads\wpepro09x.zip[wpe pro.exe]
00192051 Sniffer/WpePro HackTools No 0 Yes No c:\downloads\wpepro09x.zip[wpespy.dll]
00192051 Sniffer/WpePro HackTools No 0 Yes No c:\downloads\wpespy.dll
00200583 adware/block-checker Adware No 1 Yes No hkey_current_user\software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.net\
00363918 W32/Sality.X.drp Virus/Trojan No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051201.sys
00363933 W32/Sality.Y Virus No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\nero7keygen.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\program files\cgn\blood 2 - the chosen\client.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\program files\cgn\blood 2 - the chosen\blood2sv.exe
00363933 W32/Sality.Y Virus No 0 Yes No e:\program files\passware\ariskkey.exe
00363933 W32/Sality.Y Virus No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\deskduck.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\program files\cgn\blood 2 - the chosen\blood2.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\password recovery tool\un-ariskkey.exe
00363933 W32/Sality.Y Virus No 0 Yes No e:\program files\passware\un-ariskkey.exe
00363933 W32/Sality.Y Virus No 0 Yes No e:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051249.exe
00363933 W32/Sality.Y Virus No 0 Yes No e:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051250.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp125\a0051309.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\password recovery tool\ariskkey.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\max payen\max payen\maxpayne.exe
00363933 W32/Sality.Y Virus No 0 Yes No e:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051251.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\games\neighbours from hell\bin\game.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\games\metal gear solid\mgsvr.exe
00363933 W32/Sality.Y Virus No 0 Yes No d:\games\metal gear solid\mgsolid.exe
00507989 Constructor/JPS SecRisk No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\a0043842.exe
00507995 Trj/Delf.ZX Virus/Trojan No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\a0043843.exe
01048936 Generic Malware Virus/Trojan No 0 Yes No c:\program files\gamespy arcade\services\_common\portraitloader.dll
03074964 Trj/CI.A Virus/Trojan No 0 No No c:\downloads\software\ek_setup.exe[²üç\access40.dll]
03422903 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No d:\total overdose\pztrain.exe
03422903 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No d:\total overdose\mofunzone.com--total_overdose_7_trainer.zip[pztrain.exe]
03446887 Generic Trojan Virus/Trojan No 0 Yes No c:\backup\scripter.exe
03446887 Generic Trojan Virus/Trojan No 0 Yes No c:\grand theft auto 3\scripter.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051261.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051259.exe
03614159 W32/Sality.AK Virus No 0 Yes No e:\office 2007\office2010_x86\setup.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\program files\microsoft office\office12\excel.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\program files\real\realplayer\realplay.exe
03614159 W32/Sality.AK Virus No 0 Yes No d:\codec 2009\codec 2009\flv\flv player 2.0.24\flvplayersetup.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\program files\microsoft office\office12\mspub.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\documents and settings\all users\application data\{148d8b8a-8f96-4822-81ec-d510b626b7d5}\driverscanner\5c40aa7e\8f9f9dcd\driverscanner.exe
03614159 W32/Sality.AK Virus No 0 Yes No d:\codec 2009\codec 2009\flv\wimpy flv player - pc\wimpy_flv_player_pc\flvplayr.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
215048 HIGH MS09-065
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
208380 HIGH MS09-015
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
209275 HIGH MS08-049
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
191618 HIGH MS08-025
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
145501 HIGH MS07-004
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93454 MEDIUM MS05-049
;===================================================================================================================================================================================


about the one that cant be disinfected i can just delete that permanently but some of these things never showed up on my virus scanner b4 why now. oh i almost forgot when i checked the kaspersky scanner i mannaged to see what was infected its mostly whats on the list but jusched.7z the zipped file that i made of the file that added to my reg some keys that disabled my reg and taskmanager showed up in that scan but it didnt show up here.:D: hope this log and what i have posted so far helps. :bigthumb:good job so far i really need this problem fixed.

I've got bad news for you.

00363918 W32/Sality.X.drp Virus/Trojan No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051201.sys
00363933 W32/Sality.Y Virus No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\nero7keygen.exe
00363933 W32/Sality.Y Virus No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\deskduck.exe
00363918 W32/Sality.X.drp Virus/Trojan No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051201.sys
00363933 W32/Sality.Y Virus No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\nero7keygen.exe
00363933 W32/Sality.Y Virus No 0 Yes No c:\program files\comodo\comodo internet security\quarantine\deskduck.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051261.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\system volume information\_restore{d4fb7451-575f-4ce6-be19-36bb43fb8b12}\rp123\a0051259.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\program files\microsoft office\office12\excel.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\program files\real\realplayer\realplay.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\program files\microsoft office\office12\mspub.exe
03614159 W32/Sality.AK Virus No 0 Yes No c:\documents and settings\all users\application data\{148d8b8a-8f96-4822-81ec-d510b626b7d5}\driverscanner\5c40aa7e\8f9f9dcd\driverscanner.exe


You have a file infector on your machine.
There is very little that can be done in these situations, a reformat is the only real option.

It looks like your removable drives contain infected files also, so you need to delete those.


d:\program files\cgn\blood 2 - the chosen\client.exe
d:\program files\cgn\blood 2 - the chosen\blood2sv.exe
d:\program files\cgn\blood 2 - the chosen\blood2.exe
d:\password recovery tool\un-ariskkey.exe
d:\password recovery tool\ariskkey.exe
d:\max payen\max payen\maxpayne.exe
d:\games\neighbours from hell\bin\game.exe
d:\games\metal gear solid\mgsvr.exe
d:\games\metal gear solid\mgsolid.exe
d:\total overdose\pztrain.exe
d:\total overdose\mofunzone.com--total_overdose_7_trainer.zip[pztrain.exe]
d:\codec 2009\codec 2009\flv\flv player 2.0.24\flvplayersetup.exe
d:\codec 2009\codec 2009\flv\wimpy flv player - pc\wimpy_flv_player_pc\flvplayr.exe

e:\office 2007\office2010_x86\setup.exe
e:\program files\passware\un-ariskkey.exe
e:\program files\passware\ariskkey.exe

I also recommend that you stay away from files like this

nero7keygen.exe

dont laugh or anything but my sister got on the computer and closed scotty along with all the other anitvirus stuff now i am really in trouble my reg and task manager wont start i cant fix the problem like last time this virus is smarter or so it may seem, the key when deleted reinstalls it self were it was
and is causeing me alot of trouble. sorry for the inconvenience but i think we might have to start over:laugh: trust me i was so angery and sad that i laughed also.


a wise man once said" its good to laugh at somethings, for laughter is the best medicine for one's mind and soul"

:funny:

im really sorry for what she did i managed to figure out what happened a virus in the avast chest got out i dont know how but it did all this, it was a infected file thats for sure it was winpatrolex.exe it was infected but i know that it was a file needed for it to run their was a .dll file in winpatrols folder wasnt sure if i had seen it before so i just deleted it all. hope me and my sister arent much of a trouble for you.
sorry again. i will keep her off this computer untill its fixed, i hope:D:

You obviously didn't read my previous post properly.


You have a file infector on your machine.
There is very little that can be done in these situations, a reformat is the only real option.


This machine needs to be formatted.

This system is infected with a polymorphic file infector called Sality. Sality is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.


Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

thanks for your help so far i really wanted to format my cpu but my sister is really bugging me about it as i wont really backup that much do you think their is a way i can hack into the reg i need some of my reg keys for i have lost the box's\case's for them. but i still have the cd's and stuff.:laugh:

do you think their is a way i can hack into the reg i need some of my reg keys for i have lost the box's\case's for them. but i still have the cd's and stuff.

Since I don't know which programs you thinking of, there is no way I can say if the registration key is available in the registry.

You would need to contact the author/company of each program.


Once you have reformatted, ensure you have disabled Autoruns and have an up to date Antivirus scanner installed before you use your USB drives.

How To Disable Autorun (http://antivirus.about.com/od/securitytips/ht/autorun.htm)