Computer Hope
Software => Computer viruses and spyware => Topic started by: majakldragon on September 29, 2009, 04:52:32 PM
-
This machine belongs to a friend of mine and her son needs it school. It will at present only start in safe mode. I am sure there are a lot of viruses on iot as I found they were using limewire. I have since uninstalled this program.
RIST Logs
info.txt logfile of random's system information tool 1.06 2009-09-29 17:47:39
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ArcSoft Multimedia Email-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.EXE" -l0x9 -uninst
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cozi-->MsiExec.exe /X{80F30C5D-53DC-4AFC-8298-5D5BC0DC9594}
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.01.02.0729)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
Fast Browser Search (My Web Tattoo)-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll"
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaBar-->C:\Program Files\BearShareTb\uninstall.exe
MediaSPace-->MsiExec.exe /I{238F787F-4FE9-4644-8362-30800F50E190}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Essentials-->MsiExec.exe /I{3C814DE3-7174-4148-A3E2-43FFC4F21033}
Nero 8 Lite-->"C:\Program Files\Nero\unins000.exe"
PC Confidential 2008-->"C:\Program Files\Winferno\PC Confidential\unins000.exe"
PC Pitstop Optimize3 3.0-->"C:\Program Files\PCPitstop\Optimize3\unins000.exe"
PC SpeedScan Pro-->C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,Uninstall
Posh Boutique 2 (remove only)-->"C:\Program Files\GameHouse\Posh Boutique 2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
RegGenie v2.0-->"C:\WINDOWS\RegGenieOnUninstall.exe"
Search Guard Plus (My Web Tattoo)-->C:\Program Files\Search Guard Plus\uninstalSGP.exe
Search Guard Plus Updater (My Web Tattoo)-->C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Striker-->C:\Program Files\InstallShield Installation Information\{E8B0BD86-073B-4D7E-B0F1-CC37E70014D4}\setup.exe -runfromtemp -l0x0009 -removeonly
Sunbelt-->C:\Program Files\InstallShield Installation Information\{3FEE454C-8FEB-482A-A3EB-E9D671E57047}\setup.exe -runfromtemp -l0x0409
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner-->"C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zwangi 1.0 build 125-->C:\Program Files\ZwangiSearch\uninstall.exe
======Hosts File======
127.0.0.1 mpa.one.microsoft.com
======System event log======
Computer Name: PERSONAL-5DA040
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.100.11 on the
Network Card with network address 0011115A1D18.
Record Number: 931
Source Name: Dhcp
Time Written: 20090716211055.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011115A1D18. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 930
Source Name: Dhcp
Time Written: 20090716211055.000000-300
Event Type: warning
User:
Computer Name: PERSONAL-5DA040
Event Code: 32003
Message: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.
Record Number: 929
Source Name: ipnathlp
Time Written: 20090716211033.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 1002
Message: The IP address lease 70.128.5.23 for the Network Card with network address 0011115A1D18 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Record Number: 928
Source Name: Dhcp
Time Written: 20090716211033.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down
Record Number: 925
Source Name: E100B
Time Written: 20090716211026.000000-300
Event Type: warning
User:
=====Application event log=====
Computer Name: PERSONAL-5DA040
Event Code: 1001
Message: Fault bucket 530662126.
Record Number: 265
Source Name: Application Error
Time Written: 20090716150446.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.5730.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Record Number: 264
Source Name: Application Error
Time Written: 20090716150443.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.5730.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Record Number: 263
Source Name: Application Error
Time Written: 20090716134947.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 1001
Message: Fault bucket 530662126.
Record Number: 262
Source Name: Application Error
Time Written: 20090716134628.000000-300
Event Type: error
User:
Computer Name: PERSONAL-5DA040
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.5730.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.
Record Number: 261
Source Name: Application Error
Time Written: 20090716134620.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
-
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-29 17:47:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 68 GB (89%) free of 76 GB
Total RAM: 510 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:34 PM, on 9/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe
O4 - HKLM\..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\RegGenieScheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Documents and Settings\Administrator\Launcher.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Spyware Striker Pro] C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe -m
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZwangiSearch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi125.exe (file missing)
O24 - Desktop Component 0: (no name) - http://c1.ac-images.myspacecdn.com/images01/98/m_8a46eddc856eecb815977a26fddc9218.jpg
--
End of file - 10110 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FAFBDCA6-8D86-4904-A755-AF0A8750AE85}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2009-07-30 909040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-10 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-10 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-10 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll [2009-07-30 159472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2009-07-30 909040]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-06-10 2602368]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-10 256112]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2004-07-30 245760]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"SGPUpdater"=C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2009-05-15 67456]
"FBSearch"=C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2009-05-04 194432]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]
"PC Pitstop Optimize Reminder"=C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe [2009-06-10 205552]
"RegGenie Scheduler"=C:\Program Files\RegGenie\RegGenieScheduler.exe [2009-07-03 271384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-10 39408]
"UniblueSpeedUpMyPC"=C:\Documents and Settings\Administrator\Launcher.exe []
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m []
"PC SpeedScan Pro"=C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe [2009-04-08 2134016]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
"Spyware Striker Pro"=C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe [2009-06-12 1290240]
"RegGenie v2.0 - Trial Expired"=C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe [2009-07-01 336408]
"RegGenie v2.0"=C:\Program Files\RegGenie\RegGenieOnReboot.exe [2009-07-01 480280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Blinkx\blinkx.exe"="C:\Program Files\Blinkx\blinkx.exe:*:Enabled:Blinkx"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 2 months======
2009-09-29 17:47:29 ----D---- C:\rsit
2009-09-29 17:18:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-29 17:04:20 ----D---- C:\Program Files\AVG
2009-09-29 16:44:24 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG8
2009-09-28 21:14:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-28 21:13:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-28 21:13:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-14 15:26:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-09-05 04:35:43 ----D---- C:\Program Files\ZwangiSearch
2009-09-05 04:35:43 ----D---- C:\Documents and Settings\All Users\Application Data\ZwangiSearch
2009-08-10 04:53:51 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2009-08-10 04:51:52 ----D---- C:\Program Files\VideoLAN
2009-08-10 04:43:04 ----D---- C:\Program Files\Cozi Express
2009-08-10 04:43:04 ----D---- C:\Documents and Settings\All Users\Application Data\Cozi
2009-08-10 04:42:09 ----D---- C:\Program Files\Common Files\Winferno
2009-08-10 04:39:42 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL
2009-08-10 04:39:42 ----A---- C:\WINDOWS\system32\WINLCTL5.DLL
2009-08-10 04:39:40 ----D---- C:\Program Files\Winferno
2009-08-10 04:35:27 ----D---- C:\Program Files\My.Freeze.com Toolbar
2009-08-10 03:56:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-10 03:55:58 ----D---- C:\Program Files\Common Files\PC Tools
2009-08-10 03:55:46 ----D---- C:\Program Files\Spyware Doctor
2009-08-10 03:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-08-10 03:55:46 ----D---- C:\Documents and Settings\Administrator\Application Data\PC Tools
2009-08-10 02:42:56 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-08-10 02:42:55 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-08-10 02:42:37 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-10 02:42:24 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-08-10 02:41:31 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-08-10 02:40:57 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-10 02:40:52 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-08-08 04:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-08 04:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-06 00:59:10 ----D---- C:\WINDOWS\Prefetch
2009-08-06 00:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-06 00:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-06 00:53:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-06 00:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-06 00:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-06 00:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-08-06 00:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-06 00:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-06 00:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-06 00:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-06 00:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-06 00:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-06 00:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-06 00:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-06 00:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-06 00:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-06 00:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-06 00:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-06 00:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-06 00:51:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-06 00:51:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-06 00:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-06 00:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-06 00:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-06 00:50:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-06 00:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-06 00:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-06 00:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-06 00:45:50 ----D---- C:\WINDOWS\system32\scripting
2009-08-06 00:45:49 ----D---- C:\WINDOWS\l2schemas
2009-08-06 00:45:48 ----D---- C:\WINDOWS\system32\en
2009-08-06 00:45:48 ----D---- C:\WINDOWS\system32\bits
2009-08-06 00:42:37 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-06 00:39:55 ----D---- C:\WINDOWS\network diagnostic
2009-08-06 00:34:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-02 03:14:50 ----D---- C:\Program Files\Search Guard PlusU
2009-08-02 03:14:50 ----D---- C:\Program Files\Search Guard Plus
2009-08-02 03:14:49 ----D---- C:\Program Files\SGPSA
2009-08-02 03:13:27 ----D---- C:\Program Files\Fast Browser Search
2009-08-02 03:13:22 ----D---- C:\users
2009-08-01 04:01:09 ----D---- C:\WINDOWS\ie8updates
2009-07-31 23:29:50 ----A---- C:\WINDOWS\NeroDigital.ini
======List of files/folders modified in the last 2 months======
2009-09-29 17:42:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-29 17:32:58 ----D---- C:\WINDOWS\security
2009-09-29 17:23:59 ----D---- C:\WINDOWS\system32\drivers
2009-09-29 17:23:59 ----D---- C:\WINDOWS\system32
2009-09-29 17:22:58 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-09-29 17:22:57 ----D---- C:\WINDOWS
2009-09-29 17:18:13 ----D---- C:\Program Files\Common Files
2009-09-29 17:10:58 ----D---- C:\WINDOWS\Minidump
2009-09-29 17:09:45 ----A---- C:\WINDOWS\DUMP3eae.tmp
2009-09-29 17:08:09 ----A---- C:\WINDOWS\DUMP37e8.tmp
2009-09-29 17:04:20 ----RD---- C:\Program Files
2009-09-29 16:32:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-10 02:45:16 ----D---- C:\Program Files\Windows Media Player
2009-08-10 02:42:46 ----A---- C:\WINDOWS\win.ini
2009-08-06 01:00:16 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-06 00:59:24 ----A---- C:\WINDOWS\setuplog.txt
2009-08-06 00:58:45 ----D---- C:\WINDOWS\system32\Setup
2009-08-06 00:58:45 ----D---- C:\WINDOWS\AppPatch
2009-08-06 00:58:45 ----D---- C:\Program Files\Messenger
2009-08-06 00:46:09 ----D---- C:\WINDOWS\ime
2009-08-06 00:45:51 ----D---- C:\WINDOWS\system32\usmt
2009-08-06 00:45:48 ----D---- C:\WINDOWS\PeerNet
2009-08-06 00:45:47 ----D---- C:\Program Files\Movie Maker
2009-08-06 00:42:25 ----D---- C:\WINDOWS\system32\npp
2009-08-06 00:42:25 ----D---- C:\WINDOWS\mui
2009-08-06 00:42:23 ----D---- C:\WINDOWS\msagent
2009-08-06 00:42:22 ----D---- C:\WINDOWS\srchasst
2009-08-06 00:42:21 ----D---- C:\Program Files\NetMeeting
2009-08-06 00:42:19 ----D---- C:\WINDOWS\system32\Com
2009-08-06 00:42:16 ----D---- C:\Program Files\Windows NT
2009-08-06 00:42:13 ----D---- C:\Program Files\Common Files\System
2009-08-06 00:41:50 ----D---- C:\WINDOWS\system32\oobe
2009-08-06 00:41:47 ----D---- C:\WINDOWS\system
2009-08-06 00:38:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-06 00:34:41 ----D---- C:\WINDOWS\ehome
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 SBAMSvc;AntiMalware; C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe [2008-10-28 886056]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 ZwangiSearch Service;ZwangiSearch Service; C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi125.exe C:\Program Files\ZwangiSearch\zwangi.dll Service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-10 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Hello majakldragon and welcome to Computer Hope Forum. What happens when you try to start the computer in Normal mode? Did the computer just start doing this (Safe Mode)? Do you know exactly what happened just prior to this malfunction?
Please follow this (http://www.computerhope.com/forum/index.php/topic,46313.0.html) link and follow the instructions. Try to do as many steps as you can and paste the logs in your next post.
-
Sorry its taken so long for me to get back to you. When started in normal mode I get a blue screen with a 7F code.
I also have no idea what they were doing when it first started happening.
I will remove anything that is p2p software related if I can find it.
I have the HD slaved to a working hd to do the AV install and a couple other things. After I get that done I will post new logs back to this page.
AVG has found something "potentially dangerous" HackTool.AH and HackTool.GAB in pwdump. Is this something o be worried about? I know some of these "potentially dangerous" warning are false.
I found that the battery was dead so going back 3 months is going to be hard to do. The battery has been replaced as of now.
-
Let's just worry about getting some scans and logs off this computer and we'll deal with that other stuff later, if it is still there.
-
Ummmm Like a bad reletive, its still there.
Awaiting instructions.
I can dl directly to the infected computer or use my clean computer but I have Home edition and the infect has Pro.
-
I used the CH self help HJT processes tool and removed a few things that it said to remove. The mywebsearch thingy will not leave.
New HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:44 PM, on 10/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe
O4 - HKLM\..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\RegGenieScheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Documents and Settings\Administrator\Launcher.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKCU\..\Run: [Spyware Striker Pro] C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe -m
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://c1.ac-images.myspacecdn.com/images01/98/m_8a46eddc856eecb815977a26fddc9218.jpg
--
End of file - 9919 bytes
-
Could you please do this for me.
Open HJT, click open the misc tools section, open uninstall manager, click save list and save it where you can easily find it; perhaps your desktop. Copy and paste the list in your next reply.
-
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
ArcSoft Multimedia Email
ArcSoft PhotoImpression 5
CCleaner (remove only)
CloneCD
Cobian Backup 8
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Cozi
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Driver Genius Professional Edition
ESET Online Scanner v3
Fast Browser Search (My Web Tattoo)
Get Yahoo! Messenger
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 15
Malwarebytes' Anti-Malware
MediaBar
MediaSPace
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
Nero 8 Lite
PC Confidential 2008
PC Pitstop Optimize3 3.0
PC SpeedScan Pro
Performance Center
Personal License Update Wizard for Windows Media Player
Posh Boutique 2 (remove only)
PowerDVD
Recuva
RegCure 1.6.0.0
RegGenie v2.0
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Spyware Doctor 6.1
Spyware Striker
Sunbelt
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VLC media player 0.9.2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Winferno Registry Power Cleaner
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zwangi 1.0 build 125
-
Please print these instructions or save them in Notepad as they will be needed later when Internet access is not available.
Download SDFix.exe (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) by AndyManchesta and save it to your Desktop.
When using this tool, you must use the Administrator's account or an account with Administrative rights.
• Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
DO NOT use it just yet.
Now then reboot your computer in Safe Mode by doing the following:
•Restart your computer
•After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
•Instead of Windows loading as normal, the Advanced Options Menu should appear;
•Select the first option, to run Windows in Safe Mode, then press Enter.
•Choose your usual account.
•Open the extracted SDFix folder and double click RunThis.bat to start the script.
•Type Y to begin the cleanup process.
•It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
•Press any Key and it will restart the PC.
•When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
•Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
•Finally copy and paste the contents of the results file Report.txt with a NEW HijackThis log in your next reply.
If SDFix won't run or you get errors, follow the link for instructions on running SDFix. How to use SDFix (http://www.bleepingcomputer.com/forums/topic131299.html)
-
Not a problem in the internet connection as I am using my computer to follow instructions while fixing the other one. I will post the results in a few minutes.
-
OK here are the logs. It said I needed to install Spybots immunizer but it still only loads in safemode.
SDFix: Version 1.240
Run by Administrator on Fri 10/09/2009 at 01:59 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 14:15:39
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Blinkx\\blinkx.exe"="C:\\Program Files\\Blinkx\\blinkx.exe:*:Enabled:Blinkx"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\HousecallLauncher.exe"="C:\\HousecallLauncher.exe:*:Enabled:HousecallLauncher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Wed 1 Sep 2004 246,934 ...H. --- "C:\Program Files\GameHouse\Posh Boutique 2\Uninstall.exe"
Tue 1 Apr 2008 77,824 A..H. --- "C:\Program Files\Winferno\PC Confidential\DeleteIndex.exe"
Tue 1 Apr 2008 73,728 A..H. --- "C:\Program Files\Winferno\PC Confidential\PCCBHO.dll"
Mon 10 Aug 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 17 Jul 2009 657,960 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\15d50e00450d1f5d4a60e6c52a8a058a\BIT3.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385356f49d06c01107510fc1c19aefbd\BITA.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4fe1d2ff6d88c5835095919fddc918c8\BIT7.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\607da2f7aa5c5509ae1e078fa2587246\BIT13.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61c1721af834119a58811f42fc1bb9fc\BITE.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\65e6ace83d06517bf50827abf6f9a13e\BIT8.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\81038344b87b588eeda597731a587b20\BITD.tmp"
Fri 17 Jul 2009 244,271 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a8f719597d97278e8d5205d44676da41\BIT6.tmp"
Fri 17 Jul 2009 252,591 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad59e525b4acc7f84841c0cca5f77546\BITC.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c51eedc7427a3e31252078c1ba6da4\BIT9.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddb39745688a90abb2280bbb10bf249a\BIT11.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\BIT10.tmp"
Finished!
New HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:23 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe
O4 - HKLM\..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\RegGenieScheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{E8B0B~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{E8B0B~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Documents and Settings\Administrator\Launcher.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKCU\..\Run: [Spyware Striker Pro] C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe -m
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JFUQ - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JFUQ.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://c1.ac-images.myspacecdn.com/images01/98/m_8a46eddc856eecb815977a26fddc9218.jpg
--
End of file - 10156 bytes
-
Something else I have noticed. I attempted to DL a driver from Dell since the blue screen could possibly be driver related, doubtful but none the less possible. It seems the system administrator has set policies to prevent this type of instillation. I got this when I attempted to install SuperAntiSpy also. Now I am the administrator and I have set no such policies.
The run button is also missing.
Malware related?
-
Try to do as little as possible until the malware is gone. Downloading drivers might infect them in the process and create a bigger mess.
-
Ok I got the run button fixed and it re appeared. Now to see if the other has been fixed so I can get SAS installed.
I understand EF and will refrain from doing so.
-
If you can get SAS or Malwarebytes to install and run that's fine. Just be sure to post the logs from them so SuperDave will know what's going on.
-
ok heres the new malwarebytes log
Malwarebytes' Anti-Malware 1.41
Database version: 2933
Windows 5.1.2600 Service Pack 3 (Safe Mode)
10/9/2009 7:37:52 AM
mbam-log-2009-10-09 (07-37-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 201661
Time elapsed: 42 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Ascentive\Performance Center\APCLang.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Spyware Striker.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
-
Run a new RSIT scan please and post the log.
-
requested log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-10-09 08:01:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 254 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:14 AM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\RegGenieScheduler.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{E8B0B~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{E8B0B~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Documents and Settings\Administrator\Launcher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spyware Striker Pro] C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe -m
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe"
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JFUQ - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JFUQ.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: AntiMalware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://c1.ac-images.myspacecdn.com/images01/98/m_8a46eddc856eecb815977a26fddc9218.jpg
--
End of file - 9986 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FAFBDCA6-8D86-4904-A755-AF0A8750AE85}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2009-07-30 909040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-10 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-10 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-10 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll [2009-07-30 159472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2009-07-30 909040]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-06-10 2602368]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-10 256112]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShareTb\BearShareDx.dll [2009-08-10 91576]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SGPUpdater"=C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2009-05-15 67456]
"RegGenie Scheduler"=C:\Program Files\RegGenie\RegGenieScheduler.exe [2009-07-03 271384]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"PC Pitstop Optimize Reminder"=C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe [2009-06-10 205552]
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-02-10 118784]
"FBSearch"=C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2009-05-04 194432]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2004-07-30 245760]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe [2009-10-08 1799952]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"=C:\PROGRA~1\INSTAL~1\{E8B0B~1\setup.exe [2009-10-08 455600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"UniblueSpeedUpMyPC"=C:\Documents and Settings\Administrator\Launcher.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-10 39408]
"Spyware Striker Pro"=C:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe [2009-09-08 831488]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"RegGenie v2.0 - Trial Expired"=C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe [2009-07-01 336408]
"RegGenie v2.0"=C:\Program Files\RegGenie\RegGenieOnReboot.exe [2009-07-01 480280]
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe [2009-04-21 3231744]
"PC SpeedScan Pro"=C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Blinkx\blinkx.exe"="C:\Program Files\Blinkx\blinkx.exe:*:Enabled:Blinkx"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\HousecallLauncher.exe"="C:\HousecallLauncher.exe:*:Enabled:HousecallLauncher"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 2 months======
2009-10-09 15:45:33 ----D---- C:\WINDOWS\pss
2009-10-09 13:55:28 ----D---- C:\WINDOWS\ERUNT
2009-10-09 13:50:12 ----D---- C:\SDFix
2009-10-09 06:34:30 ----A---- C:\msicuu2.exe
2009-10-08 21:21:03 ----A---- C:\sysclean.com
2009-10-08 20:29:12 ----A---- C:\JavaSetup6u16.exe
2009-10-08 20:19:17 ----A---- C:\HousecallLauncher.exe
2009-10-08 20:04:22 ----A---- C:\bpid_e22.exe
2009-10-08 01:47:31 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-08 01:47:29 ----A---- C:\WINDOWS\system32\guard32.dll
2009-10-08 01:26:01 ----D---- C:\Program Files\Plugins
2009-10-08 01:26:01 ----D---- C:\Program Files\Language
2009-10-08 01:24:15 ----A---- C:\Program Files\SUPERAntiSpyware.exe
2009-10-08 01:19:01 ----D---- C:\Program Files\Comodo
2009-10-08 01:17:03 ----A---- C:\Program Files\CIS_Setup_3.12.111745.560_XP_Vista_x32.exe
2009-10-08 01:04:09 ----HD---- C:\$AVG8.VAULT$
2009-10-07 21:34:03 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-10-07 18:45:43 ----A---- C:\RootRepeal report 10-07-09 (18-45-43).txt
2009-10-07 17:03:48 ----D---- C:\recovery
2009-10-06 18:23:53 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-10-06 18:23:53 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-06 18:23:52 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-10-06 18:23:52 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-10-06 18:23:52 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-10-06 18:23:51 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-10-06 18:23:51 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-10-06 18:23:50 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-10-06 18:23:50 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-10-06 18:23:50 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-10-06 18:23:50 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-10-06 18:23:49 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-06 18:23:49 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-06 18:23:49 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-10-06 18:23:48 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-10-06 18:23:48 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-10-06 18:23:48 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-10-06 18:23:47 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-10-06 18:23:47 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-10-06 18:23:47 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-10-06 18:23:47 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-10-06 18:23:46 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-10-06 18:23:46 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-10-06 18:23:46 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-10-06 18:23:45 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-10-06 18:23:45 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-10-06 18:23:45 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-10-06 18:23:44 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-10-06 18:23:44 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-10-06 18:23:44 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-10-06 18:23:44 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-10-06 18:23:43 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-06 18:23:43 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-06 18:23:43 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-06 18:23:42 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-10-06 18:23:42 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-10-06 18:23:41 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-10-06 18:23:41 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-10-06 18:23:41 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-10-06 18:23:40 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-10-06 18:23:40 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-10-06 18:23:39 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-10-06 18:23:39 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-10-06 18:23:39 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-10-06 18:23:38 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-10-06 18:23:38 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-10-06 18:23:38 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-10-06 18:23:38 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-10-06 18:23:37 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-10-06 18:23:37 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-10-06 18:23:36 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-10-06 18:23:36 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-10-06 18:23:36 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-10-06 18:23:35 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-10-06 18:23:31 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-10-06 18:23:26 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-10-06 18:23:26 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-10-06 18:23:21 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-10-06 18:23:20 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-10-06 18:23:20 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-10-06 18:23:20 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-10-06 18:23:20 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-10-06 18:23:19 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-10-06 18:23:19 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-10-06 18:23:18 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-10-06 18:23:18 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-10-06 18:23:18 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-10-06 18:23:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-10-06 18:23:17 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-10-06 18:23:17 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-10-06 18:23:14 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-10-06 18:23:14 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-06 18:23:13 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-10-06 18:23:13 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-10-06 18:23:12 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-10-06 18:23:12 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-10-06 18:23:12 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-10-06 18:23:11 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-10-06 18:23:10 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-10-06 18:12:57 ----HD---- C:\WINDOWS\msdownld.tmp
2009-10-06 18:12:51 ----D---- C:\WINDOWS\LastGood
2009-10-06 18:12:50 ----D---- C:\WINDOWS\Logs
2009-10-06 18:12:43 ----A---- C:\Program Files\dxwebsetup.exe
2009-10-06 16:22:38 ----D---- C:\Program Files\Recuva
2009-10-06 16:22:36 ----D---- C:\VundoFix Backups
2009-10-06 16:22:36 ----D---- C:\Program Files\CCleaner
2009-10-04 14:43:45 ----D---- C:\Program Files\ESET
2009-10-04 12:40:55 ----A---- C:\RootRepeal report 10-04-09 (12-40-55).txt
2009-10-04 12:15:08 ----D---- C:\Program Files\Cobian Backup 8
2009-10-04 12:08:26 ----A---- C:\Program Files\cbSetup8.exe
2009-10-03 23:26:50 ----A---- C:\VundoFix.txt
2009-10-03 21:07:53 ----D---- C:\WINDOWS\LastGood.Tmp
2009-09-29 17:47:29 ----D---- C:\rsit
2009-09-29 17:18:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-29 17:04:20 ----D---- C:\Program Files\AVG
2009-09-29 16:44:24 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG8
2009-09-28 21:14:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-28 21:13:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-28 21:13:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-15 11:42:42 ----A---- C:\Program Files\TBM1A.tmp
2009-09-15 11:42:40 ----A---- C:\Program Files\SSUpdate.exe
2009-09-14 15:26:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-09-05 04:35:43 ----D---- C:\Program Files\ZwangiSearch
2009-09-05 04:35:43 ----D---- C:\Documents and Settings\All Users\Application Data\ZwangiSearch
2009-09-03 15:21:42 ----A---- C:\Program Files\SASWINLO.dll
2009-08-10 04:53:51 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2009-08-10 04:51:52 ----D---- C:\Program Files\VideoLAN
2009-08-10 04:43:04 ----D---- C:\Program Files\Cozi Express
2009-08-10 04:43:04 ----D---- C:\Documents and Settings\All Users\Application Data\Cozi
2009-08-10 04:42:09 ----D---- C:\Program Files\Common Files\Winferno
2009-08-10 04:39:42 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL
2009-08-10 04:39:42 ----A---- C:\WINDOWS\system32\WINLCTL5.DLL
2009-08-10 04:39:40 ----D---- C:\Program Files\Winferno
2009-08-10 04:35:27 ----D---- C:\Program Files\My.Freeze.com Toolbar
2009-08-10 03:56:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-10 02:42:56 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-08-10 02:42:55 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-08-10 02:42:37 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-10 02:42:24 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-08-10 02:41:31 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-08-10 02:40:57 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-10 02:40:52 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
======List of files/folders modified in the last 2 months======
2009-10-09 15:27:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-09 13:57:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-09 07:38:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-09 06:34:47 ----RD---- C:\Program Files
2009-10-09 06:00:32 ----D---- C:\Program Files\Common Files
2009-10-09 05:59:43 ----D---- C:\WINDOWS\system32\drivers
2009-10-09 04:57:30 ----D---- C:\WINDOWS\Temp
2009-10-09 04:57:02 ----SHD---- C:\System Volume Information
2009-10-09 04:57:02 ----D---- C:\WINDOWS\system32\Restore
2009-10-09 04:55:17 ----D---- C:\WINDOWS\Minidump
2009-10-09 04:55:17 ----D---- C:\WINDOWS
2009-10-09 04:52:07 ----ASH---- C:\boot.ini
2009-10-09 04:52:07 ----A---- C:\WINDOWS\win.ini
2009-10-09 04:52:07 ----A---- C:\WINDOWS\system.ini
2009-10-09 00:31:34 ----D---- C:\WINDOWS\network diagnostic
2009-10-08 20:27:40 ----D---- C:\WINDOWS\system32
2009-10-08 20:12:09 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-08 20:12:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-08 20:12:07 ----D---- C:\Program Files\Ascentive
2009-10-08 19:42:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-08 19:24:43 ----HD---- C:\WINDOWS\inf
2009-10-08 19:24:26 ----D---- C:\Program Files\MSBuild
2009-10-08 01:26:04 ----D---- C:\Config.Msi
2009-10-07 21:22:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-07 21:01:48 ----D---- C:\dell
2009-10-07 20:36:16 ----A---- C:\WINDOWS\RegGenie.ini
2009-10-07 20:18:49 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-07 18:04:41 ----A---- C:\WINDOWS\DUMP65ed.tmp
2009-10-06 19:27:31 ----D---- C:\Program Files\Internet Explorer
2009-10-06 18:23:55 ----D---- C:\WINDOWS\system32\DirectX
2009-10-06 18:23:17 ----RSD---- C:\WINDOWS\assembly
2009-10-06 18:23:06 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-06 16:34:23 ----A---- C:\WINDOWS\DUMP370d.tmp
2009-10-06 16:28:33 ----A---- C:\WINDOWS\DUMP374c.tmp
2009-10-06 16:27:45 ----A---- C:\WINDOWS\DUMP3e60.tmp
2009-10-06 16:25:19 ----A---- C:\WINDOWS\DUMP3d18.tmp
2009-10-04 18:27:12 ----D---- C:\WINDOWS\security
2009-10-04 14:43:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-04 11:45:44 ----A---- C:\WINDOWS\DUMP5563.tmp
2009-10-04 00:52:36 ----D---- C:\WINDOWS\Debug
2009-10-03 23:17:49 ----A---- C:\WINDOWS\DUMP473a.tmp
2009-10-03 21:07:58 ----D---- C:\WINDOWS\Help
2009-10-03 21:00:55 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-10-03 21:00:53 ----D---- C:\WINDOWS\system
2009-09-29 17:09:45 ----A---- C:\WINDOWS\DUMP3eae.tmp
2009-09-29 17:08:09 ----A---- C:\WINDOWS\DUMP37e8.tmp
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-10 02:45:16 ----D---- C:\Program Files\Windows Media Player
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-10-08 25160]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-10-08 132296]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 SBAMSvc;AntiMalware; C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe [2008-10-28 886056]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2009-10-08 723632]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-10 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JFUQ;JFUQ; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JFUQ.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-22 208896]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ZwangiSearch Service;ZwangiSearch Service; C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi125.exe C:\Program Files\ZwangiSearch\zwangi.dll Service []
-----------------EOF-----------------
-
Download SmitfraudFix (by S!Ri) (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) to your Desktop.
- Extract all the files to your Desktop.
- A folder named SmitfraudFix will be created on your Desktop
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd
- Select option #1 - Search by typing 1 and press Enter
- This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
- When it is done, the results of the scan will be displayed and it will create a log named rapport.txt
- This is in the root of your drive, eg: Local Disk C: or partition where your operating system is installed
- Please attach that log in your next reply
- Note: process.exe[/B] ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish betwbetween "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
-
SmitFraudFix v2.424
Scan done at 9:16:35.92, Fri 10/09/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ascentive\Spyware Striker\SBAMSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://c1.ac-images.myspacecdn.com/images01/98/m_8a46eddc856eecb815977a26fddc9218.jpg"
"SubscribedURL"="http://c1.ac-images.myspacecdn.com/images01/98/m_8a46eddc856eecb815977a26fddc9218.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\\WINDOWS\\system32\\guard32.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F1EC8D66-FD4F-4AB2-A738-9FE45B87481D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F1EC8D66-FD4F-4AB2-A738-9FE45B87481D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F1EC8D66-FD4F-4AB2-A738-9FE45B87481D}: DhcpNameServer=66.139.180.2 66.139.180.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.139.180.2 66.139.180.3
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Since I had time on my hands and this system wasn't going anywhere I decided to try to run an online scan since we had possibly been getting somewhere, I could only find one that would run and its not the greatest but heres the log. Maybe you can do something with it.
;**********************************************************************************
ANALYSIS: 2009-10-09 18:07:23
PROTECTIONS: 0
MALWARE: 40
SUSPECTS: 8
;************************************************************************************
PROTECTIONS
Description Version Active Updated
;===========================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;=========================================================================
00101945 HackTool/Samdump HackTools No 0 Yes No C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264\A0041008.dll
00101945 HackTool/Samdump HackTools No 0 Yes No C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264\A0041006.dll
00101946 HackTool/Samdump HackTools No 0 Yes No C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264\A0041007.exe
00101946 HackTool/Samdump HackTools No 0 Yes No C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264\A0041005.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@247realmedia[3].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\recovery\Unknown folder\A0025314.dll
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2]_1.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2]_1.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@mediaplex[4].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@clickbank[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@azjmp[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@apmebf[1]_1.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@burstnet[2]_1.txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][3].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][3]_1.txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][1]_1.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Prefetch\WMPENC.EXE-32AC5B95.pf
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@questionmarket[4].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2]_1.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@questionmarket[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\[email protected][1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@target[1]_1.txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\recovery\WINDOWS\Temp\Cookies\administrator@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@did-it[1]_1.txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\administrator@did-it[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\recovery\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00321319 HackTool/RockXp4 HackTools No 1 Yes No C:\recovery\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\RockXP4_.exe
00484705 Application/IEDefender HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/IEDFix.C.exe]
00484705 Application/IEDefender HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\IEDFix.C.exe
00484705 Application/IEDefender HackTools No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
00921467 Generic Malware Virus/Trojan No 0 Yes Yes C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\404Fix.exe
00921467 Generic Malware Virus/Trojan No 0 Yes Yes C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/404Fix.exe]
00921467 Generic Malware Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0\A0000266.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\recovery\WINDOWS\Temp\ZWA62.tmp\upgrade.exe
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\recovery\WINDOWS\Temp\ZWA62.tmp\upgrade.exe[zwangi.dll]
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\recovery\WINDOWS\Temp\ZWA62.tmp\upgrade.exe[zwangi.dll]
;==========================================================================
SUSPECTS
Sent Location
;===========================================================================
No C:\Documents and Settings\Administrator\My Documents\New Folder\rmvirut.exe
No C:\Program Files\Driver-Soft\DriverGenius\LiveUpdate.exe
No C:\recovery\Documents and Settings\Administrator\My Documents\New Folder\rmvirut.exe
No C:\recovery\Program Files\Driver-Soft\DriverGenius\LiveUpdate.exe
No C:\recovery\WINDOWS\Temp\ZWA2E.tmp\upgrade.exe
No C:\recovery\WINDOWS\Temp\ZWA2E.tmp\upgrade.exe[zwangi.dll]
No C:\recovery\WINDOWS\Temp\ZWA2E.tmp\upgrade.exe[zwangi.dll]
No C:\recovery\WINDOWS\Temp\ZWA2E.tmp\upgrade.exe[zwangi.dll]
;==========================================================================
VULNERABILITIES
Id Severity Description
;=========================================================================
212494 HIGH MS09-042
;=========================================================================
-
•Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
•Double-click on exeHelper.com to run the fix.
•A black window should pop up, press any key to close once the fix is completed.
•Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Also please try running the below online scan:
http://www.superantispyware.com/onlinescan.html (http://www.superantispyware.com/onlinescan.html)
If you can post the log it created then please do so.
-
OK Heres the first log created by exehelper.
exeHelper by Raktor - 09
Build 20090925
Run at 03:00:09 on 10/11/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
SAS online found a boat load of problems but since I can't get the main program to install I don't know where the log might be stored.
I am not sure what virus we are dealing with but its becoming a PITA. Does it have a name or is it a bunch of little thugs that's evolved into a mob?
EDIT: I performed a search to see if the SAS log had been saved but every time the SAS file came up the system would restart. Now it didn't physically restart it just said it needed to close, the search box disapeared, and it ask me if I knew and wanted to work in safemode. I told it yes but nothing dissapeared except the search box. Something doesn't want me looking for it.
-
Let's see if we can get some info so that we can determine which system file has been corrupted. That way we can try to replace it.
Download and save AVPFind.bat (http://forums.majorgeeks.com/chaslang/files/AVP/AVPFind.bat) to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.
It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt
-
Thanks EF. I don't know if you can do anything with this because the battery was dead,(been replaced last week).
******************************************************************************
* AVPFind.bat - (c) 09/01/2009 By Chaslang *
* *
* Helps to identify potential AntiVirus Pro infected system DLL files and *
* and poosible replacement files to use during cleanup. *
******************************************************************************
Windows OS is
Microsoft Windows XP [Version 5.1.2600]
============= Finding copies of eventlog.dll =================================
"C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll" 55808 08/04/2004 12:56 AM
"C:\WINDOWS\ServicePackFiles\i386\eventlog.dll" 56320 04/13/2008 07:11 PM
"C:\WINDOWS\system32\eventlog.dll" 56320 04/13/2008 07:11 PM
============= Finding copies of netlogon.dll =================================
"C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll" 407040 08/04/2004 12:56 AM
"C:\WINDOWS\ServicePackFiles\i386\netlogon.dll" 407040 04/13/2008 07:12 PM
"C:\WINDOWS\system32\netlogon.dll" 407040 04/13/2008 07:12 PM
============= Finding copies of scecli.dll =================================
"C:\WINDOWS\$NtServicePackUninstall$\scecli.dll" 180224 08/04/2004 12:56 AM
"C:\WINDOWS\ServicePackFiles\i386\scecli.dll" 181248 04/13/2008 07:12 PM
"C:\WINDOWS\system32\scecli.dll" 181248 04/13/2008 07:12 PM
******************************************************************************
-
Download DrWeb CureIt (http://www.freedrweb.com/) & save it to your desktop. Scan with DrWeb-CureIt as follows:
- Double-click on drweb-cureit.exe and then click Start
- An information notice will appear, click OK.
- This starts a short scan that will scan the files currently running in memory.
- If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
- If or when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Settings > Change Settings
- Under the Scanning tab UNcheck Heuristic analysis and click OK
- Back at the main window, select the Complete scan button and then click the Green Arrow (http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg) Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
- When the scan is done.
- In the Dr.Web CureIt menu on top left, click File and choose Save report list.
- Save the DrWeb.csv report to your Desktop.
- Exit Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply
-
I had to work last night so I let the complete scan run all night. Here are the 2 logs you requested.
The first one (short scan)
AscConTest.dll;C:\WINDOWS\system32;Program.Fakespeedup;Incurable.Moved.;
ConTest.dll;C:\WINDOWS\system32;Program.Fakespeedup;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
Second scan (complete)
AscConTest.dll;C:\WINDOWS\system32;Program.Fakespeedup;Incurable.Moved.;
ConTest.dll;C:\WINDOWS\system32;Program.Fakespeedup;Incurable.Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Administrator\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Administrator\Desktop;Archive contains infected objects;Moved.;
Process.exe;C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix;Tool.ShutDown.14;Moved.;
A0024843.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MyWebSearch.3;Moved.;
A0024844.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MyWebSearch.4;Moved.;
A0024845.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MyWebSearch.19;Moved.;
A0024846.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MWS.75;Moved.;
A0024852.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MyWebSearch.10;Moved.;
A0024855.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MWS.79;Moved.;
A0024856.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MyWebSearch.21;Moved.;
A0024868.EXE;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.MyWebSearch.9;Moved.;
A0024869.DLL;C:\recovery\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP17;Adware.Msearch;Moved.;
AscConTest.dll;C:\recovery\WINDOWS\system32;Program.Fakespeedup;Moved.;
ConTest.dll;C:\recovery\WINDOWS\system32;Program.Fakespeedup;Moved.;
upgrade.exe\data002;C:\recovery\WINDOWS\Temp\ZWA2E.tmp\upgrade.exe;Adware.Seekser.1;;
upgrade.exe\data004;C:\recovery\WINDOWS\Temp\ZWA2E.tmp\upgrade.exe;Adware.Seekser.3;;
upgrade.exe;C:\recovery\WINDOWS\Temp\ZWA2E.tmp;Archive contains infected objects;Moved.;
upgrade.exe\data002;C:\recovery\WINDOWS\Temp\ZWA62.tmp\upgrade.exe;Adware.Seekser.2;;
upgrade.exe;C:\recovery\WINDOWS\Temp\ZWA62.tmp;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0000288.dll;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0;Program.Fakespeedup;Moved.;
A0000289.dll;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0;Program.Fakespeedup;Moved.;
A0000290.exe;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0;Tool.Prockill;Moved.;
A0000291.exe\data002;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0\A0000291.exe;Adware.Seekser.1;;
A0000291.exe\data004;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0\A0000291.exe;Adware.Seekser.3;;
A0000291.exe;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0;Archive contains infected objects;Moved.;
A0000292.exe\data002;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0\A0000292.exe;Adware.Seekser.2;;
A0000292.exe;C:\System Volume Information\_restore{4FEA1048-06BA-4383-AC24-FA41CE43DC60}\RP0;Archive contains infected objects;Moved.;
A0041005.exe;C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264;Tool.Pwdump;Moved.;
A0041006.dll;C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264;Tool.Pwdump;Moved.;
A0041007.exe;C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264;Tool.Pwdump;Moved.;
A0041008.dll;C:\System Volume Information\_restore{A6595665-BDF4-452B-826B-DF426911CF94}\RP264;Tool.Pwdump;Moved.;
-
That got a few things. How is the computer running now?
-
thanks EF . I honestly don't know how its running since it still only starts in safe mode. I attempted a normal boot and still get the 7F BSOD. The cursor has also dissapeared in this reply box. Its there if I move it out of the box, but not within.
I will try and see if I candownload and install any MS updates since they wouldn't work before.
-
The BSOD I get is 0x0000007f
Beginning dump of Physical Memory
There are no other clues. When we get finished here I will check at the XP forum.
-
That error could be a lot of things. I don't think it's malware though. See here. http://support.microsoft.com/kb/137539
I can't remember if we asked. Do you have your install CD?
Try this also. Not sure if it works in Safe Mode but try anyway.
- Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
-
I tried the sfc/scannow from run. It loaded for a millisecond and then disappeared. Tried several times and got the same results.
I don't have the CD for THIS computer, and since its XP Pro I don't think my disk which is XP Home will work. My disk is an OEM disk.
It looks like the dysfunctional computer had XP Home on it at 1 time since it shows in the load menu but it was overwritten by Pro.
-
Do you think The I386 file/folder from the Home CD will work for Pro?
-
No they are different operating systems.
Did you put a space between the sfc and /scannow ??
-
Yes, typed it exactly sa shown, sfc /scannow, space between sfc and /scannow.
I wonder if it has anything to do with the administrator prmissions thing that I didn't set. I get a warning when I try to install SAS.
-
Please do the following:
1. Download this diagnostics tool MGADiag.exe (http://go.microsoft.com/fwlink/?linkid=52012) and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
-
I think I have discovered the main problem and I will not be fixing it without the original disk. IF I had had the MGADiag program I probably wouldn't have touched this system.
Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Cached Validation Code: N/A
Windows Product Key:
Windows Product Key Hash: Windows Product ID:
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {08586C5A-82AE-407A-B371-1FF763D70C4E}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{08586C5A-82AE-407A-B371-1FF763D70C4E}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TY9F3</PKey><PID>55274-640-4940936-23492</PID><PIDType>1</PIDType><SID>S-1-5-21-448539723-602162358-725345543</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 4600i </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A12</Version><SMBIOSVersion major="2" minor="3"/><Date>20040826000000.000000+000</Date></BIOS><HWID>B1DC39E701848053</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B1D1:Dell Inc|1B1D1:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
-
WGA Data-->
Validation Status: Invalid Product Key
Validation Code: 8
Yes Microsoft has made it very hard for people to use Windows when it isn't registered. Contact Microsoft and they will work with you in getting a valid key. Since you got it from work it might end up costing very little or maybe even nothing.
1-866-PCSAFETY (1-866-727-2338). This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada.
If you have valid, licensed software, then you need to go to the Windows Genuine Forum, register and post the log at Speak to us at Microsoft! (http://forums.microsoft.com/Genuine/default.aspx?ForumGroupID=125&SiteID=25) If necessary, copy the original log or provide a link to this thread.
In the event you are a victim of piracy, help is available from this site: Protect Yourself from Piracy (http://www.microsoft.com/piracy/)
-
Thanks EF. I will contact them and see what they say.
-
Did you do the XP Pro upgrade?
Where did the license key come from?
You might have to get the original product key and/or the computer serial number and use an XP Home CD to reformat and then reinstall XP Home. This page will help you find the COA. http://www.microsoft.com/howtotell/content.aspx?pg=coa&displaylang=en.
-
EF I did not do the upgrade and don't know where the key came from. The machine belongs to my neighbor and I told her I would see what I could do about removing the viruses. I will find out who did the upgrade and where the key came from, possibly they have the original disk.
The original HOME key is on the side of the computer case since its a Dell but I don't believe the owner has the original disks. I have MY retail disk that goes to my machine but thats all.
-
If the disks are the same then it will work. XP Home or XP Pro. But you need to use whatever key belongs to the OS. Home or Pro.