Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My PC goes slower and slower [RESOLVED]


  • This topic is locked This topic is locked

#16
diboy

diboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry i do this without ask for ur opinion...

i remember that this error fixed after i do the ComboFix..
so i do that again
and yes..
its worked..
there's no more setupapi.dll problem
but i'm not sure it won't get error anymore

here are the combofix log


ComboFix 08-03-25.4 - Boy TK-TA 2008-03-29 7:41:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -8:00]
Running from: D:\Documents and Settings\Boy TK-TA\My Documents\My downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Boy TK-TA\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-28 21:59 . 2008-03-28 21:59 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\Malwarebytes
2008-03-28 21:58 . 2008-03-28 21:58 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-03-28 21:58 . 2008-03-28 21:58 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-17 03:11 . 2008-03-17 03:11 <DIR> d-------- D:\Program Files\Crawler
2008-03-17 03:10 . 2008-03-28 18:40 <DIR> d-------- D:\Program Files\Spyware Terminator
2008-03-17 03:10 . 2008-03-28 17:55 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\Spyware Terminator
2008-03-17 03:10 . 2008-03-28 18:40 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-17 03:10 . 2008-03-17 03:10 138,752 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-16 14:26 . 2008-03-29 07:44 0 --a------ D:\WINDOWS\system.ini
2008-03-16 14:20 . 2008-03-16 14:20 2,288,128 --a------ D:\WINDOWS\system32\TUKernel.exe
2008-03-16 11:29 . 2008-03-16 11:29 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\TuneUp Software
2008-03-16 11:29 . 2008-03-16 11:29 307,968 --a------ D:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-16 11:29 . 2008-02-27 13:15 28,416 --a------ D:\WINDOWS\system32\uxtuneup.dll
2008-03-16 11:28 . 2008-03-16 11:31 <DIR> d-------- D:\Program Files\TuneUp Utilities 2008
2008-03-16 11:28 . 2008-03-16 11:28 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-16 08:20 . 2008-03-16 11:19 <DIR> d-------- D:\VundoFix Backups
2008-03-15 09:16 . 2008-03-15 10:40 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-03-15 09:16 . 2008-03-15 09:16 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\SUPERAntiSpyware.com
2008-03-15 09:16 . 2008-03-15 09:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-15 08:55 . 2008-03-15 08:55 <DIR> d-------- D:\Program Files\Zone Labs
2008-03-15 08:54 . 2008-03-15 08:54 352,514 --a------ D:\WINDOWS\system32\vsconfig.xml
2008-03-15 08:51 . 2008-03-15 08:52 <DIR> d-------- D:\Program Files\ErrorKiller
2008-03-15 08:51 . 2008-03-15 08:57 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\ErrorKiller
2008-03-15 08:35 . 2008-03-15 08:55 <DIR> d-------- D:\WINDOWS\Internet Logs
2008-03-15 07:44 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-03-15 07:44 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-03-15 07:44 . 2008-03-01 23:12 86,016 --a------ D:\WINDOWS\system32\VACFix.exe
2008-03-15 07:44 . 2008-02-29 23:48 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-03-15 07:44 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-03-15 07:44 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-03-15 07:44 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-03-14 21:15 . 2008-03-14 21:15 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\iolo
2008-03-14 21:15 . 2008-03-14 21:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\iolo
2008-03-10 20:26 . 2008-03-10 20:26 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-03-03 15:39 . 2007-12-04 04:54 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-03-03 15:39 . 2007-12-04 06:51 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-03 15:39 . 2007-12-04 06:49 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-03 15:39 . 2007-12-04 06:53 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-03 15:38 . 2008-03-03 15:38 <DIR> d-------- D:\Program Files\Alwil Software
2008-03-03 15:38 . 2007-12-04 05:04 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-03-03 15:38 . 2004-01-09 01:13 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-03-03 15:38 . 2007-12-04 06:55 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-03 15:38 . 2007-12-04 06:56 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-03-03 14:31 . 2008-03-03 14:32 272,098 --a------ D:\Pass2.cmd
2008-03-03 14:18 . 2008-03-15 07:46 3,146 --a------ D:\WINDOWS\system32\tmp.reg
2008-03-03 14:17 . 2008-03-15 07:49 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\SmitfraudFix
2008-03-03 13:52 . 2008-03-03 13:52 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-03-03 12:23 . 2005-08-29 15:50 45,475 --a------ D:\WINDOWS\system32\drivers\btwhid.sys
2008-03-03 12:23 . 2005-08-29 15:54 19,372 --a------ D:\WINDOWS\system32\drivers\frmupgr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 11:33 --------- d-----w D:\Program Files\ElcomSoft
2008-03-16 19:27 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 16:42 --------- d-----w D:\Program Files\YahooFriend
2008-03-15 16:42 --------- d-----w D:\Program Files\SpeedyAlertSystem
2008-03-15 16:42 --------- d-----w D:\Documents and Settings\Boy TK-TA\Application Data\Vso
2008-03-10 03:19 14,336 ----a-w D:\WINDOWS\system32\svchost.exe
2008-03-02 13:35 --------- d-----w D:\Program Files\Java
2008-02-29 00:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 00:41 --------- d-----w D:\Program Files\MSBuild
2008-02-29 00:40 --------- d-----w D:\Program Files\HTML Help Workshop
2008-02-29 00:39 --------- d-----w D:\Program Files\Common Files\Merge Modules
2008-02-28 20:07 --------- d-----w D:\Program Files\Microsoft SQL Server
2008-02-28 19:52 --------- d-----w D:\Program Files\Microsoft.NET
2008-02-28 19:47 --------- d-----w D:\Program Files\Microsoft Device Emulator
2008-02-28 19:46 --------- d-----w D:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 18:31 --------- d-----w D:\Program Files\Common Files\Business Objects
2008-02-28 18:30 --------- d-----w D:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-02-28 18:28 --------- d-----w D:\Program Files\CE Remote Tools
2008-02-28 18:07 --------- d-----w D:\Program Files\Microsoft Visual Studio 8
2008-02-04 14:04 --------- d-----w D:\Program Files\Mbrola Tools
2007-12-14 12:04 94,208 -c--a-w D:\Documents and Settings\Boy TK-TA\Application Data\ezplay.sys
2007-12-14 12:03 47,360 -c--a-w D:\Documents and Settings\Boy TK-TA\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r D:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( [email protected]_20.54.16.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-29 15:29:33 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-06 21:10 335872]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Yahoo! Friend"="D:\Program Files\YahooFriend\YahooFriend.exe" [2006-11-27 17:54 612352]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"ErrorKiller"="D:\Program Files\ErrorKiller\ErrorKiller.exe" [2008-03-07 11:34 2548984]
"SpywareTerminator"="D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-17 03:10 2957824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C45 Series]
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
D:\WINDOWS\System32\lsasss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2005-10-12 02:13 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]
D:\Program Files\SeePassword\SeePassword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;D:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-17 03:10]
R2 InterBaseGuardian;InterBase Guardian;D:\Program Files\Borland\InterBase\bin\ibguard.exe [2001-11-29 05:50]
R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe [2008-03-09 19:19]
R3 InterBaseServer;InterBase Server;D:\Program Files\Borland\InterBase\bin\ibserver.exe [2001-11-29 05:50]
S3 SQLWriter;SQL Server VSS Writer;"D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-16 11:29]
S3 w900bus;Sony Ericsson 900i driver (WDM);D:\WINDOWS\system32\DRIVERS\w900bus.sys [2006-03-13 18:55]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2006-03-13 18:55]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\w900mdm.sys [2006-03-13 18:55]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2006-03-13 18:55]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\w900obex.sys [2006-03-13 18:55]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"H:\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 19:29:46 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-15 17:49:06 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-15 16:51:45 D:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- D:\Program Files\ErrorKiller\ErrorKiller.ex
- D:\Program Files\ErrorKille
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 07:44:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 7:47:08
ComboFix-quarantined-files.txt 2008-03-29 15:47:06
ComboFix2.txt 2008-03-28 04:54:32
.
2007-10-13 15:02:26 --- E O F ---
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I'm glad you did as you have either gained another minor infection, or it may have been hiding

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
D:\WINDOWS\System32\lsasss.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#18
diboy

diboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
For ur information when i drag the CFScript.txt into ComboFix then that error message appear again.. then ComboFix run..

here is the ComboFix log

ComboFix 08-03-25.4 - Boy TK-TA 2008-03-29 8:05:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.96 [GMT -8:00]
Running from: D:\Documents and Settings\Boy TK-TA\My Documents\My downloads\ComboFix.exe
Command switches used :: D:\Documents and Settings\Boy TK-TA\My Documents\My downloads\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\System32\lsasss.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-28 21:59 . 2008-03-28 21:59 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\Malwarebytes
2008-03-28 21:58 . 2008-03-28 21:58 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-03-28 21:58 . 2008-03-28 21:58 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-17 03:11 . 2008-03-17 03:11 <DIR> d-------- D:\Program Files\Crawler
2008-03-17 03:10 . 2008-03-28 18:40 <DIR> d-------- D:\Program Files\Spyware Terminator
2008-03-17 03:10 . 2008-03-28 17:55 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\Spyware Terminator
2008-03-17 03:10 . 2008-03-28 18:40 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-17 03:10 . 2008-03-17 03:10 138,752 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-16 14:26 . 2008-03-29 08:08 0 --a------ D:\WINDOWS\system.ini
2008-03-16 14:20 . 2008-03-16 14:20 2,288,128 --a------ D:\WINDOWS\system32\TUKernel.exe
2008-03-16 11:29 . 2008-03-16 11:29 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\TuneUp Software
2008-03-16 11:29 . 2008-03-16 11:29 307,968 --a------ D:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-16 11:29 . 2008-02-27 13:15 28,416 --a------ D:\WINDOWS\system32\uxtuneup.dll
2008-03-16 11:28 . 2008-03-16 11:31 <DIR> d-------- D:\Program Files\TuneUp Utilities 2008
2008-03-16 11:28 . 2008-03-16 11:28 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-16 08:20 . 2008-03-16 11:19 <DIR> d-------- D:\VundoFix Backups
2008-03-15 09:16 . 2008-03-15 10:40 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-03-15 09:16 . 2008-03-15 09:16 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\SUPERAntiSpyware.com
2008-03-15 09:16 . 2008-03-15 09:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-15 08:55 . 2008-03-15 08:55 <DIR> d-------- D:\Program Files\Zone Labs
2008-03-15 08:54 . 2008-03-15 08:54 352,514 --a------ D:\WINDOWS\system32\vsconfig.xml
2008-03-15 08:51 . 2008-03-15 08:52 <DIR> d-------- D:\Program Files\ErrorKiller
2008-03-15 08:51 . 2008-03-15 08:57 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\ErrorKiller
2008-03-15 08:35 . 2008-03-15 08:55 <DIR> d-------- D:\WINDOWS\Internet Logs
2008-03-15 07:44 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-03-15 07:44 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-03-15 07:44 . 2008-03-01 23:12 86,016 --a------ D:\WINDOWS\system32\VACFix.exe
2008-03-15 07:44 . 2008-02-29 23:48 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-03-15 07:44 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-03-15 07:44 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-03-15 07:44 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-03-14 21:15 . 2008-03-14 21:15 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\Application Data\iolo
2008-03-14 21:15 . 2008-03-14 21:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\iolo
2008-03-10 20:26 . 2008-03-10 20:26 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-03-03 15:39 . 2007-12-04 04:54 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2008-03-03 15:39 . 2007-12-04 06:51 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-03 15:39 . 2007-12-04 06:49 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-03 15:39 . 2007-12-04 06:53 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-03 15:38 . 2008-03-03 15:38 <DIR> d-------- D:\Program Files\Alwil Software
2008-03-03 15:38 . 2007-12-04 05:04 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2008-03-03 15:38 . 2004-01-09 01:13 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2008-03-03 15:38 . 2007-12-04 06:55 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-03 15:38 . 2007-12-04 06:56 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2008-03-03 14:31 . 2008-03-03 14:32 272,098 --a------ D:\Pass2.cmd
2008-03-03 14:18 . 2008-03-15 07:46 3,146 --a------ D:\WINDOWS\system32\tmp.reg
2008-03-03 14:17 . 2008-03-15 07:49 <DIR> d-------- D:\Documents and Settings\Boy TK-TA\SmitfraudFix
2008-03-03 13:52 . 2008-03-03 13:52 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-03-03 12:23 . 2005-08-29 15:50 45,475 --a------ D:\WINDOWS\system32\drivers\btwhid.sys
2008-03-03 12:23 . 2005-08-29 15:54 19,372 --a------ D:\WINDOWS\system32\drivers\frmupgr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 11:33 --------- d-----w D:\Program Files\ElcomSoft
2008-03-16 19:27 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 16:42 --------- d-----w D:\Program Files\YahooFriend
2008-03-15 16:42 --------- d-----w D:\Program Files\SpeedyAlertSystem
2008-03-15 16:42 --------- d-----w D:\Documents and Settings\Boy TK-TA\Application Data\Vso
2008-03-10 03:19 14,336 ----a-w D:\WINDOWS\system32\svchost.exe
2008-03-02 13:35 --------- d-----w D:\Program Files\Java
2008-02-29 00:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 00:41 --------- d-----w D:\Program Files\MSBuild
2008-02-29 00:40 --------- d-----w D:\Program Files\HTML Help Workshop
2008-02-29 00:39 --------- d-----w D:\Program Files\Common Files\Merge Modules
2008-02-28 20:07 --------- d-----w D:\Program Files\Microsoft SQL Server
2008-02-28 19:52 --------- d-----w D:\Program Files\Microsoft.NET
2008-02-28 19:47 --------- d-----w D:\Program Files\Microsoft Device Emulator
2008-02-28 19:46 --------- d-----w D:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-02-28 18:31 --------- d-----w D:\Program Files\Common Files\Business Objects
2008-02-28 18:30 --------- d-----w D:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-02-28 18:28 --------- d-----w D:\Program Files\CE Remote Tools
2008-02-28 18:07 --------- d-----w D:\Program Files\Microsoft Visual Studio 8
2008-02-04 14:04 --------- d-----w D:\Program Files\Mbrola Tools
2007-12-14 12:04 94,208 -c--a-w D:\Documents and Settings\Boy TK-TA\Application Data\ezplay.sys
2007-12-14 12:03 47,360 -c--a-w D:\Documents and Settings\Boy TK-TA\Application Data\pcouffin.sys
2006-05-03 09:06 163,328 --sha-r D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r D:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( [email protected]_20.54.16.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-29 15:29:33 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-06 21:10 335872]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Yahoo! Friend"="D:\Program Files\YahooFriend\YahooFriend.exe" [2006-11-27 17:54 612352]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"ErrorKiller"="D:\Program Files\ErrorKiller\ErrorKiller.exe" [2008-03-07 11:34 2548984]
"SpywareTerminator"="D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-17 03:10 2957824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C45 Series]
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
D:\WINDOWS\System32\lsasss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2005-10-12 02:13 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]
D:\Program Files\SeePassword\SeePassword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;D:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-17 03:10]
R2 InterBaseGuardian;InterBase Guardian;D:\Program Files\Borland\InterBase\bin\ibguard.exe [2001-11-29 05:50]
R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe [2008-03-09 19:19]
R3 InterBaseServer;InterBase Server;D:\Program Files\Borland\InterBase\bin\ibserver.exe [2001-11-29 05:50]
S3 SQLWriter;SQL Server VSS Writer;"D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-16 11:29]
S3 w900bus;Sony Ericsson 900i driver (WDM);D:\WINDOWS\system32\DRIVERS\w900bus.sys [2006-03-13 18:55]
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w900mdfl.sys [2006-03-13 18:55]
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\w900mdm.sys [2006-03-13 18:55]
S3 w900mgmt;Sony Ericsson 900i USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\w900mgmt.sys [2006-03-13 18:55]
S3 w900obex;Sony Ericsson 900i USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\w900obex.sys [2006-03-13 18:55]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"H:\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 19:29:46 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-03-15 17:49:06 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-15 16:51:45 D:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- D:\Program Files\ErrorKiller\ErrorKiller.ex
- D:\Program Files\ErrorKille
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 08:08:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 8:10:31
ComboFix-quarantined-files.txt 2008-03-29 16:10:28
ComboFix2.txt 2008-03-29 15:47:09
ComboFix3.txt 2008-03-28 04:54:32
.
2007-10-13 15:02:26 --- E O F ---


Here is the Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:55 AM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Borland\InterBase\bin\ibguard.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\YahooFriend\YahooFriend.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\ErrorKiller\ErrorKiller.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\Borland\InterBase\bin\ibserver.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Boy TK-TA\My Documents\My downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Yahoo! Friend] D:\Program Files\YahooFriend\YahooFriend.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ErrorKiller] D:\Program Files\ErrorKiller\ErrorKiller.exe
O4 - HKLM\..\Run: [SpywareTerminator] "D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - D:\Documents and Settings\Boy TK-TA\My Documents\HaHa\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - D:\Documents and Settings\Boy TK-TA\My Documents\HaHa\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-id\msntabres.dll.mui/229?e714b8730e264f9d8fc4588ac5bf2da5
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-id\msntabres.dll.mui/230?e714b8730e264f9d8fc4588ac5bf2da5
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Documents and Settings\Boy TK-TA\My Documents\HaHa\Mass Downloader\massdown.exe (file missing)
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Documents and Settings\Boy TK-TA\My Documents\HaHa\Mass Downloader\massdown.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://D:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8BC910-0888-494D-9726-D577649EBA28}: NameServer = 202.134.1.10,202.134.0.155
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - D:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - D:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9958 bytes
  • 0

#19
diboy

diboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry about this....
its 3:00 AM here...
and my eyes just cant compromize...
i'll go to sleep..
and when i wake up the first thing i do is read this thread
so if there anything i can do... or i should do...
just drop me a reply..

thank u very much...
GBU
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have a good nights rest - all that was ,was just a stray registry orphan, not a problem

Let me know how your system is running when you get up :)
  • 0

#21
diboy

diboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
are u sure ?
cause now that error message appear again... -.-
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run the cpl reg fix again - this is not a malware problem though it is a windows related problem :)

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)

Could you let me know the result of running the reg fix again
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP