Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help me kill TrojanDownloader.xs. [RESOLVED]

Started by jayway23 , Apr 01 2008 08:28 PM

  • This topic is locked This topic is locked

#1
jayway23
Posted 01 April 2008 - 08:28 PM

jayway23

    Member

  • Member
  • PipPip
  • 16 posts
Hello G2G people! I am one of the victims of the so-called TrojanDownloader.xs that came from a uTorrent download. I downloaded a Limewire Pro application, installed it, then wala! --> "Trojan Horse has been detected!" I am begging for your help guys. I have read the Must-Read-Before-Post thread and followed the instructions properly (I think).

Here is the report from AVG - AntiSpyware

Click for larger image.
Posted Image


Here is the SUPERAntiSpyware Scan log

SUPERAntiSpyware Scan Log
Generated 04/02/2008 at 06:51 AM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1420

Scan type : Complete Scan
Total Scan Time : 00:39:19

Memory items scanned : 362
Memory threats detected : 0
Registry items scanned : 6487
Registry threats detected : 6
File items scanned : 43360
File threats detected : 7

Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}

Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}

Adware.180solutions/SurfAssistant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}

Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
C:\WINDOWS\BOKJA.EXE
C:\WINDOWS\STCLOADER.EXE

Adware.180solutions/ZangoSearch
C:\Program Files\Zango\zango.exe
C:\Program Files\Zango

Adware.180solutions/Seekmo
C:\Program Files\Seekmo\seekmohook.dll
C:\Program Files\Seekmo

Torjan.SecondThoughtInstaller
C:\WINDOWS\INSTALLER\ID53.EXE

Here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:46 AM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awttrpo - awttrpo.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Ding\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: (no name) - http://www.alotofcha...br/rave5ddd.JPG

--
End of file - 7554 bytes


Here is the uninstall_list

ABBYY FineReader 5.0 Sprint
ACDSee
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
avast! Antivirus
AVG Anti-Spyware 7.5
Chikka Messenger V4
Collab
cs_deathmatch
DivX Content Uploader
DivX Web Player
D-Link DU-562M External Modem
ffdshow [rev 918] [2007-02-12]
FL Studio 6
FLVPlayer4Free Free FLV Player 2.2.0.0
Freez FLV to AVI/MPEG/WMV Converter
Freez FLV to MP3 Converter
Fusion Pack v6.5
Genius Scanner
GOM Player
Google Video Player
Guitar Pro 5.0
Half-Life
Hide IP Platinum 3.5
HijackThis 2.0.2
hp deskjet 3500
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
ICQ Toolbar
ICQ 5.1
ICQ Toolbar
iTunes
J2SE Runtime Environment 5.0 Update 8
LimeWire PRO 4.17.1
Microsoft Office Professional Edition 2003
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox (2.0.0.13)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
NBFree MP3 to WMA Converter v2
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Notepad2 1.0.12
NVIDIA Drivers
Page abc
Panda ActiveScan 2.0
PC Camer@
PC Connectivity Solution
POD-Bot 2.5
Presto! ImageFolio 4.2
Presto! Mr. Photo
Presto! PageManager
Project64 1.6
QuickTime
QuickTime Alternative 1.69
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Siemens Subscriber Networks SpeedStream DSL
Sierra Utilities
Skype™ 3.6
SUPERAntiSpyware Free Edition
TuneUp Utilities 2007
TVUPlayer 2.3.5.4
Ulead VideoStudio 8.0 SE VCD
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Window Washer
Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.1
WorkSheet Maker 2.0
Yahoo! Install Manager
Yahoo! Messenger
  • 0

Advertisements

#2
jayway23
Posted 02 April 2008 - 12:06 AM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Anyone? :)
  • 0

#3
Rorschach112
Posted 02 April 2008 - 04:21 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
jayway23
Posted 02 April 2008 - 10:39 PM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi, thank you for your time. The SmitfraudFix.exe worked! Now I have my desktop and task manager back. There are also no more pop-ups. Thank you so much.

Here are the deckard system scan logs.

Main
Deckard's System Scanner v20071014.68
Run by Ding on 2008-04-03 12:27:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-04-03 04:27:20 UTC - RP215 - Deckard's System Scanner Restore Point
2: 2008-04-01 22:01:33 UTC - RP214 - Installed SUPERAntiSpyware Free Edition
1: 2008-04-01 18:59:32 UTC - RP213 - 4th Try


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Ding.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:37 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ding\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ding.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ding"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awttrpo - awttrpo.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Ding\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6365 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys <Not Verified; Siemens Subscriber Networks, Inc.; Speedstream Ethernet USB Adapter>
R3 PAC207 (PC Camer@) - c:\windows\system32\drivers\pfc027.sys <Not Verified; PixArt Imaging Inc.; PixArt Imaging Inc. PFC027>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>

S2 sbbotdi - c:\progra~1\speedb~1\sbbotdi.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems; SoftK56>
S3 HSFHWCD2 - c:\windows\system32\drivers\hsfhwcd2.sys <Not Verified; Conexant Systems; SoftK56>
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems; SoftK56>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>

S2 hpdj - c:\docume~1\ding\locals~1\temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 3500 series -product= (file missing)
S2 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" (file missing)
S2 VideoAcceleratorService - c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 17:17:47 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-03 and 2008-04-03 -----------------------------

2008-04-03 00:05:06 0 d-------- C:\Program Files\Conduit
2008-04-03 00:04:55 0 d-------- C:\Program Files\P2P_Energy
2008-04-03 00:04:28 0 d-------- C:\Program Files\LimeWireTurbo
2008-04-02 21:33:14 1350 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-02 21:32:41 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-02 21:32:41 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-02 21:32:41 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-02 21:32:40 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-02 21:32:40 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-02 21:32:40 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-02 21:32:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-02 09:08:07 0 d-------- C:\Program Files\Trend Micro
2008-04-02 06:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 06:01:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 06:01:35 0 d-------- C:\Documents and Settings\Ding\Application Data\SUPERAntiSpyware.com
2008-04-02 03:03:34 0 d-------- C:\Documents and Settings\Ding\Application Data\Grisoft
2008-04-02 03:03:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 02:15:14 0 dr-h----- C:\$VAULT$.AVG
2008-04-02 00:18:37 0 d-------- C:\Documents and Settings\Ding\Application Data\AVG7
2008-04-02 00:18:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-02 00:17:19 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-01 19:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-01 19:48:16 16896 --a------ C:\WINDOWS\voiceip.dll
2008-04-01 19:48:16 21504 --a------ C:\WINDOWS\swin32.dll
2008-04-01 19:48:16 0 d-------- C:\Program Files\stc
2008-04-01 19:48:15 24576 --a------ C:\WINDOWS\mssvr.exe
2008-04-01 19:48:15 19968 --a------ C:\WINDOWS\cdsm32.dll
2008-04-01 19:48:14 22272 --a------ C:\WINDOWS\mspphe.dll
2008-04-01 19:48:14 22784 --a------ C:\WINDOWS\bjam.dll
2008-04-01 19:48:14 30720 --a------ C:\WINDOWS\2020search2.dll
2008-04-01 19:48:13 28672 --a------ C:\WINDOWS\2020search.dll
2008-04-01 19:48:11 28416 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-01 19:48:10 14336 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-01 19:48:09 19712 --a------ C:\WINDOWS\salm.exe
2008-04-01 19:48:09 11520 --a------ C:\WINDOWS\180ax.exe
2008-04-01 19:48:08 11776 --a------ C:\WINDOWS\updatetc.exe
2008-04-01 19:48:08 0 d-------- C:\WINDOWS\FLEOK
2008-04-01 19:48:08 0 d-------- C:\Program Files\180solutions
2008-04-01 19:48:07 23808 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-01 19:48:07 16640 --a------ C:\WINDOWS\saiemod.dll
2008-04-01 19:48:06 31744 --a------ C:\WINDOWS\msapasrc.dll
2008-04-01 19:48:06 29184 --a------ C:\WINDOWS\msa64chk.dll
2008-04-01 19:48:04 17152 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-01 19:48:04 32000 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-01 19:48:03 18944 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-01 19:48:03 9216 --a------ C:\WINDOWS\shdocpl.dll
2008-04-01 19:48:03 24320 --a------ C:\WINDOWS\shdocpe.dll
2008-04-01 19:48:03 20736 --a------ C:\WINDOWS\ntnut.exe
2008-04-01 19:48:02 27648 --a------ C:\WINDOWS\winsb.dll
2008-04-01 19:48:02 0 d-------- C:\Program Files\Sysmnt
2008-04-01 19:48:01 22016 --a------ C:\WINDOWS\browserad.dll
2008-04-01 19:48:01 29440 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-01 19:48:01 8192 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-01 19:48:01 8448 --a------ C:\WINDOWS\avifile32.dll
2008-04-01 19:48:01 9472 --a------ C:\WINDOWS\autodisc32.dll
2008-04-01 19:48:00 16640 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-01 19:48:00 16384 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-01 19:48:00 16384 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-01 19:48:00 12032 --a------ C:\WINDOWS\athprxy32.dll
2008-04-01 19:48:00 23552 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-01 19:48:00 24064 --a------ C:\WINDOWS\asferror32.dll
2008-04-01 19:47:59 19712 --a------ C:\WINDOWS\apphelp32.dll
2008-04-01 19:47:58 24064 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-01 15:36:55 32 --a------ C:\WINDOWS\go
2008-04-01 15:35:25 0 d-------- C:\WINDOWS\vf_hip
2008-04-01 15:35:23 0 d-------- C:\Program Files\Hide IP Platinum
2008-04-01 14:27:54 0 d-------- C:\Program Files\Pokemon World Online
2008-03-29 11:08:10 0 d-------- C:\Documents and Settings\Ding\Application Data\Google
2008-03-26 10:21:30 0 d-------- C:\WINDOWS\Lhsp
2008-03-22 18:05:04 0 d-------- C:\Documents and Settings\Ding\Application Data\WinRAR
2008-03-22 17:13:24 0 d-------- C:\Program Files\psx emulation cheater
2008-03-22 02:26:51 0 d-------- C:\Documents and Settings\Ding\Application Data\fltk.org
2008-03-22 02:15:25 0 d-------- C:\Program Files\ePSXe
2008-03-19 23:41:05 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:30 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:20 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:08 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-18 12:40:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-03-15 19:04:17 2156 --a------ C:\WINDOWS\system32\x_dtrace_log
2008-03-14 00:26:56 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-13 23:59:04 0 d-------- C:\Program Files\O2Jam
2008-03-10 18:27:33 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys


-- Find3M Report ---------------------------------------------------------------

2008-04-02 21:55:38 0 d-------- C:\Documents and Settings\Ding\Application Data\Lavasoft
2008-04-02 07:42:46 5752 --a------ C:\WINDOWS\mozver.dat
2008-04-02 06:00:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 23:53:17 0 d-------- C:\Documents and Settings\Ding\Application Data\U3
2008-04-01 19:50:45 0 d-------- C:\Documents and Settings\Ding\Application Data\LimeWire
2008-04-01 19:30:02 0 d-------- C:\Program Files\LimeWire Turbo
2008-04-01 19:24:31 0 d-------- C:\Documents and Settings\Ding\Application Data\uTorrent
2008-03-31 22:52:29 0 d-------- C:\Program Files\Google
2008-03-29 19:53:41 0 d-------- C:\Documents and Settings\Ding\Application Data\Skype
2008-03-29 19:53:25 0 d-------- C:\Documents and Settings\Ding\Application Data\skypePM
2008-03-18 12:45:52 0 d-------- C:\Program Files\TVUPlayer
2008-03-17 14:03:42 0 d-------- C:\Program Files\FreeStyle Philippines
2008-03-17 13:58:08 1629061 --a------ C:\Documents and Settings\Ding\Application Data\NMM-MetaData.db
2008-03-17 11:57:16 230432 --a------ C:\PA207.DAT
2008-03-15 18:35:09 0 d-------- C:\Program Files\Common Files
2008-03-15 17:47:45 821 --a------ C:\Documents and Settings\Ding\Application Data\.googlewebacchosts
2008-03-10 10:26:31 0 d-------- C:\Program Files\DivX
2008-03-05 22:28:44 0 d-------- C:\Documents and Settings\Ding\Application Data\Macromedia
2008-03-03 23:03:34 0 d-------- C:\Documents and Settings\Ding\Application Data\Nokia Multimedia Player
2008-02-16 10:26:20 0 d-------- C:\Program Files\FLVPlayer4Free
2008-02-16 00:24:12 0 d-------- C:\Program Files\Guitar Pro 5
2008-02-12 13:16:29 0 d-------- C:\Documents and Settings\Ding\Application Data\LimeWireTurbo
2008-02-10 09:34:52 0 d-------- C:\Program Files\NBFree MP3 to WMA Converter
2008-02-09 10:40:43 0 d-------- C:\Program Files\Skype
2008-02-09 10:40:38 0 d-------- C:\Program Files\Common Files\Skype
2008-02-08 17:59:17 0 d-------- C:\Program Files\Smallvideosoft
2008-02-03 17:44:05 0 d-------- C:\Program Files\WorkSheet Maker
2008-01-18 15:16:24 69632 --a------ C:\t1jc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/30/2008 02:37 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 04:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "Ding"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttrpo]
awttrpo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi]
C:\WINDOWS\system32\pmkhi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\gebyx nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1361785c-cc11-11dc-a033-0018d16d0a99}]
AutoRun\command- E:\xn1i9x.com
explore\Command- E:\xn1i9x.com
open\Command- E:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149e035e-ee7f-11db-9d3a-b341aca35469}]
Auto\command- E:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21fff01a-6bd6-11db-9bbb-8ac7608dbc6f}]
0pen\command- E:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de55cf4-2789-11db-bf94-e54f2073d76f}]
AutoRun\command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a12417-cd62-11db-9cdf-cd27c247ff68}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f86fb58-7006-11dc-9ed4-0018d16d0a99}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ce99d04-fbbd-11dc-a13e-0018d16d0a99}]
AutoRun\command- E:\
explore\Command- E:\RECYCLER\INFO.exe
open\Command- E:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3e77ccc-0a16-11dc-9d92-c7b6db291568}]
0pen\command- E:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98f72d7-e65f-11db-9d24-a2d5a1074803}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9fd703a-2248-11dc-9de3-cf8d086c3668}]
0pen\command- E:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc889ea5-a238-11db-9c5a-c8212ea26768}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a2a780-f185-11dc-a0fa-0018d16d0a99}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- E:\Desktop.exe
Open\Command- E:\Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3e10f9-6b01-11db-9bb6-f6b7722aea6f}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8aca97d-643b-11dc-9eab-0018d16d0a99}]
Auto\command- E:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ad5248-4b91-11db-9b4d-c0d91f4e5d68}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open




-- End of Deckard's System Scanner: finished at 2008-04-03 12:29:27 ------------




Extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 254.73 MiB / 75.87 MiB
Pagefile Memory (total/avail): 625.59 MiB / 369.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.2 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.26 GiB total, 5.64 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340014A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1169 [VPS 080402-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\jhmfrgwn.exe"="C:\\WINDOWS\\system32\\jhm"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\WINDOWS\\system32\\robmlbll.exe"="C:\\WINDOWS\\system32\\rob"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\mjpscbpg.exe"="C:\\WINDOWS\\system32\\mjp"
"C:\\WINDOWS\\system32\\muvdhfsx.exe"="C:\\WINDOWS\\system32\\muv"
"C:\\WINDOWS\\system32\\amgpnlpr.exe"="C:\\WINDOWS\\system32\\amg"
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator"
"C:\\Program Files\\FreeStyle Philippines\\FreeStyle.exe"="C:\\Program Files\\FreeStyle Philippines\\FreeStyle.exe:*:Enabled:FreeStyle"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ding\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CUTCHIE-6F6A7D1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ding
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\CUTCHIE-6F6A7D1
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime Alternative\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ding\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ding\LOCALS~1\Temp
USERDOMAIN=CUTCHIE-6F6A7D1
USERNAME=Ding
USERPROFILE=C:\Documents and Settings\Ding
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ding (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACDSee --> C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Chikka Messenger V4 --> C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
cs_deathmatch --> C:\SIERRA\HALF-LIFE\CSTRIKE\MAPS\Uninstal.exe
D-Link DU-562M External Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_USB_VID_0572&PID_1300\HXFSETUP.EXE -U -IVID_0572&PID_1300
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ffdshow [rev 918] [2007-02-12] --> "C:\Program Files\ffdshow\unins000.exe"
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
FLVPlayer4Free Free FLV Player 2.2.0.0 --> "C:\Program Files\FLVPlayer4Free\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Fusion Pack v6.5 --> c:\sierra\half-life\unins000.exe
Genius Scanner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCEB2144-5F5D-49E8-AADC-05CA48AE9AA5}\setup.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
Hide IP Platinum 3.5 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2 --> "E:\Removal Tools\JayMyka remover\HiJackThis\HijackThis.exe" /uninstall
hp deskjet 3500 --> msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\tbuC\toolbaru.dll"
ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
LimeWireTurbo --> C:\Program Files\LimeWireTurbo\uninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
NBFree MP3 to WMA Converter v2 --> "C:\Program Files\NBFree MP3 to WMA Converter\unins000.exe"
Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{74C5EA04-AF1E-45B2-949B-4841EE949C40}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{FCD8DCE6-94C8-4FF6-8E3E-D3C96A5A707E}\Nokia_PC_Suite_rel_6_85_12_0_eng.exe
Nokia PC Suite --> MsiExec.exe /I{FCD8DCE6-94C8-4FF6-8E3E-D3C96A5A707E}
Notepad2 1.0.12 --> "C:\Program Files\Notepad2\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Page abc --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188146F-D5B7-4C98-8E8C-6A0753334279}\setup.exe"
PC Camer@ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7595EEB5-6637-49B6-B191-DB5108F7ECB4} /l1033
PC Connectivity Solution --> MsiExec.exe /I{73284F36-E17E-44B0-85E2-F0336A6E749F}
POD-Bot 2.5 --> C:\WINDOWS\unvise32.exe C:\SIERRA\Half-Life\cstrike\poduninst.log
Presto! ImageFolio 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{783033B0-D8E6-11D5-9293-0050BA073EEC}\setup.EXE" -l0x9
Presto! Mr. Photo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\MrPhoto16\DeIsL1.isu"
Presto! PageManager --> C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
QuickTime Alternative 1.69 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Siemens Subscriber Networks SpeedStream DSL --> C:\Program Files\Siemens Subscriber Networks\SpeedStream DSL\setup.exe -uninstall
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
Ulead VideoStudio 8.0 SE VCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\Setup.exe" -l0x9
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_4B5D882780830B9245673D197146B7FF82A23CFB\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 3.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WorkSheet Maker 2.0 --> C:\Program Files\WorkSheet Maker\uninst.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type241 / Error
Event Submitted/Written: 04/02/2008 09:14:36 AM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Event Record #/Type229 / Error
Event Submitted/Written: 04/01/2008 07:59:23 PM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.

Event Record #/Type223 / Error
Event Submitted/Written: 03/31/2008 01:23:33 AM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - Insufficient system resources exist to complete the requested service.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7290 / Error
Event Submitted/Written: 04/03/2008 00:04:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The VideoAcceleratorService service failed to start due to the following error:
%%3

Event Record #/Type7289 / Error
Event Submitted/Written: 04/03/2008 00:04:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The hpdj service failed to start due to the following error:
%%2

Event Record #/Type7288 / Error
Event Submitted/Written: 04/03/2008 00:03:58 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.254.1 for the Network Card with network address 0018D16D0A99 has been
denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type7261 / Error
Event Submitted/Written: 04/02/2008 10:02:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The VideoAcceleratorService service failed to start due to the following error:
%%3

Event Record #/Type7260 / Error
Event Submitted/Written: 04/02/2008 10:02:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The hpdj service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-03 12:29:27 ------------
  • 0

#5
Rorschach112
Posted 03 April 2008 - 06:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.





1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O20 - Winlogon Notify: awttrpo - awttrpo.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Ding\LOCALS~1\Temp\hpdj.exe (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Click Start > Run > Copy and paste the following in bold sc delete hpdj > Click ok



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\voiceip.dll
C:\WINDOWS\swin32.dll
C:\Program Files\stc
C:\WINDOWS\mssvr.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\2020search.dll
C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\salm.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\FLEOK
C:\Program Files\180solutions
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\winsb.dll
C:\Program Files\Sysmnt
C:\WINDOWS\browserad.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\changeurl_30.dll
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#6
jayway23
Posted 03 April 2008 - 08:21 AM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the OTMoveIt2 log.

Explorer killed successfully
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer moved successfully.
C:\Documents and Settings\All Users\Application Data\Rabio moved successfully.
LoadLibrary failed for C:\WINDOWS\voiceip.dll
C:\WINDOWS\voiceip.dll NOT unregistered.
C:\WINDOWS\voiceip.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\swin32.dll
C:\WINDOWS\swin32.dll NOT unregistered.
C:\WINDOWS\swin32.dll moved successfully.
C:\Program Files\stc moved successfully.
C:\WINDOWS\mssvr.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cdsm32.dll NOT unregistered.
C:\WINDOWS\cdsm32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\mspphe.dll
C:\WINDOWS\mspphe.dll NOT unregistered.
C:\WINDOWS\mspphe.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\bjam.dll
C:\WINDOWS\bjam.dll NOT unregistered.
C:\WINDOWS\bjam.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2020search2.dll
C:\WINDOWS\2020search2.dll NOT unregistered.
C:\WINDOWS\2020search2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search.dll NOT unregistered.
C:\WINDOWS\2020search.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\system32\MSIXU.DLL NOT unregistered.
C:\WINDOWS\system32\MSIXU.DLL moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\system32\WER8274.DLL NOT unregistered.
C:\WINDOWS\system32\WER8274.DLL moved successfully.
C:\WINDOWS\salm.exe moved successfully.
C:\WINDOWS\180ax.exe moved successfully.
C:\WINDOWS\updatetc.exe moved successfully.
C:\WINDOWS\FLEOK moved successfully.
C:\Program Files\180solutions moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\MSNSA32.dll NOT unregistered.
C:\WINDOWS\system32\MSNSA32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\saiemod.dll
C:\WINDOWS\saiemod.dll NOT unregistered.
C:\WINDOWS\saiemod.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msapasrc.dll
C:\WINDOWS\msapasrc.dll NOT unregistered.
C:\WINDOWS\msapasrc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msa64chk.dll NOT unregistered.
C:\WINDOWS\msa64chk.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\SIPSPI32.dll NOT unregistered.
C:\WINDOWS\system32\SIPSPI32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\shdocpe.dll NOT unregistered.
C:\WINDOWS\system32\shdocpe.dll moved successfully.
C:\WINDOWS\system32\ntnut32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\shdocpl.dll
C:\WINDOWS\shdocpl.dll NOT unregistered.
C:\WINDOWS\shdocpl.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpe.dll NOT unregistered.
C:\WINDOWS\shdocpe.dll moved successfully.
C:\WINDOWS\ntnut.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\winsb.dll
C:\WINDOWS\winsb.dll NOT unregistered.
C:\WINDOWS\winsb.dll moved successfully.
C:\Program Files\Sysmnt moved successfully.
LoadLibrary failed for C:\WINDOWS\browserad.dll
C:\WINDOWS\browserad.dll NOT unregistered.
C:\WINDOWS\browserad.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\aviwrap32.dll NOT unregistered.
C:\WINDOWS\aviwrap32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\avisynthex32.dll NOT unregistered.
C:\WINDOWS\avisynthex32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\avifile32.dll
C:\WINDOWS\avifile32.dll NOT unregistered.
C:\WINDOWS\avifile32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\autodisc32.dll
C:\WINDOWS\autodisc32.dll NOT unregistered.
C:\WINDOWS\autodisc32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\audiosrv32.dll NOT unregistered.
C:\WINDOWS\audiosrv32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\ati2dvag32.dll NOT unregistered.
C:\WINDOWS\ati2dvag32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvaa32.dll NOT unregistered.
C:\WINDOWS\ati2dvaa32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\athprxy32.dll
C:\WINDOWS\athprxy32.dll NOT unregistered.
C:\WINDOWS\athprxy32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\asycfilt32.dll NOT unregistered.
C:\WINDOWS\asycfilt32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\asferror32.dll
C:\WINDOWS\asferror32.dll NOT unregistered.
C:\WINDOWS\asferror32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\apphelp32.dll
C:\WINDOWS\apphelp32.dll NOT unregistered.
C:\WINDOWS\apphelp32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\changeurl_30.dll NOT unregistered.
C:\WINDOWS\changeurl_30.dll moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04032008_221603


Here is the DSS log.

Deckard's System Scanner v20071014.68
Run by Ding on 2008-04-03 22:25:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Ding.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:28 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ding\Desktop\Tools & Anti-Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ding.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5263 bytes

-- Files created between 2008-03-03 and 2008-04-03 -----------------------------

2008-04-03 21:58:06 0 drahs---- C:\autorun.inf
2008-04-03 00:05:06 0 d-------- C:\Program Files\Conduit
2008-04-03 00:04:55 0 d-------- C:\Program Files\P2P_Energy
2008-04-03 00:04:28 0 d-------- C:\Program Files\LimeWireTurbo
2008-04-02 21:33:14 1350 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-02 21:32:41 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-02 21:32:41 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-02 21:32:41 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-02 21:32:40 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-02 21:32:40 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-02 21:32:40 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-02 21:32:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-02 09:08:07 0 d-------- C:\Program Files\Trend Micro
2008-04-02 06:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 06:01:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 06:01:35 0 d-------- C:\Documents and Settings\Ding\Application Data\SUPERAntiSpyware.com
2008-04-02 03:03:34 0 d-------- C:\Documents and Settings\Ding\Application Data\Grisoft
2008-04-02 03:03:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 02:15:14 0 dr-h----- C:\$VAULT$.AVG
2008-04-02 00:18:37 0 d-------- C:\Documents and Settings\Ding\Application Data\AVG7
2008-04-02 00:18:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-02 00:17:19 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-01 15:36:55 32 --a------ C:\WINDOWS\go
2008-04-01 15:35:25 0 d-------- C:\WINDOWS\vf_hip
2008-04-01 15:35:23 0 d-------- C:\Program Files\Hide IP Platinum
2008-04-01 14:27:54 0 d-------- C:\Program Files\Pokemon World Online
2008-03-29 11:08:10 0 d-------- C:\Documents and Settings\Ding\Application Data\Google
2008-03-26 10:21:30 0 d-------- C:\WINDOWS\Lhsp
2008-03-22 18:05:04 0 d-------- C:\Documents and Settings\Ding\Application Data\WinRAR
2008-03-22 17:13:24 0 d-------- C:\Program Files\psx emulation cheater
2008-03-22 02:26:51 0 d-------- C:\Documents and Settings\Ding\Application Data\fltk.org
2008-03-22 02:15:25 0 d-------- C:\Program Files\ePSXe
2008-03-19 23:41:05 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:30 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:20 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:08 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-18 12:40:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-03-15 19:04:17 2156 --a------ C:\WINDOWS\system32\x_dtrace_log
2008-03-14 00:26:56 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-13 23:59:04 0 d-------- C:\Program Files\O2Jam
2008-03-10 18:27:33 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys


-- Find3M Report ---------------------------------------------------------------

2008-04-02 21:55:38 0 d-------- C:\Documents and Settings\Ding\Application Data\Lavasoft
2008-04-02 07:42:46 5752 --a------ C:\WINDOWS\mozver.dat
2008-04-02 06:00:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 23:53:17 0 d-------- C:\Documents and Settings\Ding\Application Data\U3
2008-04-01 19:50:45 0 d-------- C:\Documents and Settings\Ding\Application Data\LimeWire
2008-04-01 19:30:02 0 d-------- C:\Program Files\LimeWire Turbo
2008-04-01 19:24:31 0 d-------- C:\Documents and Settings\Ding\Application Data\uTorrent
2008-03-31 22:52:29 0 d-------- C:\Program Files\Google
2008-03-29 19:53:41 0 d-------- C:\Documents and Settings\Ding\Application Data\Skype
2008-03-29 19:53:25 0 d-------- C:\Documents and Settings\Ding\Application Data\skypePM
2008-03-18 12:45:52 0 d-------- C:\Program Files\TVUPlayer
2008-03-17 14:03:42 0 d-------- C:\Program Files\FreeStyle Philippines
2008-03-17 13:58:08 1629061 --a------ C:\Documents and Settings\Ding\Application Data\NMM-MetaData.db
2008-03-17 11:57:16 230432 --a------ C:\PA207.DAT
2008-03-15 18:35:09 0 d-------- C:\Program Files\Common Files
2008-03-15 17:47:45 821 --a------ C:\Documents and Settings\Ding\Application Data\.googlewebacchosts
2008-03-10 10:26:31 0 d-------- C:\Program Files\DivX
2008-03-05 22:28:44 0 d-------- C:\Documents and Settings\Ding\Application Data\Macromedia
2008-03-03 23:03:34 0 d-------- C:\Documents and Settings\Ding\Application Data\Nokia Multimedia Player
2008-02-16 10:26:20 0 d-------- C:\Program Files\FLVPlayer4Free
2008-02-16 00:24:12 0 d-------- C:\Program Files\Guitar Pro 5
2008-02-12 13:16:29 0 d-------- C:\Documents and Settings\Ding\Application Data\LimeWireTurbo
2008-02-10 09:34:52 0 d-------- C:\Program Files\NBFree MP3 to WMA Converter
2008-02-09 10:40:43 0 d-------- C:\Program Files\Skype
2008-02-09 10:40:38 0 d-------- C:\Program Files\Common Files\Skype
2008-02-08 17:59:17 0 d-------- C:\Program Files\Smallvideosoft
2008-02-03 17:44:05 0 d-------- C:\Program Files\WorkSheet Maker
2008-01-18 15:16:24 69632 --a------ C:\t1jc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/30/2008 02:37 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 04:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\gebyx nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1361785c-cc11-11dc-a033-0018d16d0a99}]
AutoRun\command- E:\xn1i9x.com
explore\Command- E:\xn1i9x.com
open\Command- E:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149e035e-ee7f-11db-9d3a-b341aca35469}]
Auto\command- E:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21fff01a-6bd6-11db-9bbb-8ac7608dbc6f}]
0pen\command- E:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de55cf4-2789-11db-bf94-e54f2073d76f}]
AutoRun\command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a12417-cd62-11db-9cdf-cd27c247ff68}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f86fb58-7006-11dc-9ed4-0018d16d0a99}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3e77ccc-0a16-11dc-9d92-c7b6db291568}]
0pen\command- E:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98f72d7-e65f-11db-9d24-a2d5a1074803}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9fd703a-2248-11dc-9de3-cf8d086c3668}]
0pen\command- E:\krag.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc889ea5-a238-11db-9c5a-c8212ea26768}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a2a780-f185-11dc-a0fa-0018d16d0a99}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- E:\Desktop.exe
Open\Command- E:\Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3e10f9-6b01-11db-9bb6-f6b7722aea6f}]
Auto\command- infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8aca97d-643b-11dc-9eab-0018d16d0a99}]
Auto\command- E:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ad5248-4b91-11db-9b4d-c0d91f4e5d68}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open




-- End of Deckard's System Scanner: finished at 2008-04-03 22:26:59 ------------

Edited by jayway23, 03 April 2008 - 08:31 AM.

  • 0

#7
Rorschach112
Posted 03 April 2008 - 10:47 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Plug your USB flash key in for this if you have one


Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1361785c-cc11-11dc-a033-0018d16d0a99}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{149e035e-ee7f-11db-9d3a-b341aca35469}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21fff01a-6bd6-11db-9bbb-8ac7608dbc6f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de55cf4-2789-11db-bf94-e54f2073d76f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88a12417-cd62-11db-9cdf-cd27c247ff68}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f86fb58-7006-11dc-9ed4-0018d16d0a99}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3e77ccc-0a16-11dc-9d92-c7b6db291568}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98f72d7-e65f-11db-9d24-a2d5a1074803}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9fd703a-2248-11dc-9de3-cf8d086c3668}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc889ea5-a238-11db-9c5a-c8212ea26768}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a2a780-f185-11dc-a0fa-0018d16d0a99}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3e10f9-6b01-11db-9bb6-f6b7722aea6f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8aca97d-643b-11dc-9eab-0018d16d0a99}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ad5248-4b91-11db-9b4d-c0d91f4e5d68}]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    E:\xn1i9x.com
E:\RavMonE.exe
E:\krag.exe
E:\Desktop.exe
E:\infrom.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log
  • 0

#8
jayway23
Posted 03 April 2008 - 12:44 PM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok, I already have a fix.reg on my desktop. However, when I click it and click "Yes", a "Registry Editor" error window appears that says "Cannot import C:\Documents and Settings\Ding\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor." And so I did not run the OTMoveIt2.exe. But my computer is running fine now, that is after the 4 minute startup. My computer is slow at startup, but after the estimated 4 minute startup, it speeds up and I can then see the desktop icons and taskbar.

Posted Image

Edited by jayway23, 03 April 2008 - 12:47 PM.

  • 0

#9
jayway23
Posted 03 April 2008 - 01:07 PM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
No wait! I tried it again and it worked. Hold on for the DSS log. Thank you!
  • 0

#10
jayway23
Posted 03 April 2008 - 01:13 PM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the OTMoveIt2 log.
File/Folder E:\xn1i9x.com not found.
File/Folder E:\RavMonE.exe not found.
File/Folder E:\krag.exe not found.
File/Folder E:\Desktop.exe not found.
File/Folder E:\infrom.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_030840


Here is the DSS log.
Deckard's System Scanner v20071014.68
Run by Ding on 2008-04-04 03:10:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Ding.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:57 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ding\Desktop\Tools & Anti-Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ding.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbuC\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5275 bytes

-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-03 21:58:06 0 drahs---- C:\autorun.inf
2008-04-03 00:05:06 0 d-------- C:\Program Files\Conduit
2008-04-03 00:04:55 0 d-------- C:\Program Files\P2P_Energy
2008-04-03 00:04:28 0 d-------- C:\Program Files\LimeWireTurbo
2008-04-02 21:33:14 1350 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-02 21:32:41 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-02 21:32:41 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-02 21:32:41 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-02 21:32:40 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-02 21:32:40 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-02 21:32:40 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-02 21:32:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-02 09:08:07 0 d-------- C:\Program Files\Trend Micro
2008-04-02 06:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-02 06:01:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-02 06:01:35 0 d-------- C:\Documents and Settings\Ding\Application Data\SUPERAntiSpyware.com
2008-04-02 03:03:34 0 d-------- C:\Documents and Settings\Ding\Application Data\Grisoft
2008-04-02 03:03:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 02:15:14 0 dr-h----- C:\$VAULT$.AVG
2008-04-02 00:18:37 0 d-------- C:\Documents and Settings\Ding\Application Data\AVG7
2008-04-02 00:18:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-02 00:17:19 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-01 15:36:55 32 --a------ C:\WINDOWS\go
2008-04-01 15:35:25 0 d-------- C:\WINDOWS\vf_hip
2008-04-01 15:35:23 0 d-------- C:\Program Files\Hide IP Platinum
2008-04-01 14:27:54 0 d-------- C:\Program Files\Pokemon World Online
2008-03-29 11:08:10 0 d-------- C:\Documents and Settings\Ding\Application Data\Google
2008-03-26 10:21:30 0 d-------- C:\WINDOWS\Lhsp
2008-03-22 18:05:04 0 d-------- C:\Documents and Settings\Ding\Application Data\WinRAR
2008-03-22 17:13:24 0 d-------- C:\Program Files\psx emulation cheater
2008-03-22 02:26:51 0 d-------- C:\Documents and Settings\Ding\Application Data\fltk.org
2008-03-22 02:15:25 0 d-------- C:\Program Files\ePSXe
2008-03-19 23:41:05 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:30 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:20 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-19 23:40:08 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-03-18 12:40:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-03-15 19:04:17 2156 --a------ C:\WINDOWS\system32\x_dtrace_log
2008-03-14 00:26:56 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-13 23:59:04 0 d-------- C:\Program Files\O2Jam
2008-03-10 18:27:33 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys


-- Find3M Report ---------------------------------------------------------------

2008-04-02 21:55:38 0 d-------- C:\Documents and Settings\Ding\Application Data\Lavasoft
2008-04-02 07:42:46 5752 --a------ C:\WINDOWS\mozver.dat
2008-04-02 06:00:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 23:53:17 0 d-------- C:\Documents and Settings\Ding\Application Data\U3
2008-04-01 19:50:45 0 d-------- C:\Documents and Settings\Ding\Application Data\LimeWire
2008-04-01 19:30:02 0 d-------- C:\Program Files\LimeWire Turbo
2008-04-01 19:24:31 0 d-------- C:\Documents and Settings\Ding\Application Data\uTorrent
2008-03-31 22:52:29 0 d-------- C:\Program Files\Google
2008-03-29 19:53:41 0 d-------- C:\Documents and Settings\Ding\Application Data\Skype
2008-03-29 19:53:25 0 d-------- C:\Documents and Settings\Ding\Application Data\skypePM
2008-03-18 12:45:52 0 d-------- C:\Program Files\TVUPlayer
2008-03-17 14:03:42 0 d-------- C:\Program Files\FreeStyle Philippines
2008-03-17 13:58:08 1629061 --a------ C:\Documents and Settings\Ding\Application Data\NMM-MetaData.db
2008-03-17 11:57:16 230432 --a------ C:\PA207.DAT
2008-03-15 18:35:09 0 d-------- C:\Program Files\Common Files
2008-03-15 17:47:45 821 --a------ C:\Documents and Settings\Ding\Application Data\.googlewebacchosts
2008-03-10 10:26:31 0 d-------- C:\Program Files\DivX
2008-03-05 22:28:44 0 d-------- C:\Documents and Settings\Ding\Application Data\Macromedia
2008-03-03 23:03:34 0 d-------- C:\Documents and Settings\Ding\Application Data\Nokia Multimedia Player
2008-02-16 10:26:20 0 d-------- C:\Program Files\FLVPlayer4Free
2008-02-16 00:24:12 0 d-------- C:\Program Files\Guitar Pro 5
2008-02-12 13:16:29 0 d-------- C:\Documents and Settings\Ding\Application Data\LimeWireTurbo
2008-02-10 09:34:52 0 d-------- C:\Program Files\NBFree MP3 to WMA Converter
2008-02-09 10:40:43 0 d-------- C:\Program Files\Skype
2008-02-09 10:40:38 0 d-------- C:\Program Files\Common Files\Skype
2008-02-08 17:59:17 0 d-------- C:\Program Files\Smallvideosoft
2008-01-18 15:16:24 69632 --a------ C:\t1jc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/30/2008 02:37 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 04:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-04 03:11:34 ------------
  • 0

#11
Rorschach112
Posted 03 April 2008 - 02:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Perfect

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#12
jayway23
Posted 04 April 2008 - 12:02 AM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I think my computer does not run in its full potential because like what I said the startup is slow. Other than that, when I open my computer and it reaches to the point when I am able to see my wallpaper, I have to wait for 3-4 minutes to see the icons and the taskbar. And another thing is that when I refresh it, usually, in a normal computer, when it is refreshed its like only a "blink". Mine is not like that. But everything runs fine after 10 mins from the startup. I do not know if the storage space is the thing that makes it slow because I only have a maximum of 37.5GB in this computer and my free space is 5.55GB and I only have 256MB of RAM.

Anyways, here is the MBAM log...

Malwarebytes' Anti-Malware 1.10
Database version: 589

Scan type: Full Scan (A:\|C:\|E:\|)
Objects scanned: 95093
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.


Thank you for your time Rorschach112! I hope everything will run fine. :)

Edited by jayway23, 04 April 2008 - 03:04 AM.

  • 0

#13
Rorschach112
Posted 04 April 2008 - 05:56 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#14
jayway23
Posted 04 April 2008 - 09:56 AM

jayway23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you so much Rorschach112! :) I will never download any software from youtorrent.com again. I hope my computer will never experience any difficulties ever again. Well, thanks for the help man! :) See you around!
  • 0

#15
Rorschach112
Posted 04 April 2008 - 09:57 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP