Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to connect to internet after AVG removed trojans [RESOLVED]

Started by pearce15 , Oct 16 2008 10:25 PM

  • This topic is locked This topic is locked

#31
emeraldnzl
Posted 25 October 2008 - 12:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

not sure if the BackDoor.MaosBoot on my pc had been removed previously?


Yes we got that one with Dr Web CureIt. My purpose in that post was to warn you what that nasty did. Also I wanted to make sure it was gone before you used your computer for financial transactions.

The good news is that I think your machine is clean now. :)

By the way, did you install another firewall to replace ZoneAlarm? It's important to have both a good anti-virus and a good firewall.

We have a couple of last steps to perform and then you're all set. :)

Please go here to download OTCleanIt.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

You can delete the Dr Web quarantine items now and delete the Dr Web CureIt file if you wish.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This iss the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

-------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program which works well with XP:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

------------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • SUPERAntiSpyware Free for Home Users to detect and remove spyware.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

    If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
  • Microsoft Windows Update
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

Advertisements

#32
pearce15
Posted 25 October 2008 - 11:18 PM

pearce15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Thank you emeraldnzl for your time and effort! Its been a really useful experience for me.

Cheers,
pearce15
  • 0

#33
emeraldnzl
Posted 25 October 2008 - 11:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Your very welcome. :)
  • 0

#34
emeraldnzl
Posted 25 October 2008 - 11:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#35
admin
Posted 30 October 2008 - 10:42 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Reopened at topic starters request.
  • 0

#36
admin
Posted 30 October 2008 - 11:14 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Oops! I forgot to reopen. Open now. :)
  • 0

#37
pearce15
Posted 30 October 2008 - 11:24 PM

pearce15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi again,

I am facing the exact problem again. Not sure what happened before. Now I am not able to even connect to my outlook express and online messenging services. Strangely, it shows some connection but to another network instead of my own. I am also unable to restart the connection.

Help!
  • 0

#38
pearce15
Posted 03 November 2008 - 11:40 PM

pearce15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi may someone assist me on this? Thanks...
  • 0

#39
emeraldnzl
Posted 04 November 2008 - 12:32 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello pearce15,

My apologies I missed that this had been re-opened.

Lets see if we can get something to see what is going on. :)
  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#40
pearce15
Posted 04 November 2008 - 10:16 AM

pearce15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi emeraldnzl,

no worries. I will also be slower at responding this week but here are the logs anyway:

info.txt logfile of random's system information tool 1.04 2008-11-05 00:14:21

======Uninstall list======

-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->E:\Program Files\AC3Filter\uninstall.exe
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe AIR-->e:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->E:\WINDOWS\atmoUn.exe
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->E:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->E:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3-->MsiExec.exe /I{D7A53E41-3F32-4A44-989C-53DDEBB2130C}
Adobe Fireworks CS3-->E:\Program Files\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3-->MsiExec.exe /I{E16110F7-1C85-4675-99F4-7938F832C825}
Adobe Flash Player ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->E:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Photoshop Lightroom-->MsiExec.exe /I{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{15C768E2-AB61-4DE3-952F-6B237A834951}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->E:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fE:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft TotalMedia Backup-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0249E03D-1DB0-4BAE-95F3-C79A7A14E255}\SETUP.EXE" -l0x9
Ask Toolbar-->"E:\Program Files\AskBarDis\unins000.exe"
ATI - Software Uninstall Utility-->E:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 E:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Avanquest update-->E:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.0-->E:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon Camera Access Library-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon EOS 5D WIA Driver-->E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon EOS-1D Mark II N WIA Driver-->E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35260E0B-A8C2-4D25-97E2-448DE7275C85} /l1033
Canon EOS-1Ds Mark II WIA Driver-->E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE}
Canon i9950-->E:\WINDOWS\system32\CNMCP5x.exe "-PRINTERNAMECanon i9950" "-HELPERDLLE:\BJPrinter\CNMWINDOWS\Canon i9950 Installer\Inst2\cnmis.dll" "-RCDLLE:\BJPrinter\CNMWINDOWS\Canon i9950 Installer\Inst2\cnmi0409.dll"
Canon RAW Image Task for ZoomBrowser EX-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 3.1-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities Easy-PhotoPrint Plus-->E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"E:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint-->E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"E:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities Easy-PrintToolBox-->E:\WINDOWS\BJPSUNST.EXE
Canon Utilities EOS Utility-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities Original Data Security Tools-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"E:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "E:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CD to MP3 Ripper-->C:\MISCIN~1\CD&DVD~1\CDTOMP~1\CDTOMP~1\UNWISE.EXE C:\MISCIN~1\CD&DVD~1\CDTOMP~1\CDTOMP~1\INSTALL.LOG
CD-LabelPrint-->"E:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Comic Life-->MsiExec.exe /X{A0FC458F-AA6E-430A-B91C-1D6640B4B149}
COMODO Internet Security-->E:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
COMODO SafeSurf-->E:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Cryptainer LE-->"C:\Misc installers\Protection tools\Cryptainer LE\unins000.exe"
eMusic - 50 Free MP3 offer-->"E:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Eraser-->"E:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->E:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
ffdshow (remove only)-->"E:\Program Files\ffdshow\uninstall.exe"
floAt's Mobile Agent 2-->"E:\Program Files\FMA 2\unins000.exe"
FLV Player 1.3.3-->"E:\Program Files\FLVPlayer\uninstall.exe"
getPlus® for Adobe-->"E:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "e:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"E:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"E:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Instant Wireless USB Adapter-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}\Setup.exe" -l0x9
Internet Explorer Q832894-->E:\WINDOWS\ieuninst.exe E:\WINDOWS\INF\Q832894.inf
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Korean Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-900000000003}
LimeWire 4.16.6-->"C:\Misc installers\Limewire\uninstall.exe"
Macromedia Dreamweaver MX 2004-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Magic ISO Maker v5.4 (build 0239)-->E:\PROGRA~1\MAGICISO\UNWISE.EXE E:\PROGRA~1\MAGICISO\INSTALL.LOG
Memorex Button Manager-->E:\Program Files\Memorex Button Manager\Memorex HDD Button Uninstall.exe
Microsoft .NET Framework 2.0-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"E:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero OEM-->E:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express-->E:\WINDOWS\UNNeroVision.exe /UNINSTALL
Panda ActiveScan-->E:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoScape-->"E:\Program Files\PhotoScape\uninstall.exe"
Plaxo Toolbar for Windows-->E:\Program Files\Plaxo\3.7.1.2\uninstall_en.exe
Portrait Professional 6.5-->"E:\Program Files\Portrait Professional 6\unins000.exe"
PowerDVD-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Remove Hidden Data Tool-->MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
Replay Converter 2.20-->E:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini"
Replay Media Catcher-->"E:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:E:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher-->E:\PROGRA~1\REPLAY~1\UNWISE.EXE E:\PROGRA~1\REPLAY~1\INSTALL.LOG
RescuePRO 3.3-->E:\WINDOWS\iun507.exe E:\Program Files\RescuePRO\irunin.ini
Shockwave-->E:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
SnagIt 7-->E:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
Sony Ericsson Media Manager 1.0-->MsiExec.exe /X{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}
Sony Ericsson PC Suite 3.209.00-->E:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite-->MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Soundslides-->"C:\Program Files\Soundslides\uninstall.exe" \u
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"E:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWF & FLV Toolbox 3.5 (build 3.5.16.242)-->"C:\Misc installers\SWF & FLV Toolbox\unins000.exe"
U.R.Celeb 2.06-->E:\Program Files\U.R.Celeb\uninst.exe
Update for Windows XP (KB898461)-->"E:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update Service-->E:\Program Files\Sony Ericsson\Update Service\uninst.exe
Winamp-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"E:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2-->E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPatrol 2007-->E:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
YouSendIt Application Plug-in SDK-->E:\Program Files\InstallShield Installation Information\{D6F80A9A-D655-4DCE-BC53-AC2A55324F5C}\setup.exe -runfromtemp -l0x0409
YouSendIt Plug-in for Photoshop-->E:\Program Files\InstallShield Installation Information\{33CECB7B-D339-493F-A74D-9188E8341DD6}\setup.exe -runfromtemp -l0x0409

=====HijackThis Backups=====

O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll
O2 - BHO: (no name) - {48DB7DDF-871C-4B9B-92D1-C61A1457120C} - E:\WINDOWS\system32\msimg3.dll

======Security center information======

AV: COMODO Antivirus
AV: AVG Anti-Virus Free
FW: COMODO Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;E:\Program Files\ATI Technologies\ATI Control Panel;E:\Program Files\QuickTime\QTSystem;E:\Program;E:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;E:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=E:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Chris at 2008-11-05 00:14:04
Microsoft Windows XP Professional Service Pack 2, v.2096
System drive E: has 4 GB (23%) free of 19 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:19 AM, on 11/5/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\WINDOWS\system32\cryptainersrv.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\COMODO\SafeSurf\cssurf.exe
E:\Program Files\COMODO\COMODO Internet Security\cfp.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Misc installers\Protection tools\Eraser\Eraser.exe
E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Chris\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.c...c...p;gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - E:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "E:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Misc installers\Protection tools\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199678078437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll E:\WINDOWS\system32\guard32.dll E:\WINDOWS\system32\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - E:\WINDOWS\SYSTEM32\cryptainersrv.exe

--
End of file - 10538 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-03-09 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - E:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - E:\Program Files\Java\jre6\bin\ssv.dll [2008-10-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-03-09 131072]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - E:\WINDOWS\System32\msdxm.ocx [2004-03-12 843802]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - E:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"=E:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ATIPTA"=E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-01 335872]
"NeroFilterCheck"=E:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"WinPatrol"=E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-25 316728]
"AVG8_TRAY"=E:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-02 1234712]
"POINTER"=point32.exe []
"ZoneAlarm Client"=E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
"COMODO SafeSurf"=E:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-10-25 278264]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"COMODO Internet Security"=E:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-10-30 1797880]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=E:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"PlaxoUpdate"=E:\Program Files\Plaxo\3.7.0.49\PlaxoHelper_en.exe [2007-12-20 283207]
"SUPERAntiSpyware"=E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"SpybotSD TeaTimer"=E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2007-08-31 1460560]
"Eraser"=C:\Misc installers\Protection tools\Eraser\Eraser.exe [2007-12-23 916240]
"Sony Ericsson PC Suite"=E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE
Acrobat Assistant.lnk - E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll E:\WINDOWS\system32\guard32.dll E:\WINDOWS\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2003-10-28 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Misc installers\Limewire\LimeWire.exe"="C:\Misc installers\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe"="E:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"E:\Program Files\AVG\AVG8\avgupd.exe"="E:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"E:\Program Files\AVG\AVG8\avgemc.exe"="E:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"E:\Documents and Settings\Chris\Local Settings\temp\7zS3.tmp\SymNRT.exe"="E:\Documents and Settings\Chris\Local Settings\temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"E:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="E:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"E:\Program Files\MSN Messenger\MSNMSGR.EXE"="E:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "E:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-11-05 00:14:04 ----D---- E:\rsit
2008-10-26 13:23:11 ----D---- E:\Program Files\Apple Software Update
2008-10-26 00:09:31 ----D---- E:\Documents and Settings\Chris\Application Data\Comodo
2008-10-25 12:48:56 ----D---- E:\Program Files\Common Files\Adobe AIR
2008-10-25 12:46:50 ----D---- E:\Documents and Settings\Chris\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-25 12:40:00 ----D---- E:\Documents and Settings\All Users\Application Data\NOS
2008-10-25 12:39:57 ----D---- E:\Program Files\NOS
2008-10-25 12:39:12 ----A---- E:\WINDOWS\system32\javaws.exe
2008-10-25 12:39:12 ----A---- E:\WINDOWS\system32\javaw.exe
2008-10-25 12:39:12 ----A---- E:\WINDOWS\system32\java.exe
2008-10-25 12:39:12 ----A---- E:\WINDOWS\system32\deploytk.dll
2008-10-25 12:29:01 ----A---- E:\WINDOWS\system32\cssdll32.dll
2008-10-25 12:28:59 ----D---- E:\Program Files\AskSearch
2008-10-25 12:28:58 ----D---- E:\Program Files\AskBarDis
2008-10-25 12:28:22 ----D---- E:\Documents and Settings\All Users\Application Data\comodo
2008-10-25 12:28:22 ----A---- E:\WINDOWS\system32\guard32.dll
2008-10-25 12:28:19 ----D---- E:\Program Files\COMODO
2008-10-25 12:25:46 ----A---- E:\Program Files\CIS_Setup_3.5.53896.424_XP_Vista_x32.exe
2008-10-25 12:25:03 ----D---- E:\Program Files\JavaRa
2008-10-25 12:16:38 ----D---- E:\Documents and Settings\Chris\Application Data\Google
2008-10-25 12:15:58 ----D---- E:\Documents and Settings\All Users\Application Data\Google
2008-10-25 12:15:55 ----D---- E:\Program Files\Google
2008-10-21 11:25:29 ----D---- E:\WINDOWS\ERUNT
2008-10-21 09:43:44 ----D---- E:\WINDOWS\system32\PreInstall
2008-10-21 09:43:42 ----HD---- E:\WINDOWS\$NtUninstallKB898461$
2008-10-20 18:52:01 ----D---- E:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-16 13:11:26 ----A---- E:\WINDOWS\resetlog.txt
2008-10-06 11:48:17 ----D---- E:\Documents and Settings\Chris\Application Data\EBookSys

======List of files/folders modified in the last 1 months======

2008-11-04 14:48:06 ----A---- E:\WINDOWS\SchedLgU.Txt
2008-10-21 11:27:22 ----A---- E:\WINDOWS\ntbtlog.txt
2008-10-20 18:46:36 ----A---- E:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; E:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; E:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 cmdHlp;COMODO Internet Security Helper Driver; E:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-10-25 31504]
R1 intelppm;Intel Processor Driver; E:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-03-12 33792]
R1 SASDIFSV;SASDIFSV; \??\E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AvgTdiX;AVG8 Network Redirector; E:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 ssoftnt4;ssoftnt4; \??\E:\WINDOWS\system32\Drivers\ssoftnt4.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; E:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-10-28 620032]
R3 GEARAspiWDM;GEARAspiWDM; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-20 9600]
R3 IPFilter;Microsoft IntelliPoint Features driver; E:\WINDOWS\System32\DRIVERS\IPFilter.sys [2002-04-12 11136]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-03-11 20992]
R3 SASENUM;SASENUM; \??\E:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-03-12 26624]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-03-12 57600]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver; E:\WINDOWS\System32\DRIVERS\netusbxp.sys [2002-02-20 72576]
R3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-03-12 26624]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-03-12 20480]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; E:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-10-25 99856]
S3 GAGPDrv;GAGPDrv; E:\WINDOWS\system32\drivers\GAGPDrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; E:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
S3 ggsemc;SEMC USB Flash Driver; E:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-02-27 20520]
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; E:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 22880]
S3 k750bus;Sony Ericsson 750 driver (WDM); E:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; E:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; E:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; E:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mbr;mbr; \??\E:\DOCUME~1\Chris\LOCALS~1\Temp\mbr.sys []
S3 s117bus;Sony Ericsson Device 117 driver (WDM); E:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; E:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; E:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); E:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); E:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; E:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); E:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-03-12 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-03-12 15104]
S3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2003-10-28 376832]
R2 avg8emc;AVG8 E-mail Scanner; E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; E:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 cmdAgent;COMODO Internet Security Helper Service; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-10-25 614136]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 ssoftservice;Cryptainer service; E:\WINDOWS\system32\cryptainersrv.exe [2007-01-24 74240]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2003-10-28 188416]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-23 72704]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-15 654848]
S3 getPlus® Helper;getPlus® Helper; E:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 Macromedia Licensing Service;Macromedia Licensing Service; E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-10-14 68096]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; E:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 gusvc;Google Updater Service; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-25 138168]

-----------------EOF-----------------
  • 0

Advertisements

#41
emeraldnzl
Posted 04 November 2008 - 01:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again pearce15,

Slightly different approach to start with this time.

Please disable TeaTimer for now until you are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Now

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

  • 0

#42
pearce15
Posted 08 November 2008 - 12:43 AM

pearce15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi emeraldnzl,

sorry for slow response as had been away from work. Here is the SDFix report:


SDFix: Version 1.240
Run by Chris on Sat 11/08/2008 at 02:26 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: E:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

E:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
E:\WINDOWS\Temp\ed47fa.$ - Deleted
E:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted

Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer




Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 14:36:37
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Misc installers\\Limewire\\LimeWire.exe"="C:\\Misc installers\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\uTorrent\\uTorrent.exe"="E:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"E:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="E:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"="E:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"="E:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"E:\\Documents and Settings\\Chris\\Local Settings\\temp\\7zS3.tmp\\SymNRT.exe"="E:\\Documents and Settings\\Chris\\Local Settings\\temp\\7zS3.tmp\\SymNRT.exe:*:Enabled:Norton Removal Tool"
"E:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="E:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"E:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"="E:\\Program Files\\MSN Messenger\\MSNMSGR.EXE:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - E:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 27 Jun 2005 616,448 A.SHR --- "E:\WINDOWS\system32\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "E:\WINDOWS\system32\cygz.dll"
Fri 15 Jul 2005 27,648 A.SH. --- "E:\WINDOWS\system32\AVSredirect.dll"
Sat 26 Jan 2008 145,920 ..SHR --- "E:\Program Files\BillP Studios\WinPatrol\Setup.exe"

Finished!
  • 0

#43
emeraldnzl
Posted 08 November 2008 - 02:22 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

sorry for slow response as had been away from work.


Is this a work computer?

Now

It is important you carry out instructions exactly in the order they appear.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Next

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • Dr Web Cureit report
  • ComboFix text
  • a new HijackThis log
  • 0

#44
pearce15
Posted 08 November 2008 - 12:17 PM

pearce15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Hi emeraldnzl,

it is used mostly for surfing and work related emails from outlook express.

Attached is my Dr. Web Cureit report.Attached File  DrWeb.csv.zip   550bytes   157 downloads


Again, altho it detected that I din hv the windows recovery console installed, it wasnt able to download the files after which it continued with its other processes. Here is my ComboFix test log:

ComboFix 08-11-07.01 - Chris 2008-11-09 2:03:53.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT 8:00]
Running from: e:\documents and settings\Chris\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-08 14:18 . 2008-11-06 02:03 <DIR> d-------- E:\SDFix
2008-11-05 00:14 . 2008-11-05 00:14 <DIR> d-------- E:\rsit
2008-10-26 13:23 . 2008-10-26 13:23 <DIR> d-------- e:\program files\Apple Software Update
2008-10-26 00:09 . 2008-10-26 00:09 <DIR> d-------- e:\documents and settings\Chris\Application Data\Comodo
2008-10-25 12:48 . 2008-10-25 12:48 <DIR> d-------- e:\program files\Common Files\Adobe AIR
2008-10-25 12:46 . 2008-10-25 12:46 <DIR> d-------- e:\documents and settings\Chris\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-25 12:40 . 2008-10-25 12:40 <DIR> d-------- e:\documents and settings\All Users\Application Data\NOS
2008-10-25 12:39 . 2008-10-25 12:39 <DIR> d-------- e:\program files\NOS
2008-10-25 12:39 . 2008-10-25 12:38 410,976 --a------ e:\windows\system32\deploytk.dll
2008-10-25 12:30 . 2008-10-25 12:30 <DIR> d-------- e:\documents and settings\Chris\.SunDownloadManager
2008-10-25 12:29 . 2008-10-25 12:29 249,592 --a------ e:\windows\system32\cssdll32.dll
2008-10-25 12:28 . 2008-10-25 12:28 <DIR> d-------- e:\program files\COMODO
2008-10-25 12:28 . 2008-10-25 12:29 <DIR> d-------- e:\program files\AskSearch
2008-10-25 12:28 . 2008-10-25 12:29 <DIR> d-------- e:\program files\AskBarDis
2008-10-25 12:28 . 2008-10-25 12:28 <DIR> d-------- e:\documents and settings\All Users\Application Data\comodo
2008-10-25 12:28 . 2008-10-25 12:28 143,096 --a------ e:\windows\system32\guard32.dll
2008-10-25 12:28 . 2008-10-25 12:28 99,856 --a------ e:\windows\system32\drivers\cmdguard.sys
2008-10-25 12:28 . 2008-10-25 12:28 31,504 --a------ e:\windows\system32\drivers\cmdhlp.sys
2008-10-25 12:25 . 2008-10-25 12:25 <DIR> d-------- e:\program files\JavaRa
2008-10-25 12:25 . 2008-10-25 12:25 25,831,688 --a------ e:\program files\CIS_Setup_3.5.53896.424_XP_Vista_x32.exe
2008-10-25 12:15 . 2008-10-25 12:15 <DIR> d-------- e:\program files\Google
2008-10-23 10:31 . 2008-10-23 10:32 <DIR> d-------- e:\documents and settings\Chris\DoctorWeb
2008-10-21 11:27 . 2008-10-21 11:27 578,048 --a------ e:\windows\system32\dllcache\user32.dll
2008-10-21 11:25 . 2008-10-21 11:25 <DIR> d-------- e:\windows\ERUNT
2008-10-20 18:52 . 2008-10-20 18:52 <DIR> d-------- e:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 03:48 --------- d-----w e:\documents and settings\Chris\Application Data\EBookSys
2008-08-29 15:49 286,720 ----a-w e:\windows\iun507.exe
2008-08-19 02:50 189,016 ----a-w e:\documents and settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 15:50 4 --sh--r e:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-10-13 18:43 18,040,176 ----a-w e:\program files\Install_Messenger_nous.exe
2003-11-04 18:54 5,406,945 ------w e:\program files\Setupligh.exe
2005-06-26 22:32 616,448 --sha-r e:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 --sha-r e:\windows\system32\cygz.dll
2005-07-14 19:31 27,648 --sha-w e:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ e:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="e:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PlaxoUpdate"="e:\program files\Plaxo\3.7.1.2\PlaxoHelper_en.exe" [2007-12-20 283207]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-05 1576176]
"Eraser"="c:\misc installers\Protection tools\Eraser\Eraser.exe" [2007-12-23 916240]
"Sony Ericsson PC Suite"="e:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="e:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ATIPTA"="e:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 335872]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="e:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="e:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinPatrol"="e:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-25 316728]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-02 1234712]
"COMODO SafeSurf"="e:\program files\COMODO\SafeSurf\cssurf.exe" [2008-10-25 278264]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"COMODO Internet Security"="e:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-10-30 1797880]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 e:\windows\SOUNDMAN.EXE]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Acrobat Assistant.lnk - e:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Misc installers\\Limewire\\LimeWire.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"e:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"e:\\Program Files\\MSN Messenger\\MSNMSGR.EXE"=

R1 AvgLdx86;AVG AVI Loader Driver x86;e:\windows\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 cmdHlp;COMODO Internet Security Helper Driver;e:\windows\system32\DRIVERS\cmdhlp.sys [2008-10-25 31504]
R2 avg8emc;AVG8 E-mail Scanner;e:\progra~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 AvgTdiX;AVG8 Network Redirector;e:\windows\system32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 JavaQuickStarterService;Java Quick Starter;e:\program files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 ssoftnt4;ssoftnt4;e:\windows\system32\Drivers\ssoftnt4.sys [2007-07-13 100728]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;e:\windows\system32\DRIVERS\netusbxp.sys [2002-02-20 72576]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;e:\windows\system32\DRIVERS\cmdguard.sys [2008-10-25 99856]
S3 getPlus® Helper;getPlus® Helper;e:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 ggflt;SEMC USB Flash Driver Filter;e:\windows\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-ZoneAlarm Client - e:\program files\Zone Labs\ZoneAlarm\zlclient.exe
HKLM-Run-POINTER - point32.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - e:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\0g2wi5w8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.facebook.com/index.php?
FF -: plugin - e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - e:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - e:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 02:07:30
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: e:\windows\system32\winlogon.exe
-> e:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\SYSTEM32\ATI2EVXX.EXE
e:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
e:\windows\SYSTEM32\ATI2EVXX.EXE
e:\program files\ADOBE\PHOTOSHOP ELEMENTS 5.0\PHOTOSHOPELEMENTSFILEAGENT.EXE
e:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
e:\program files\AVG\AVG8\AVGWDSVC.EXE
e:\program files\BONJOUR\MDNSRESPONDER.EXE
e:\program files\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE
e:\windows\SYSTEM32\CRYPTAINERSRV.EXE
e:\windows\SYSTEM32\WDFMGR.EXE
e:\program files\CANON\CAL\CALMAIN.EXE
e:\program files\AVG\AVG8\AVGTRAY.EXE
e:\program files\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
e:\program files\AVG\AVG8\AVGRSX.EXE
.
**************************************************************************
.
Completion time: 2008-11-09 2:09:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-08 18:09:18

Pre-Run: 4,348,706,816 bytes free
Post-Run: 4,439,359,488 bytes free

166 --- E O F --- 2008-11-01 11:08:58


Finally, my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:12 AM, on 11/9/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\cryptainersrv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\COMODO\SafeSurf\cssurf.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\Program Files\COMODO\COMODO Internet Security\cfp.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Plaxo\3.7.1.2\PlaxoHelper_en.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Misc installers\Protection tools\Eraser\Eraser.exe
E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.c...c...p;gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "E:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] E:\Program Files\Plaxo\3.7.1.2\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Eraser] C:\Misc installers\Protection tools\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199678078437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - E:\WINDOWS\SYSTEM32\cryptainersrv.exe

--
End of file - 10157 bytes

Fyi, I am still unable to surf the internet or retrieve emails and use online messenging. :)

Attached Files


  • 0

#45
emeraldnzl
Posted 08 November 2008 - 02:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello pearce15,

I am posting that Dr Web Cureit report. Makes it easier to read.

Process in memory: E:\WINDOWS\system32\services.exe:620;;BackDoor.MaosBoot;Eradicated.;
SDFix.exe\SDFix\apps\Process.exe;E:\Documents and Settings\Chris\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;E:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
A0001019.reg;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP1;Trojan.StartPage.1505;Deleted.;
A0003381.exe\SDFix\apps\Process.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP9\A0003381.exe;Tool.Prockill;;
A0003381.exe;E:\System Volume Information\_restore{8CBFC58D-620B-4495-B1D2-05DF13D9B1B1}\RP9;Archive contains infected objects;Moved.;
Process.exe;E:\SDFix\apps;Tool.Prockill;;
ComboFix.exe\32788R22FWJFW\C.bat;J:\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;J:\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;J:\;Archive contains infected objects;Moved.;
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP