Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Problems [RESOLVED]

Started by syco26 , Sep 20 2008 06:53 PM

  • This topic is locked This topic is locked

#16
syco26
Posted 23 September 2008 - 03:10 AM

syco26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I left it going all night and all of today and it finaly finished however I clicked view the log then save it and it has frozen with the save dialogue box open on my screen and won't allow me to do any thing. Should I shut it down and try Panda or just leave there for a while longer and see if anything happens?
  • 0

Advertisements

#17
andrewuk
Posted 23 September 2008 - 03:25 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
i would go down the panda route.
  • 0

#18
syco26
Posted 23 September 2008 - 04:01 AM

syco26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Oh I nearly forgot here is the Javara log

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Sep 22 21:17:37 2008

Found and removed: C:\Program Files\Java\j2re1.4.1_02

Found and removed: C:\Program Files\Java\j2re1.4.2_05

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28

Found and removed: C:\Program Files\Java Web Start

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFCE5837-FC21-11D6-9D24-00010240CE95}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Classes\JavaPlugin.141_02

Found and removed: SOFTWARE\Classes\JavaPlugin.142_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.1_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.1_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.
  • 0

#19
syco26
Posted 23 September 2008 - 04:02 AM

syco26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here is the new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:57, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://ninemsn.com.au/"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [W2acecad.Wtxpload] C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.airbrush.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160400379609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F6CD93-82B0-4D39-80CE-E9DD36A5DE4A}: Domain = sa.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0231771222152088) (0231771222152088mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023177~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15526 bytes


The Panda scan is running now
  • 0

#20
syco26
Posted 23 September 2008 - 06:29 AM

syco26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
And here is the Panda scan Log

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-09-23 21:59:02
PROTECTIONS: 2
MALWARE: 39
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029424 adware/cws.searchmeup Adware No 1 Yes No c:\documents and settings\carl\favorites\gambling
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\carl\favorites\adult
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Application Data\Mozilla\Firefox\Profiles\khvsxubm.default\cookies.txt[.tucows.com/]
00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Application Data\Mozilla\Firefox\Profiles\khvsxubm.default\cookies.txt[.tucows.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@toplist[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\[email protected][2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@overture[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\CARL\Cookies\carl@adultfriendfinder[1].txt
00241796 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020829.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020831.DLL
00241834 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020825.dll
00332270 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
00361463 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP156\A0020830.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\Uninstall Morpheus Toolbar.dll
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\PROGRA~1\UNINST~1.DLL
00361464 Application/MyWebSearch HackTools No 0 Yes No C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
00384294 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020118.exe
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe][5.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir[C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe][5.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020208.exe
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe][MicroAV.exe]
00384294 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe][5.exe][MicroAV.exe]
00385800 Application/UltimateAntivirus2008 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020243.cpl
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe][5.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir[C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe][MicroAV.cpl]
00385800 Application/UltimateAntivirus2008 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020116.cpl
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020086.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020120.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020090.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020202.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020191.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\YURB.exe.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020128.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\x.vir
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][3.exe]
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP153\A0020527.exe
00386560 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020394.exe
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\empa.exe.vir
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe
00386564 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\[4][email protected][YUR6C4.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020125.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\7.exe.vir
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020397.exe
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][7.exe]
00386576 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020101.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020389.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][0.exe]
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][0.exe]
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020131.exe
00386577 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir
00386577 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][0.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020084.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020119.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020395.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020192.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][4.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020127.exe
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][4.exe]
00386581 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][4.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020392.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020201.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP153\A0020526.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020200.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020093.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\YURA.exe.vir
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020083.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020190.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020121.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020129.exe
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir
00386584 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][2.exe]
00386584 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020092.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020396.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][5.exe]
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020126.exe
00386587 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][5.exe]
00386587 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][5.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020189.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP144\A0020082.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020193.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][1.exe]
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020130.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020122.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020390.exe
00386603 Application/MicroAntivirus2009 HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020094.exe
00386636 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020113.dll
00386636 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020246.dll
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\eflx.exe.vir
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020407.exe
00386647 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020111.exe
00386653 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020245.dll
00386653 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020115.dll
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020404.exe
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\mqgldfvo.exe.vir
00386657 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020114.exe
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020112.dll
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020406.dll
00386658 Adware/VideoAccessCodec Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\vmgspntbvlw.dll.vir
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020478.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01895148 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\CARL\My Documents\Downloads\Symantec Norton Ghost 14.0\Norton Ghost v14_En.exe[C:\Documents and Settings\CARL\My Documents\Downloads\Symantec Norton Ghost 14.0\Norton Ghost v14_En.exe][is153548.exe]
01895148 Malicious Packer SecRisk No 0 No No C:\Documents and Settings\CARL\My Documents\Downloads\Kaspersky life time reset patch.rar[Kaspersky life time patch\KasperskyTrialReset.exe][Kaspersky life time patch\KasperskyTrialReset.exe][is202158.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020421.sys
03021065 Trj/Downloader.TVR Virus/Trojan No 0 No No C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf[C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf][wr-1-2038.exe]
03438258 Bck/Radmin.AF Virus/Trojan No 0 Yes No C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\sc.html.vir
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP152\A0020405.exe][sc.html]
03690171 Adware/SecurityCenter Adware No 0 No No C:\QooBox\Quarantine\C\empa.exe.vir[C:\QooBox\Quarantine\C\empa.exe.vir][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No C:\QooBox\Quarantine\catchme2008-09-21_113215.42.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 No No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe[C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020100.exe][sc.html]
03722943 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020105.dll
03722943 Adware/UltimateDefender Adware No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSShpue.dll]
03723993 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020108.sys
03723993 Generic Malware Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSSjcxe.sys]
03724011 Generic Trojan Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\[4][email protected][TDSSevri.dll]
03724011 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{06B7C9B3-BED4-4884-B455-0058B00DDA40}\RP145\A0020106.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\Documents and Settings\CARL\Desktop\ComboFix.exe
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
120815 HIGH MS06-022
;===============================================================================
=================================================================================
===================
  • 0

#21
andrewuk
Posted 23 September 2008 - 12:52 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the scan found many infections already safely quarantined, some in the restore points which we will flush later and some files we need to remove now.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
C:\Program Files\Uninstall Morpheus Toolbar.dll
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
C:\WINDOWS\PSEXESVC.EXE
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll

Folder::
c:\documents and settings\carl\favorites\gambling
c:\documents and settings\carl\favorites\adult

Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch]
[-hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}]
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

and a final hijackthis log.

could you also let me know how your machine is running now.

andrewuk

Edited by andrewuk, 23 September 2008 - 12:59 PM.

  • 0

#22
syco26
Posted 23 September 2008 - 09:02 PM

syco26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here is the combo log

ComboFix 08-09-22.06 - CARL 2008-09-24 12:11:22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.573 [GMT 9.5:30]
Running from: C:\Documents and Settings\CARL\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CARL\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
C:\Program Files\Uninstall Morpheus Toolbar.dll
C:\WINDOWS\PSEXESVC.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\carl\favorites\adult
c:\documents and settings\carl\favorites\gambling
C:\Documents and Settings\CARL\My Documents\Morpheus Shared\Downloads\Cooking - Jamie Oliver Recipes.pdf
C:\PROGRA~1\UNINST~1.DLL
C:\Program Files\Moyea\Moyea FLV to Video Converter\GameData.dll
C:\Program Files\Uninstall Morpheus Toolbar.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-23 19:28 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-22 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-22 21:26 . 2008-09-22 21:29 <DIR> d-------- C:\Documents and Settings\CARL\.SunDownloadManager
2008-09-22 21:15 . 2008-09-22 21:15 <DIR> d-------- C:\Documents and Settings\CARL\My
2008-09-21 10:37 . 2008-09-21 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 03:06 . 2008-09-21 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 02:47 . 2008-09-21 03:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 17:24 . 2008-09-20 22:51 <DIR> d-------- C:\Program Files\ScreenGardens Living Pond
2008-09-14 21:33 . 2008-09-14 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-14 21:33 . 2008-09-14 21:37 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 16:33 --------- d-----w C:\Program Files\McAfee
2008-09-23 16:32 --------- d-----w C:\Program Files\MorpheusBar
2008-09-22 12:05 --------- d-----w C:\Program Files\Java
2008-09-22 00:38 --------- d-----w C:\Documents and Settings\CARL\Application Data\SiteAdvisor
2008-09-20 17:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 17:17 --------- d-----w C:\Documents and Settings\CARL\Application Data\Lavasoft
2008-09-20 13:21 --------- d-----w C:\Documents and Settings\CARL\Application Data\uTorrent
2008-09-20 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-19 02:30 --------- d-----w C:\Program Files\Morpheus
2008-09-15 09:06 --------- d-----w C:\Program Files\PicLensIE
2008-09-02 12:25 --------- d-----w C:\Documents and Settings\CARL\Application Data\BitTorrent
2008-08-17 14:09 --------- d-----w C:\Documents and Settings\CARL\Application Data\Vso
2008-08-17 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-17 10:29 --------- d-----w C:\Program Files\SlySoft
2008-08-08 14:01 --------- d-----w C:\Documents and Settings\CARL\Application Data\DataLayer
2008-08-01 13:27 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-30 14:20 --------- d-----w C:\Program Files\DVDlabPro2
2008-07-27 10:30 --------- d-----w C:\Program Files\Xilisoft
2008-07-25 00:46 --------- d-----w C:\Program Files\Apple Software Update
2008-07-25 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-18 12:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:39 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:37 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:37 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 17:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 08:42 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2007-06-12 06:48 72,680 ----a-w C:\Documents and Settings\CARL\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 18:56 87,608 ----a-w C:\Documents and Settings\CARL\Application Data\ezpinst.exe
2007-02-21 18:56 47,360 ----a-w C:\Documents and Settings\CARL\Application Data\pcouffin.sys
2004-01-29 06:20 17,280 ----a-w C:\Program Files\SETUP.LST
2004-01-29 06:10 1,533,663 ----a-w C:\Program Files\dogwaffle.ex_
2004-01-27 08:19 47,473 ----a-w C:\Program Files\Splash.jp_
2004-01-07 01:30 5,718 ----a-w C:\Program Files\Grid_pm.ex_
2004-01-03 02:58 3,276 ----a-w C:\Program Files\ExploreTempDir_pm.ex_
2004-01-02 13:29 23,230 ----a-w C:\Program Files\Drpaint.dl_
2003-12-20 05:19 4,287 ----a-w C:\Program Files\Sepia_pf.ex_
2003-12-20 03:18 389 ----a-w C:\Program Files\Def_Res.tx_
2003-11-29 06:17 23,514 ----a-w C:\Program Files\Store_Alpha_pm.ex_
2003-11-25 03:55 16,674 ----a-w C:\Program Files\Zoom_pf.ex_
2003-11-13 03:45 5,053 ----a-w C:\Program Files\Key_Shrink_pb.ex_
2003-11-13 03:18 5,545 ----a-w C:\Program Files\Key_Grow_pb.ex_
2003-11-04 02:52 17,663 ----a-w C:\Program Files\drbrush.dl_
2003-11-04 01:15 45,953 ----a-w C:\Program Files\drfilter.dl_
2003-10-27 22:13 4,058 ----a-w C:\Program Files\antique2.gr_
2003-10-27 22:12 3,942 ----a-w C:\Program Files\antique1.gr_
2003-10-26 23:23 1,363 ----a-w C:\Program Files\DogWeb.ht_
2003-10-26 01:06 2,467 ----a-w C:\Program Files\Keyboard_Document.rt_
2003-10-26 00:45 13,880 ----a-w C:\Program Files\drFloodfill.dl_
2003-10-25 01:45 512 ----a-w C:\Program Files\TabletSupport.rt_
2003-10-17 01:19 25,398 ----a-w C:\Program Files\Thumb_Book.gi_
2003-10-06 08:37 23,758 ----a-w C:\Program Files\screenshot2-300.jp_
2003-09-26 22:47 82,398 ----a-w C:\Program Files\register.ex_
2003-09-26 22:27 353,173 ----a-w C:\Program Files\KnotWorker.ex_
2003-06-23 10:19 13,491 ----a-w C:\Program Files\WinterBranches.op_
2003-06-23 10:12 12,712 ----a-w C:\Program Files\Grass.op_
2003-06-22 08:40 12,008 ----a-w C:\Program Files\Garland.op_
2003-06-22 06:03 12,575 ----a-w C:\Program Files\DogWillow.op_
2003-06-05 10:31 97,631 ----a-w C:\Program Files\VBTablet.dl_
2003-05-01 12:20 12,113 ----a-w C:\Program Files\Fancyful.op_
2003-05-01 12:14 12,118 ----a-w C:\Program Files\Hivey.op_
2003-05-01 12:10 12,121 ----a-w C:\Program Files\Brainy.op_
2003-05-01 12:07 12,178 ----a-w C:\Program Files\Spiro.op_
2003-02-11 09:51 2,147 ----a-w C:\Program Files\Tipofday.tx_
2002-12-29 04:59 3,913 ----a-w C:\Program Files\ChangeDPI_px.ex_
2002-11-13 07:04 243 ----a-w C:\Program Files\ReadMe.tx_
2002-11-10 04:43 5,499 ----a-w C:\Program Files\Clipboard_Import_pb.ex_
2002-11-03 03:03 6,796 ----a-w C:\Program Files\Paint_on_alpha_pm.ex_
2002-11-03 02:54 3,826 ----a-w C:\Program Files\printerPrefs_generic_px.ex_
2002-11-01 04:43 3,676 ----a-w C:\Program Files\KeyToLuminance_pb.ex_
2002-11-01 04:41 3,383 ----a-w C:\Program Files\KeyInvert_pb.ex_
2002-11-01 04:40 3,675 ----a-w C:\Program Files\KeyToBlack_pb.ex_
2002-10-08 04:36 3,188 ----a-w C:\Program Files\Skys.gr_
2002-10-08 04:23 4,885 ----a-w C:\Program Files\Reds.gr_
2002-10-08 04:16 3,435 ----a-w C:\Program Files\Vents.gr_
2002-10-08 04:12 2,895 ----a-w C:\Program Files\Warnings.gr_
2002-10-08 04:03 3,969 ----a-w C:\Program Files\GunMetals.gr_
2002-09-23 00:59 10,655 ----a-w C:\Program Files\MotionBlur_pf.ex_
2002-09-19 18:10 10,701 ----a-w C:\Program Files\print_generic_px.ex_
2002-09-19 17:41 4,207 ----a-w C:\Program Files\ScaleAlpha_pm.ex_
2002-09-04 17:31 7,260 ----a-w C:\Program Files\Store_Brush_pb.ex_
2002-09-04 16:14 12,899 ----a-w C:\Program Files\Store_Buffer_pm.ex_
2002-09-02 17:57 5,735 ----a-w C:\Program Files\Clipboard_Export_pb.ex_
2002-08-22 17:34 66,779 ----a-w C:\Program Files\def_mdiform_bitmap.jp_
2002-08-20 22:11 17,460 ----a-w C:\Program Files\Def_Wallpaper.bm_
2002-08-20 12:49 328 ----a-w C:\Program Files\readme.txt
2002-08-08 20:14 520 ----a-w C:\Program Files\Test1.w_
2002-06-14 10:43 345 ----a-w C:\Program Files\Trace Sleek 8-Bit.kn_
2002-03-29 02:30 520 ----a-w C:\Program Files\Study.w_
2002-03-29 02:15 469 ----a-w C:\Program Files\Earthy.w_
2002-02-11 19:15 1,745 ----a-w C:\Program Files\readme.rt_
2002-02-08 22:23 4,837 ----a-w C:\Program Files\AverageFrames_pm.ex_
2006-03-31 07:05 56 --sh--r C:\WINDOWS\system32\753FDCB0D6.sys
2008-06-16 03:38 517,780 --sha-w C:\WINDOWS\system32\NnUFNqru.ini2
2005-10-27 14:09 161,795 --sh--w C:\WINDOWS\system32\rrutv.bak1
.

((((((((((((((((((((((((((((( snapshot@2008-09-21_11.39.30.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 03:26:08 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-06-30 01:09:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
- 2008-09-21 01:26:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-24 00:57:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-21 01:26:59 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-24 00:57:48 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-11-10 01:57:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 15:51:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 01:57:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 15:51:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 03:33:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 17:02:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-09-21 02:05:25 14,368 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-09-23 16:33:56 14,368 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-02-20 3330048]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-05-17 516096]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-03 2161600]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"W2acecad.Wtxpload"="C:\WINDOWS\W2acecad\Wtxpload.exe" [2000-05-21 45056]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-05-28 163840]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [2003-11-03 32768]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2003-07-17 147456]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-25 36640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2005-05-04 78848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2004-03-22 77824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-16 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-06-16 16:29 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^CARL^Start Menu^Programs^Startup^Adobe Gamma Loader.exe]
path=C:\Documents and Settings\CARL\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
--a------ 2008-05-17 22:48 516096 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2003-06-24 12:09 568096 C:\Program Files\Netscape\Netscape\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:54 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 17:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TVersityMediaServer"=2 (0x2)
"KodakCCS"=3 (0x3)
"iPod Service"=3 (0x3)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"Diskeeper"=2 (0x2)
"Dcfssvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Telstra\\unpw\\unpwclient.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 21512]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys [2001-04-09 8138]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 9728]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2005-12-26 34848]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 14308]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]
S3 DCamUSBMke2;Panasonic USB Video Camera;C:\WINDOWS\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys [ ]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 12:14:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-24 12:15:32
ComboFix-quarantined-files.txt 2008-09-24 02:45:28
ComboFix2.txt 2008-09-22 11:31:08
ComboFix3.txt 2008-09-21 08:36:20
ComboFix4.txt 2008-09-21 02:10:30

Pre-Run: 47,425,544,192 bytes free
Post-Run: 47,639,961,600 bytes free

313 --- E O F --- 2008-09-12 13:02:53


And here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:52, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://ninemsn.com.au/"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CARL\Application Data\Mozilla\Profiles\default\xucfp8tq.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [W2acecad.Wtxpload] C:\WINDOWS\W2acecad\Wtxpload.exe acecad
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://www.airbrush.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1160400379609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19....ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F6CD93-82B0-4D39-80CE-E9DD36A5DE4A}: Domain = sa.bigpond.net.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15376 bytes
  • 0

#23
syco26
Posted 23 September 2008 - 09:07 PM

syco26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks so much for taking the time to help me out. My PC seems to be running a heap quicker now, Like when I first got the PC. Is there any sites out there that can teach me how to clean my system that good by my self? How do you know what is good and what is bad? It is all greek to me.
  • 0

#24
andrewuk
Posted 24 September 2008 - 02:50 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi syco26

congratulations, your logs are clean and another fix is in the can :)

How do you know what is good and what is bad?

we research each line of the logs to determine if the entry is bad, and if so, what the infection is and therefore how to go about removing it.

Is there any sites out there that can teach me how to clean my system that good by my self?

you can learn how to clear malware off machine at this forum by joining GeekU here

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

also, i see you have some remnants of Norton on your machine which, given you now use Mcafee we should clear away.

Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.


====STEP 1====
Follow these steps to uninstall Combofix and tools used in the removal of malware and flush your system restore points
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
you can remove malwarebytes through your add/remove programs in the Control Panel



====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help your further.


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk
  • 0

#25
andrewuk
Posted 26 September 2008 - 02:19 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP