Jump to content

three scans MBAM same result,help !!!


abuaufa

Recommended Posts

:D Hi

Please help me to get rid off this threat, logs :

Malwarebytes' Anti-Malware 1.30

Database version: 1391

Windows 5.1.2600 Service Pack 3

13/11/2008 12:30:27

mbam-log-2008-11-13 (12-30-27).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|)

Objects scanned: 75177

Time elapsed: 18 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.30

Database version: 1402

Windows 5.1.2600 Service Pack 3

17/11/2008 13:16:42

mbam-log-2008-11-17 (13-16-42).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|)

Objects scanned: 77464

Time elapsed: 18 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.30

Database version: 1423

Windows 5.1.2600 Service Pack 3

26/11/2008 14:52:34

mbam-log-2008-11-26 (14-52-34).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|)

Objects scanned: 80704

Time elapsed: 26 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

and here HJT logs :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:25:18, on 27/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Documents and Settings\Lantai03\Desktop\VTT\VisualToolTip.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Documents and Settings\Lantai03\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--

End of file - 11499 bytes

Panda & ESET online scan cancelled cause too long ( 4 hours not finished )

Thanks

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully

  2. If you don't understand something, stop and ask! Don't keep going on.

  3. Please do not run any other tools or scans whilst I am helping you

  4. Please continue to respond until I give you the "All Clear"

    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.

  • Click Continue at the disclaimer screen.

  • Once it has finished, two logs will open:

    • log.txt will be opened maximized.

    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

Link to post
Share on other sites

Hello Katana,

Here what you asked ;

Logfile of random's system information tool 1.04 (written by random/random)

Run by Lantai03 at 2008-12-02 10:26:39

Microsoft Windows XP Professional Service Pack 3

System drive C: has 19 GB (75%) free of 25 GB

Total RAM: 446 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:28:20, on 02/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Documents and Settings\Lantai03\Desktop\VTT\VisualToolTip.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Documents and Settings\Lantai03\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

I:\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Lantai03.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--

End of file - 11534 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\COMODO Registry Cleaner task.job

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]

FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-14 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-07 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-07-16 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll [2008-09-15 123168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]

WOT Helper - C:\Program Files\WOT\WOT.dll [2008-09-15 1421984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D476B977-AF6C-481A-8472-2ABAB5E89F20}]

GooglePreviewIE Toolbar Helper - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll [2008-10-13 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]

C:\Program Files\PicLensIE\cooliris.dll [2008-10-21 4087808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2008-09-15 1421984]

{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

{399d96ca-6f9a-4fff-95fe-284e45ebb935}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-07-16 2549368]

{23B0D39A-E245-41B7-BF86-1238CF62625E}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll [2008-09-15 123168]

{AEC32322-9D72-4C55-A108-33875F07BC03} - GooglePreviewIE Toolbar - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll [2008-10-13 806912]

{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-14 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2007-06-29 811008]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]

"VisualTooltip"=C:\Documents and Settings\Lantai03\Desktop\VTT\VisualToolTip.exe [2007-04-25 956928]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-06-11 176128]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-19 1796856]

"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-19 1796856]

"SmartDefrag"=C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-11-21 2386960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-12 68856]

"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]

"Google Update"=C:\Documents and Settings\Lantai03\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

:\WINDOWS\system32\srrstr.dll

cli

scecli

scecli

scecli

scecli

scecli

scecli

scecli

scecli

scecli

scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"

"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11fafe26-dee4-11dc-9729-001bb9cdcaf0}]

shell\AutoRun\command - 1u0o8bnq.cmd

shell\explore\command - 1u0o8bnq.cmd

shell\open\command - 1u0o8bnq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38830927-df58-11dc-91c0-001bb9cdcaf0}]

shell\AutoRun\command - 1u0o8bnq.cmd

shell\explore\command - 1u0o8bnq.cmd

shell\open\command - 1u0o8bnq.cmd

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-01 13:16:29 ----D---- C:\rsit

2008-11-27 13:45:07 ----D---- C:\Program Files\EsetOnlineScanner

2008-11-27 13:21:34 ----D---- C:\Program Files\Trend Micro

2008-11-27 09:08:48 ----D---- C:\Program Files\Panda Security

2008-11-26 13:07:07 ----D---- C:\Program Files\RocketDock

2008-11-25 17:10:49 ----D---- C:\Program Files\Secunia

2008-11-21 12:51:53 ----D---- C:\Program Files\AnVir Task Manager Free

2008-11-19 10:52:11 ----D---- C:\Program Files\a-squared Free

2008-11-17 15:48:01 ----D---- C:\Documents and Settings\Lantai03\Application Data\Q-Dir

2008-11-17 15:47:31 ----D---- C:\Program Files\Q-Dir

2008-11-14 14:08:05 ----D---- C:\Documents and Settings\Lantai03\Application Data\WIPE

2008-11-14 13:58:22 ----A---- C:\WINDOWS\system32\dhSQLite.dll

2008-11-14 13:58:13 ----A---- C:\WINDOWS\sqlite3_engine.dll

2008-11-14 13:58:05 ----D---- C:\Program Files\Wipe

2008-11-12 16:49:50 ----D---- C:\Program Files\HD Tune

2008-11-11 15:42:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2008-11-11 15:42:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2008-11-11 15:42:41 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2008-11-11 15:42:41 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2008-11-11 15:42:41 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2008-11-11 15:42:40 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2008-11-11 15:42:40 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2008-11-11 15:00:06 ----D---- C:\Documents and Settings\Lantai03\Application Data\Malwarebytes

2008-11-11 14:57:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-11 14:57:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-03 14:56:21 ----A---- C:\WINDOWS\system32\msjro.dll

2008-11-03 14:56:20 ----A---- C:\WINDOWS\system32\msadox.dll

2008-11-03 14:56:20 ----A---- C:\WINDOWS\system32\hh.exe

2008-11-03 14:56:05 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL

2008-11-03 14:55:55 ----A---- C:\WINDOWS\system32\scrrnko.dll

2008-11-03 14:54:36 ----A---- C:\WINDOWS\IFinst27.exe

======List of files/folders modified in the last 1 months======

2008-12-02 10:27:43 ----D---- C:\WINDOWS\Prefetch

2008-12-02 10:21:59 ----D---- C:\Program Files\Mozilla Firefox

2008-12-02 10:17:15 ----D---- C:\WINDOWS\Temp

2008-12-02 09:56:38 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2008-12-02 09:16:46 ----AC---- C:\WINDOWS\Q-Dir.ini

2008-12-02 08:57:23 ----SHD---- C:\WINDOWS\Installer

2008-12-02 08:47:25 ----D---- C:\WINDOWS

2008-12-01 16:06:21 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-01 16:00:13 ----D---- C:\WINDOWS\system32\dllcache

2008-12-01 15:58:21 ----A---- C:\WINDOWS\CRC.INI

2008-12-01 15:49:30 ----D---- C:\WINDOWS\system32

2008-12-01 15:42:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-12-01 15:08:13 ----D---- C:\Documents and Settings\Lantai03\Application Data\MxBoost

2008-11-28 16:39:29 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-28 16:39:29 ----A---- C:\PureRa.txt

2008-11-28 10:14:12 ----D---- C:\WINDOWS\system32\drivers

2008-11-27 17:01:54 ----N---- C:\WINDOWS\SchedLgU.Txt

2008-11-27 14:39:39 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-27 13:45:07 ----D---- C:\Program Files

2008-11-27 09:31:08 ----HD---- C:\WINDOWS\inf

2008-11-27 08:59:10 ----D---- C:\Documents and Settings\Lantai03\Application Data\Macromedia

2008-11-26 15:46:50 ----D---- C:\Program Files\RegScrubVistaXP

2008-11-26 15:40:36 ----D---- C:\Config.Msi

2008-11-26 13:55:35 ----D---- C:\WINDOWS\system32\config

2008-11-26 13:47:08 ----D---- C:\Program Files\Maxthon2

2008-11-26 11:37:36 ----D---- C:\Program Files\SpywareBlaster

2008-11-26 11:31:47 ----D---- C:\WINDOWS\system32\Macromed

2008-11-26 10:45:19 ----D---- C:\Downloads

2008-11-26 10:32:48 ----D---- C:\Documents and Settings\Lantai03\Application Data\BITS

2008-11-25 10:06:12 ----D---- C:\Program Files\SpeedFan

2008-11-25 09:58:00 ----D---- C:\Program Files\IObit

2008-11-24 09:17:53 ----SD---- C:\WINDOWS\Tasks

2008-11-19 14:31:56 ----D---- C:\Program Files\SUPERAntiSpyware

2008-11-19 09:04:47 ----A---- C:\WINDOWS\system32\guard32.dll

2008-11-17 12:08:46 ----D---- C:\Documents and Settings\Lantai03\Application Data\IObit

2008-11-17 08:58:53 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-14 14:47:44 ----SD---- C:\Documents and Settings\Lantai03\Application Data\Microsoft

2008-11-13 12:03:24 ----D---- C:\WINDOWS\system32\Tools

2008-11-12 11:59:20 ----D---- C:\WINDOWS\Debug

2008-11-12 09:24:52 ----D---- C:\WINDOWS\system32\LogFiles

2008-11-11 16:49:46 ----D---- C:\WINDOWS\Logs

2008-11-11 15:42:43 ----D---- C:\WINDOWS\system32\DirectX

2008-11-11 15:42:13 ----RSD---- C:\WINDOWS\assembly

2008-11-11 10:55:24 ----D---- C:\WINDOWS\Help

2008-11-07 15:52:19 ----D---- C:\WINDOWS\system32\Adobe

2008-11-07 15:31:45 ----D---- C:\Documents and Settings\Lantai03\Application Data\Adobe

2008-11-06 16:41:58 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-11-04 14:59:15 ----D---- C:\Documents and Settings\Lantai03\Application Data\Auslogics

2008-11-04 07:10:25 ----AC---- C:\WINDOWS\system32\MRT.exe

2008-11-03 08:52:50 ----D---- C:\Program Files\Common Files

2008-11-03 08:50:36 ----AC---- C:\WINDOWS\LogonStudio.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-11-19 99216]

R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-11-19 31504]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 43520]

R3 HdAudAddService;VIA High Definition Audio Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2007-06-06 201216]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-21 419448]

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-03 611664]

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-11-19 618232]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-16 152984]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-17 201440]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

Link to post
Share on other sites

Sorry.. :huh::huh: forgot this log,

info.txt logfile of random's system information tool 1.04 2008-12-01 13:20:55

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"

AnVir Task Manager Free-->"C:\Program Files\AnVir Task Manager Free\AnVir.exe" Uninstall

Argente - Registry Cleaner 1.5.0.4-->"C:\Program Files\Argente Software\Argente - Registry Cleaner\unins000.exe"

Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\unins000.exe"

Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"

AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"

AusLogics Registry Defrag-->"C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"

AusLogics System Information-->"C:\Program Files\Auslogics\AusLogics System Information\unins000.exe"

Avant Browser (remove only)-->"C:\Program Files\Avant Browser\uninst.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"

Clouds Screensaver-->C:\Program Files\Emanon Creations\Clouds\Uninstall.exe

COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u

COMODO Registry Cleaner 1.0.17.23-->"C:\Program Files\COMODO\Registry Cleaner\unins000.exe"

Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE

DustBuster 2.9.5.1-->"C:\Program Files\DustBuster\unins000.exe"

ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe

EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

FlashGet 2.0-->C:\Program Files\FlashGet Network\FlashGet universal\uninst.exe

Free Window Registry Repair-->C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG

Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

GooglePreviewIE Toolbar-->"C:\WINDOWS\GooglePreviewIE_Toolbar_Uninstaller_421.exe" _?=C:\Program Files\GooglePreviewIE Toolbar

HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

IZArc 3.81-->"C:\Program Files\IZArc\unins001.exe"

Jumping Squirrel version 1.01-->"C:\Program Files\Jumping Squirrel\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"

Maxthon2 Browser (remove only)-->C:\Program Files\Maxthon2\MaxthonUINST.exe

McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

OrderReminder HP LaserJet 1020-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

Q-Dir-->C:\Program Files\Q-Dir\Q-Dir.exe -uninstall

Quran in Word Ver 1.3-->"C:\Program Files\Common Files\Quran_in_Word\unins000.exe"

Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"

RegScrubVistaXP v1.7-->"C:\Program Files\RegScrubVistaXP\unins000.exe"

Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"

Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Shark Attack-->"C:\Program Files\GameTop.com\Shark Attack\unins000.exe"

Smart Defrag 1.03-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"

SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"

SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"

Sun Download Manager 2.0-->C:\Program Files\SDM20\Uninstal.exe

The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"

Thoosje Sidebar V2.3-->C:\Program Files\Thoosje Sidebar V2.3\Uninstall.exe

Undelete Plus 2.95-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"

VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Wipe-->C:\PROGRA~1\Wipe\UNWISE.EXE C:\PROGRA~1\Wipe\INSTALL.LOG

Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S

Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition

FW: COMODO Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=0605

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

Link to post
Share on other sites

Information

Registry Cleaners

Re. Argente - Registry Cleaner 1.5.0.4

RegScrubVistaXP v1.7

I don't personally recommend the use of ANY registry cleaners.

Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.

The point we are trying to make is that the risk of using one far outweighs any benefit.

If it does work perfectly you will not see any difference

If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1

Malwarebytes' Anti-Malware

I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform full scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------

Step 2

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------- -----------------------------------------------------------

Step 3

Fix With HJT

Close all other windows and then start HiJack This

Click Do A System Scan Only

When it has finished scanning put a check next to the following lines IF still present

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: (no name) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)

O3 - Toolbar: (no name) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)

O3 - Toolbar: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - (no file)

O9 - Extra button: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - (no file)

- Close ALL open windows (especially Internet Explorer!)-

Now click Fix checked

Click yes to any prompts

Close HijackThis

----------------------------------------------------------- -----------------------------------------------------------

Step 4

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.