Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected computer, hijack this wordpad attached

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected computer, hijack this wordpad attached

Unread postby dosdaplace » January 22nd, 2009, 4:30 am

After carelessly downloading an unsafe file my computer has repeatedly crashed and avg has been set off constantly saying there is a trojan, avg cannot rid the virus in fact avg is being dismantled by it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:14 AM, on 1/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
C:\Users\Steve\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\hsjefi8wunkmdf.dll - {C5AF42A3-94F3-42BD-F634-3604832C897D} - C:\Windows\system32\hsjefi8wunkmdf.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Users\Steve\AppData\Local\Temp\E_S50CE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Steve\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Steve\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKCU\..\Run: [Slulewe] rundll32.exe "C:\Users\Steve\AppData\Local\itikopib.dll",e
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\Users\Steve\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: har78w3uhewf8yurhefd - {C5AF42A3-94F3-42BD-F634-3604832C897D} - C:\Windows\system32\hsjefi8wunkmdf.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRU Web Service (MRUWebService) - Unknown owner - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7198 bytes

i would appreciate any help
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am
Advertisement
Register to Remove

Re: Infected computer, hijack this wordpad attached

Unread postby jmw3 » February 1st, 2009, 9:06 am

Welcome dosdaplace

Apologies for the late reply. As you can appreciate the boards are quite busy. If you still require help with your computer problem could you do the following:

Random's System Information Tool (RSIT)
  • Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run the tool
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply
If info.txt does not minimise to the Task Bar, you will find it in C:\rsit
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Infected computer, hijack this wordpad attached

Unread postby dosdaplace » February 2nd, 2009, 3:32 am

here is the small one.

info.txt logfile of random's system information tool 1.05 2009-02-01 21:25:38

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x9
3DMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\setup.exe" -l0x9 -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB2A3A6-6789-4260-9966-517498589AB5}\setup.exe" -l0x9
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Cepstral David 5.1.0-->MsiExec.exe /I{048540B4-3497-432E-B03D-F4119A1AB257}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EPSON CX7400 User's Guide-->C:\Program Files\epson\guide\cx7400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Host OpenAL (ADI)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x9 /remove
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe -runfromtemp -l0x0009 -removeonly
Space Quest Collection(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9354DD0-C69A-469A-8A48-B9AA15A74174}\setup.exe" -l0x9 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Ubuntu-->C:\ubuntu\Uninstall-Ubuntu.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VGA USB Camera-->C:\Program Files\InstallShield Installation Information\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}\setup.exe -runfromtemp -l0x0009 -removeonly
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free (disabled)
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

System event log

Computer Name: Steve-PC
Event Code: 7036
Message: The iPod Service service entered the running state.
Record Number: 81712
Source Name: Service Control Manager
Time Written: 20090202051426.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 7036
Message: The Secure Socket Tunneling Protocol Service service entered the running state.
Record Number: 81713
Source Name: Service Control Manager
Time Written: 20090202051428.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 7036
Message: The Telephony service entered the running state.
Record Number: 81714
Source Name: Service Control Manager
Time Written: 20090202051428.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.
Record Number: 81715
Source Name: Service Control Manager
Time Written: 20090202051428.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 7036
Message: The Application Information service entered the running state.
Record Number: 81716
Source Name: Service Control Manager
Time Written: 20090202052510.000000-000
Event Type: Information
User:

Application event log

Computer Name: Steve-PC
Event Code: 6000
Message: The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Record Number: 20719
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090202051416.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 20720
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090202051416.555493-000
Event Type: Information
User: Steve-PC\Steve

Computer Name: Steve-PC
Event Code: 0
Message:
Record Number: 20721
Source Name: iPod Service
Time Written: 20090202051426.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 20722
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090202051733.000000-000
Event Type: Information
User:

Computer Name: Steve-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 20723
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090202051733.000000-000
Event Type: Information
User:

Security event log

Computer Name: Steve-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29950
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202052536.763193-000
Event Type: Audit Failure
User:

Computer Name: Steve-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29951
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202052536.788193-000
Event Type: Audit Failure
User:

Computer Name: Steve-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29952
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202052536.813193-000
Event Type: Audit Failure
User:

Computer Name: Steve-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29953
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202052536.837193-000
Event Type: Audit Failure
User:

Computer Name: Steve-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29954
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090202052536.862193-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Cepstral\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

and here is the large one

Logfile of random's system information tool 1.05 (written by random/random)
Run by Steve at 2009-02-01 21:25:28
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 421 GB (62%) free of 674 GB
Total RAM: 3326 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:37 PM, on 2/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Steve\Desktop\RSIT.exe
C:\Program Files\trend micro\Steve.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\hsjefi8wunkmdf.dll - {C5AF42A3-94F3-42BD-F634-3604832C897D} - C:\Windows\system32\hsjefi8wunkmdf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Users\Steve\AppData\Local\Temp\E_S50CE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Steve\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Steve\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKCU\..\Run: [Slulewe] rundll32.exe "C:\Users\Steve\AppData\Local\itikopib.dll",e
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\Users\Steve\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: har78w3uhewf8yurhefd - {C5AF42A3-94F3-42BD-F634-3604832C897D} - C:\Windows\system32\hsjefi8wunkmdf.dll (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRU Web Service (MRUWebService) - Unknown owner - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7161 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{6871C9F5-9450-44AF-A7C4-13F6667379BD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5AF42A3-94F3-42BD-F634-3604832C897D}]
C:\Windows\system32\hsjefi8wunkmdf.dll - C:\Windows\system32\hsjefi8wunkmdf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-08 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-06-05 1261568]
"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-05-21 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-03-24 13531680]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-03-24 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-28 1601304]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"Fvekurediqata"=C:\Windows\Gcofaq.dll [2009-01-16 40448]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
""= []
"EPSON Stylus CX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"BitTorrent DNA"=C:\Users\Steve\Program Files\DNA\btdna.exe [2009-01-07 342848]
"jsg8jfgfdfhfhf"=C:\Users\Steve\AppData\Local\Temp\winlogun.exe []
"Fvekurediqata"=C:\Windows\Gcofaq.dll [2009-01-16 40448]
"Slulewe"=C:\Users\Steve\AppData\Local\itikopib.dll [2009-01-15 134144]
"tezrtsjhfr84iusjfo84f"=C:\Users\Steve\AppData\Local\Temp\csrssc.exe [2009-01-29 15553]

C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
DesktopVideoPlayer.LNK - C:\Program Files\vghd\vghd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
har78w3uhewf8yurhefd - {C5AF42A3-94F3-42BD-F634-3604832C897D} - C:\Windows\system32\hsjefi8wunkmdf.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19a6e400-53d1-11dd-91da-001e8c72009b}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c425c4-fe85-11d5-b863-806e6f6e6963}]
shell\AutoRun\command - D:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d94761-1fa1-11dd-a76d-806e6f6e6963}]
shell\AutoRun\command - D:\Bin\Assetup.exe


======List of files/folders created in the last 3 months======

2009-02-01 21:25:28 ----D---- C:\rsit
2009-01-25 17:38:47 ----D---- C:\Program Files\Bonjour
2009-01-25 17:38:46 ----SHD---- C:\Config.Msi
2009-01-22 00:07:05 ----D---- C:\Program Files\Trend Micro
2009-01-21 21:33:12 ----A---- C:\Windows\ntbtlog.txt
2009-01-16 04:34:45 ----A---- C:\Windows\Gcofaq.dll
2009-01-16 04:34:44 ----A---- C:\Windows\system32\chert7-303352.exe
2009-01-15 16:44:42 ----AD---- C:\ProgramData\TEMP
2009-01-15 16:31:27 ----A---- C:\Windows\system32\GEARAspi.dll
2009-01-15 16:31:06 ----D---- C:\Program Files\iPod
2009-01-15 16:31:05 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 16:31:05 ----D---- C:\Program Files\iTunes
2009-01-15 15:52:22 ----D---- C:\Program Files\BACKUP MUSIC
2009-01-15 08:31:37 ----D---- C:\Users\Steve\AppData\Roaming\mIRC
2009-01-06 20:43:48 ----D---- C:\Users\Steve\AppData\Roaming\BitTorrent
2008-12-31 17:32:54 ----D---- C:\Program Files\Cepstral
2008-12-17 15:31:43 ----A---- C:\Windows\system32\mshtml.dll
2008-12-14 16:41:32 ----D---- C:\Program Files\QuickTime
2008-12-12 11:18:16 ----A---- C:\Windows\system32\dns-sd.exe
2008-12-12 11:11:46 ----A---- C:\Windows\system32\dnssd.dll
2008-12-11 17:25:03 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 08:59:14 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 08:59:10 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 08:59:10 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 08:59:04 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 08:58:53 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 08:58:53 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 08:58:52 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 08:58:52 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 08:58:52 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 08:58:52 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 08:58:47 ----A---- C:\Windows\explorer.exe
2008-12-11 08:58:42 ----A---- C:\Windows\system32\mf.dll
2008-12-11 08:58:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 08:58:41 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 08:58:41 ----A---- C:\Windows\system32\logagent.exe
2008-12-08 23:29:29 ----D---- C:\Users\Steve\AppData\Roaming\Media Player Classic
2008-12-08 23:25:29 ----D---- C:\Program Files\FreeUndelete
2008-12-08 23:16:46 ----D---- C:\Program Files\DiskInternals
2008-12-03 23:26:39 ----D---- C:\Windows\system32\Adobe
2008-11-25 11:28:26 ----D---- C:\Program Files\vghd
2008-11-25 11:28:25 ----D---- C:\Users\Steve\AppData\Roaming\vghd
2008-11-25 10:47:03 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 10:47:02 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 10:47:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 10:47:02 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 10:47:01 ----A---- C:\Windows\system32\connect.dll
2008-11-23 11:07:13 ----A---- C:\Windows\system32\wups2.dll
2008-11-23 11:07:13 ----A---- C:\Windows\system32\wucltux.dll
2008-11-23 11:07:13 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-23 11:07:13 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-23 11:07:01 ----A---- C:\Windows\system32\wups.dll
2008-11-23 11:07:01 ----A---- C:\Windows\system32\wudriver.dll
2008-11-23 11:07:01 ----A---- C:\Windows\system32\wuapi.dll
2008-11-23 11:06:52 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-23 11:06:52 ----A---- C:\Windows\system32\wuapp.exe
2008-11-20 01:23:53 ----D---- C:\Users\Steve\AppData\Roaming\Winamp
2008-11-20 01:23:53 ----D---- C:\Program Files\Winamp
2008-11-20 01:09:48 ----D---- C:\Program Files\School
2008-11-20 00:22:33 ----D---- C:\Program Files\Rainmeter
2008-11-18 21:31:19 ----D---- C:\Program Files\FLV Player
2008-11-11 19:47:12 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 19:47:10 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 21:00:52 ----D---- C:\Program Files\Microsoft SQL Server
2008-11-10 20:20:50 ----D---- C:\Windows\PCHEALTH
2008-11-10 20:20:50 ----D---- C:\Program Files\Microsoft.NET
2008-11-10 19:47:57 ----D---- C:\Users\Steve\AppData\Roaming\GetRightToGo
2008-11-10 17:02:14 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-10 17:02:14 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-10 17:02:14 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-10 17:02:14 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-10 17:02:13 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-10 17:02:13 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-10 17:02:13 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-10 17:02:13 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-10 17:02:12 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-10 17:02:12 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-10 17:02:11 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-10 17:02:11 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-10 17:02:10 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-10 17:02:10 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-10 17:02:09 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-10 17:02:09 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-10 17:02:09 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-10 17:02:08 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-10 17:02:08 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-10 17:02:08 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-10 17:02:07 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-10 17:02:06 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-10 17:02:06 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-10 17:02:06 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-10 17:02:06 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-10 17:02:04 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-10 17:02:03 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-10 17:02:02 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-10 17:02:02 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-10 17:02:01 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-10 17:02:01 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-10 17:02:00 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-10 17:02:00 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-10 17:01:59 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-10 17:01:59 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-10 17:01:59 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-10 17:01:58 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-10 17:01:48 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-10 17:01:48 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-10 17:01:48 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-10 17:01:48 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-10 17:01:47 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-10 17:01:47 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-10 17:01:46 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-10 17:01:46 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-10 17:01:44 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-10 17:00:13 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-10 17:00:13 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-10 17:00:13 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-10 17:00:10 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-10 17:00:10 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-10 17:00:08 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-10 16:59:28 ----D---- C:\Windows\system32\xlive

======List of files/folders modified in the last 3 months======

2009-02-01 21:25:37 ----D---- C:\Windows\Prefetch
2009-02-01 21:25:31 ----D---- C:\Windows\Temp
2009-02-01 21:17:33 ----D---- C:\Windows\System32
2009-02-01 21:17:33 ----D---- C:\Windows\inf
2009-02-01 21:17:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-01 21:16:20 ----D---- C:\Users\Steve\AppData\Roaming\Skype
2009-02-01 21:14:23 ----D---- C:\Users\Steve\AppData\Roaming\DNA
2009-02-01 20:52:01 ----D---- C:\Windows\tracing
2009-02-01 20:29:50 ----D---- C:\Program Files\Steam
2009-02-01 16:05:34 ----D---- C:\Users\Steve\AppData\Roaming\skypePM
2009-02-01 05:18:25 ----SHD---- C:\System Volume Information
2009-01-31 00:11:47 ----HD---- C:\$AVG8.VAULT$
2009-01-29 20:43:05 ----D---- C:\Users\Steve\AppData\Roaming\OpenOffice.org2
2009-01-29 00:28:36 ----D---- C:\Windows\system32\drivers
2009-01-28 19:35:37 ----D---- C:\ProgramData\avg8
2009-01-28 19:35:23 ----A---- C:\Windows\system32\avgrsstx.dll
2009-01-26 23:31:13 ----RD---- C:\Program Files
2009-01-26 23:23:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-26 21:28:50 ----D---- C:\Program Files\Common Files\Steam
2009-01-26 21:21:21 ----D---- C:\Windows\Minidump
2009-01-26 21:21:17 ----D---- C:\Windows
2009-01-25 17:38:50 ----SHD---- C:\Windows\Installer
2009-01-23 01:46:31 ----D---- C:\Program Files\Internet Explorer
2009-01-23 01:11:22 ----D---- C:\Windows\system32\catroot2
2009-01-21 23:36:30 ----D---- C:\Windows\Logs
2009-01-15 16:44:42 ----HD---- C:\ProgramData
2009-01-15 16:31:28 ----D---- C:\Windows\system32\catroot
2009-01-15 16:31:27 ----DC---- C:\Windows\system32\DRVSTORE
2009-01-15 16:31:06 ----D---- C:\Program Files\Common Files\Apple
2009-01-15 16:25:01 ----RSD---- C:\Windows\assembly
2009-01-15 16:14:09 ----A---- C:\Windows\win.ini
2009-01-15 16:02:58 ----D---- C:\Windows\winsxs
2009-01-14 09:15:13 ----D---- C:\Program Files\Windows Mail
2009-01-09 17:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-06 20:44:23 ----D---- C:\Program Files\BitTorrent
2009-01-06 20:44:22 ----D---- C:\Program Files\DNA
2008-12-31 17:34:44 ----D---- C:\Windows\system32\Tasks
2008-12-27 18:28:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-12 16:36:16 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-12-11 21:09:47 ----D---- C:\Windows\rescache
2008-12-11 20:47:19 ----D---- C:\Windows\AppPatch
2008-12-11 20:47:18 ----D---- C:\Windows\system32\en-US
2008-12-09 21:28:51 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-12-09 21:14:59 ----D---- C:\Program Files\Bethesda Softworks
2008-12-08 23:30:44 ----D---- C:\Program Files\NCH Swift Sound
2008-12-06 08:18:00 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-05 18:03:55 ----D---- C:\Windows\Tasks
2008-12-01 19:25:20 ----D---- C:\Program Files\World of Warcraft
2008-12-01 19:08:27 ----RSD---- C:\Windows\Fonts
2008-11-24 02:16:17 ----SD---- C:\Users\Steve\AppData\Roaming\Microsoft
2008-11-10 22:26:14 ----D---- C:\Windows\WindowsMobile
2008-11-10 22:25:11 ----SHD---- C:\$Recycle.Bin
2008-11-10 22:23:41 ----D---- C:\ProgramData\Microsoft Help
2008-11-10 22:23:38 ----SD---- C:\ProgramData\Microsoft
2008-11-10 22:23:38 ----D---- C:\Program Files\microsoft works
2008-11-10 22:23:38 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-10 22:23:38 ----D---- C:\Program Files\Common Files
2008-11-10 22:19:40 ----D---- C:\Windows\Registration
2008-11-10 22:13:29 ----D---- C:\Windows\Microsoft.NET
2008-11-10 20:19:07 ----D---- C:\Program Files\Common Files\System
2008-11-10 19:42:06 ----D---- C:\Windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-28 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-28 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-01-28 107272]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-07-18 342528]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-03-24 7438848]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-06-26 246784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-20 15872]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-20 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-06-06 86016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-28 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Cepstral License Server;Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [2008-06-24 57344]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-03-24 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-08-27 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-12-12 202040]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 MRUWebService;MRU Web Service; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -k runservice []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-20 33800]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-01-25 316664]

-----------------EOF-----------------

thank you so much for your help.
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am

Re: Infected computer, hijack this wordpad attached

Unread postby jmw3 » February 2nd, 2009, 10:03 am

Fix HiJackThis Entries
  • Open HiJackThis by right clicking then choose Run as Administrator
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html <<<---- Fix if you did not set yourself
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Steve\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
Fix Policies
Download FixPolicies.exe from Here & save to your Desktop. This is a self-extracting ZIP archive.
  • Right-click on FixPolicies.exe then choose Run as Administrator
  • Click the Install button on the bottom toolbar of the box that will open
  • The program will create a new Folder called FixPolicies
  • Double-click to open the new Folder then double-click on Fix_Policies.cmd
  • A black box should briefly appear and then close. This will reset system policy keys to the default, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.
ATF Cleaner
Download ATF Cleaner here by Atribune.
    Double-click ATF-Cleaner.exe to run the program
    Under Main choose: Select All
    Click the Empty Selected button
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
Click Exit on the Main menu to close the program.

Combofix
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
Combofix log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Infected computer, hijack this wordpad attached

Unread postby Elrond » February 7th, 2009, 12:55 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware