Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I am blond, but not stupid - but I have to giveup .....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I am blond, but not stupid - but I have to giveup .....

Unread postby Darling11us » April 18th, 2009, 10:59 pm

....giving my computer better performance.
After doing a good job in fixing and deleting things ( so I thought ) - I recognized, that I did not too good. My Computer is still slow working. I think I have caught some malware or virus or trojans. ( Sorry not "I have" - my Computer has caught it). Althought I have many security tools installed. ( So I do think).
Please help me to fix the computer, so iot will work good and fast again.
I have to tell you, that I am a german woman, living in China and using a chinese XP Prof Pack 3.
I am not fit in reading chinese letters, so be patient with me if I ask you real simple questions.
I read some days befor, what will be needed.
I have hijacked the computer and made an "uninstall list"
Please help me.
Here are the lists:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:00, on 2009-4-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TraXEx\TraXEx.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe" Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: TraXEx 3.2.lnk = C:\Program Files\TraXEx\TraXEx.exe
O4 - Global Startup: SymmTime.lnk = ?ProgramFiles%\Symmetricom\SymmTime\SymmTime.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: IE-Spuren l鰏chen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: L鰏chautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx L鰏chautomat.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9bba112845b04) (gupdate1c9bba112845b04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5413 bytes

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 - Deutsch
Adobe Shockwave Player 11.5
Any Video Converter 2.7.1
a-squared Free 4.0
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
Double Driver
EVEREST Home Edition v2.20
ffdshow [rev 2527] [2008-12-19]
Glary Registry Repair 3.0
Google Update Helper
Google 地球
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Software Update
Intel(R) Graphics Media Accelerator Driver
JAP
Java(TM) 6 Update 13
Maxthon Browser (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CHS
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CHS
Microsoft .NET Framework 3.5 Language Pack SP1 - chs
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.8)
Nero 6 Ultra Edition
No23 Recorder
Real2Asf Client AllInOne
RealPlayer
Secunia PSI
SopCast 3.0.3
SymmTime
Total Commander (Remove or Repair)
TraXEx 3.2
TVUPlayer 2.4.1.0
VLC media player 0.9.8a
Windows Media Format Runtime
Windows Media Player (KB952069) 安全更新
Windows Media Player 10
Windows Media Player 10 (KB936782) 安全更新
Windows XP (KB923689) 安全更新
Windows XP 安全更新 (KB938464-v2)
Windows XP 安全更新 (KB950760)
Windows XP 安全更新 (KB950762)
Windows XP 安全更新 (KB950974)
Windows XP 安全更新 (KB951066)
Windows XP 安全更新 (KB951376-v2)
Windows XP 安全更新 (KB951698)
Windows XP 安全更新 (KB951748)
Windows XP 安全更新 (KB952954)
Windows XP 安全更新 (KB954459)
Windows XP 安全更新 (KB954600)
Windows XP 安全更新 (KB955069)
Windows XP 安全更新 (KB956802)
Windows XP 安全更新 (KB956803)
Windows XP 安全更新 (KB956841)
Windows XP 安全更新 (KB957097)
Windows XP 安全更新 (KB958215)
Windows XP 安全更新 (KB958644)
Windows XP 安全更新 (KB958687)
Windows XP 安全更新 (KB958690)
Windows XP 安全更新 (KB960225)
Windows XP 安全更新 (KB960714)
Windows XP 安全更新 (KB960715)
Windows XP 更新 (KB951978)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB967715)
Windows XP 修补程序 (KB952287)
WinRAR 压缩文件管理器
XML Paper Specification Shared Components Language Pack 1.0
XP Codec Pack
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
暴风影音 ( That is Storm Video )
黄鹤影院高清点播软件_1.0.5.5859 This is software to see movies
搜狗拼音输入法 3.3 writing-prog for Pinyin letters
鑫网通达信行情 Banc-Stock-Program

I hope, that this files will help you to fix my problems
Vera
Darling11us
Active Member
 
Posts: 5
Joined: April 18th, 2009, 10:01 pm
Advertisement
Register to Remove

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Dakeyras » April 22nd, 2009, 7:48 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi Darling11us and welcome to Malware Removal :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

I have to tell you, that I am a german woman, living in China and using a chinese XP Prof Pack 3.
Ich bin ein mit einer deutschen Frau geheirateter Irländer :)

OK though I am reasonably fluent in the German language myself, this is both a English speaking and primarily a Training Forum, so with this in mind all of the malware removal process will be in English. If this poses any problems inform myself straight away please and we will have to consider the option of advising seeking assistance in a German speaking Anti-Malware Support Forum.

I am not fit in reading chinese letters, so be patient with me if I ask you real simple questions.
OK this should not be a problem even though I have limited experience of reading Sinitic language based characters, if one does occur I will have a rethink about the situation plus a colleague of mine here in Malware Removal will be able to translate if I ask.

Move HijackThis:

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it should not be run from the location it is currently residing. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

  • Please go to Start >> My Computer >> Local Disk C: and right-click and select New >> Folder then name the folder HijackThis.
  • Copy and paste HijackThis.exe to the new folder.
  • Right click on HijackThis.exe and select Send To >> Desktop(create shortcut)
  • This will make a new shortcut on your desktop.

Next:

Now lets carry out a more in-depth scan of your computer before any proactive measures, as follows:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms?
  • Both RSIT logs. <-- Post them individually please.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Darling11us » April 22nd, 2009, 11:06 pm

Good morning from Wuhan, CN
Nice to meet you Dakeyras, and I am happy, that you will try to help me.
First - I do not feel to have a save computer
Second - I feel that nothing had changed - it is not too slow, but not the same as fast as it was before when I have bought it.
OK, you want to help me - that is nice.
I did try to follow your advices - But I have "info.txt" no longer.
I had it once in the same Task-Field ( it is the large blue part between "Start" and "Clock").
Because you wrote that this was "minimized", I try to find it and cancelled this file from the blue space. ( it was the same kind of a list - like the log.txt-list )
I repeated the steps, but could no more get the "minimized" info.txt
Sorry :oops:
Vera

Here is the log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-04-23 10:46:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (73%) free of 30 GB
Total RAM: 1015 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:53, on 2009-4-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TraXEx\TraXEx.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\conime.exe
G:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\桌面\RSIT.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Administrator.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [FreeMem Pro] "C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe" Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: TraXEx 3.2.lnk = C:\Program Files\TraXEx\TraXEx.exe
O4 - Global Startup: SymmTime.lnk = ?ProgramFiles%\Symmetricom\SymmTime\SymmTime.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: IE-Spuren l鰏chen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: L鰏chautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx L鰏chautomat.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9bba112845b04) (gupdate1c9bba112845b04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5539 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-13 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-13 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-13 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-10 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FreeMem Pro"=C:\Documents and Settings\Administrator\桌面\Alles zum schnellen absichern\freemem.exe [2000-03-19 394752]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-06-01 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2006-09-15 2048000]

C:\Documents and Settings\All Users\「开始」菜单\程序\启动
TraXEx 3.2.lnk - C:\Program Files\TraXEx\TraXEx.exe
SymmTime.lnk - C:\Program Files\Symmetricom\SymmTime\SymmTime.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\KWMUSIC\KwMV.exe"="C:\Program Files\KWMUSIC\KwMV.exe:*:Enabled:酷我MV传输引擎"
"C:\Program Files\StormII\Storm.exe"="C:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音"
"C:\Program Files\StormII\stormliv.exe"="C:\Program Files\StormII\stormliv.exe:*:Enabled:暴风影音媒体控制中心"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe"="C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:UUSeeMediaCenter"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"G:\Program Files\eMule\emule.exe"="G:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PpliveVA 应用程序"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\Program Files\uusee\UUSeePlayer.exe"="D:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-04-23 10:12:13 ----D---- C:\rsit
2009-04-23 10:04:06 ----D---- C:\HijackThis
2009-04-23 01:33:58 ----HD---- C:\WINDOWS\ie8
2009-04-23 01:31:54 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-23 00:55:53 ----D---- C:\Program Files\MSXML 4.0
2009-04-21 19:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2009-04-21 12:31:29 ----D---- C:\Documents and Settings\Administrator\Application Data\Ahead
2009-04-20 18:35:26 ----A---- C:\WINDOWS\AviSplitter.INI
2009-04-19 09:54:02 ----D---- C:\Program Files\KWMUSIC
2009-04-19 09:31:00 ----D---- C:\Documents and Settings\Administrator\Application Data\uniblue
2009-04-19 09:27:49 ----D---- C:\Program Files\Uniblue
2009-04-18 19:53:42 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-04-17 16:47:21 ----D---- C:\Program Files\a-squared Free
2009-04-16 17:25:29 ----A---- C:\WINDOWS\system32\7-ZIP32.DLL
2009-04-16 00:34:37 ----D---- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2009-04-16 00:32:47 ----D---- C:\Program Files\Glary Registry Repair
2009-04-16 00:10:38 ----D---- C:\Program Files\XPcleanv5
2009-04-16 00:09:56 ----D---- C:\Program Files\XP Codec Pack
2009-04-15 22:06:12 ----D---- C:\Documents and Settings\Administrator\Application Data\Digital Support Free Tools
2009-04-15 21:57:40 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-04-15 21:57:39 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-04-15 21:55:39 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-15 21:55:36 ----D---- C:\Program Files\MSBuild
2009-04-15 21:55:32 ----D---- C:\Program Files\Reference Assemblies
2009-04-15 21:54:59 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-04-15 21:54:59 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-04-15 21:54:59 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-04-15 21:54:34 ----RSD---- C:\WINDOWS\assembly
2009-04-15 21:54:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-15 20:10:33 ----HD---- C:\WINDOWS\PIF
2009-04-15 20:04:29 ----D---- C:\Program Files\7-Zip
2009-04-15 19:14:41 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-04-15 19:14:41 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-04-15 19:14:40 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-04-15 19:14:39 ----D---- C:\Program Files\ffdshow
2009-04-15 14:53:01 ----D---- C:\Documents and Settings\Administrator\Application Data\Help
2009-04-15 14:46:45 ----D---- C:\Program Files\IrfanView
2009-04-15 11:57:45 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-15 08:53:07 ----D---- C:\Program Files\Any Video Converter
2009-04-15 08:29:34 ----D---- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
2009-04-15 03:32:08 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2009-04-15 00:28:07 ----D---- C:\Program Files\SopCast
2009-04-14 16:33:25 ----D---- C:\Program Files\Lavalys
2009-04-14 13:00:31 ----HD---- C:\WINDOWS\$NtUninstallKB958215$
2009-04-14 13:00:17 ----HD---- C:\WINDOWS\$NtUninstallKB960714$
2009-04-14 10:04:24 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2009-04-13 23:01:19 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-04-13 22:33:36 ----RHD---- C:\Documents and Settings\Administrator\Application Data\yahoo!
2009-04-13 22:09:08 ----D---- C:\PowerPlr
2009-04-13 21:46:03 ----D---- C:\PowerStream
2009-04-13 21:35:16 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-13 21:35:12 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-13 21:35:08 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-13 21:35:04 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-13 21:34:57 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-13 21:34:53 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-13 21:34:49 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-13 21:34:44 ----HD---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-13 21:34:38 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-13 21:34:34 ----HD---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-13 21:34:30 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-13 21:34:26 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-13 21:34:22 ----HD---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-13 21:34:18 ----HD---- C:\WINDOWS\$NtUninstallKB923689$
2009-04-13 21:34:04 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-13 21:33:59 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-13 21:33:54 ----HD---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-13 21:33:50 ----HD---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-13 21:33:46 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-13 21:33:41 ----HD---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-13 21:33:37 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-13 21:33:32 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-13 21:33:27 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-13 21:33:23 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-13 21:33:19 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-13 21:33:14 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-13 21:33:10 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-13 21:33:08 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-04-13 21:33:03 ----HD---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-04-13 21:18:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-13 21:18:26 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 21:05:15 ----D---- C:\WINDOWS\Sun
2009-04-13 21:04:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-13 21:04:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-13 21:04:38 ----D---- C:\Program Files\Java
2009-04-13 20:42:05 ----D---- C:\Documents and Settings\Administrator\Application Data\JonDo
2009-04-13 20:01:37 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2009-04-13 18:14:11 ----D---- C:\Program Files\Common Files\Thunder Network
2009-04-13 17:18:39 ----D---- C:\Documents and Settings\Administrator\Application Data\TVU networks
2009-04-13 17:18:27 ----D---- C:\Program Files\TVUPlayer
2009-04-13 15:55:12 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2009-04-13 13:41:44 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-13 12:45:39 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-13 12:45:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-13 12:28:31 ----D---- C:\Program Files\Secunia
2009-04-13 12:17:17 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-04-13 06:31:37 ----D---- C:\Program Files\Common Files\xing shared
2009-04-13 06:20:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-13 06:20:03 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-13 06:20:03 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-13 06:20:01 ----D---- C:\Program Files\Common Files\Real
2009-04-13 06:20:00 ----D---- C:\Program Files\Real
2009-04-13 06:18:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Real
2009-04-13 05:56:22 ----D---- C:\WINDOWS\WBEM
2009-04-13 05:55:20 ----D---- C:\WINDOWS\system32\en-US
2009-04-13 05:46:41 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-13 04:22:35 ----D---- C:\Program Files\JAP
2009-04-13 04:12:58 ----D---- C:\jcb_gx
2009-04-13 04:12:58 ----A---- C:\WINDOWS\TdxUnInstall.exe
2009-04-13 03:53:30 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-04-13 03:49:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-13 03:38:59 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-04-13 03:38:09 ----A---- C:\YServer.txt
2009-04-13 03:38:01 ----D---- C:\Program Files\Yahoo!
2009-04-13 03:34:16 ----D---- C:\Documents and Settings\Administrator\Application Data\PPLiveVA
2009-04-13 03:33:53 ----D---- C:\Program Files\PPLiveVA
2009-04-13 03:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
2009-04-13 03:25:31 ----A---- C:\WINDOWS\ZoneLib-DisplayNames.ini
2009-04-13 03:25:31 ----A---- C:\WINDOWS\SymmTime.ini
2009-04-13 03:25:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-13 03:25:29 ----D---- C:\Program Files\Symmetricom
2009-04-13 03:25:29 ----A---- C:\WINDOWS\Default_SymmTime.ini
2009-04-13 03:25:11 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-13 03:20:34 ----A---- C:\WINDOWS\struct~.ini
2009-04-13 03:20:27 ----D---- C:\Program Files\uusee
2009-04-13 03:18:04 ----D---- C:\totalcmd
2009-04-13 03:18:04 ----A---- C:\WINDOWS\wincmd.ini
2009-04-13 03:15:24 ----A---- C:\WINDOWS\system32\raac.dll
2009-04-13 03:15:23 ----D---- C:\Program Files\Powerise
2009-04-13 03:15:23 ----A---- C:\WINDOWS\system32\PFVideoDmo.dll
2009-04-13 03:15:23 ----A---- C:\WINDOWS\system32\PFAudioDmoFF.dll
2009-04-13 03:15:23 ----A---- C:\WINDOWS\system32\PFAudioDmo.dll
2009-04-13 03:12:24 ----D---- C:\Documents and Settings\Administrator\Application Data\PPMate
2009-04-13 03:12:21 ----D---- C:\Program Files\Common Files\Synacast
2009-04-13 03:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\No23 Recorder
2009-04-13 03:04:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2009-04-13 03:04:32 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-04-13 03:04:32 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-04-13 03:04:31 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2009-04-13 03:04:31 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2009-04-13 03:04:31 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2009-04-13 03:04:31 ----N---- C:\WINDOWS\system32\ImagX7.dll
2009-04-13 03:04:31 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-04-13 03:04:30 ----D---- C:\Program Files\Common Files\Ahead
2009-04-13 03:04:30 ----D---- C:\Program Files\Ahead
2009-04-13 03:01:21 ----D---- C:\Program Files\Google
2009-04-13 02:56:34 ----D---- C:\Program Files\VideoLAN
2009-04-13 02:33:16 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-04-13 02:27:56 ----HD---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-13 02:27:53 ----D---- C:\Program Files\Lavasoft
2009-04-13 02:27:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-13 02:25:59 ----D---- C:\WINDOWS\system32\Adobe
2009-04-13 02:24:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-13 02:24:01 ----D---- C:\Program Files\Common Files\Adobe
2009-04-13 02:24:01 ----D---- C:\Program Files\Adobe
2009-04-13 02:07:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-04-13 02:07:41 ----D---- C:\Program Files\Mozilla Firefox
2009-04-13 02:06:06 ----D---- C:\Program Files\CCleaner
2009-04-13 02:03:06 ----D---- C:\Program Files\PowerStream
2009-04-13 02:00:51 ----D---- C:\Program Files\Avira
2009-04-13 02:00:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-13 01:57:55 ----D---- C:\Program Files\TraXEx

======List of files/folders modified in the last 1 months======

2009-04-15 21:56:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 17:16:04 ----RASH---- C:\boot.ini
2009-04-15 17:16:04 ----A---- C:\WINDOWS\win.ini
2009-04-15 17:16:04 ----A---- C:\WINDOWS\system.ini
2009-04-13 06:31:24 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-04-13 06:31:24 ----A---- C:\WINDOWS\system32\msvcp71.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2007-06-01 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-06-01 39168]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2006-05-15 17408]
R3 HDAudBus;Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-06-01 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-26 4737024]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB 大容量存储设备; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\drivers\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\drivers\kbdhid.sys [2008-04-13 14464]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2007-06-01 45568]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 AmdK8;AmdK8 Compatible Device; C:\WINDOWS\System32\drivers\amdk8.sys [2006-07-01 41984]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-31 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\drivers\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [2008-04-13 5504]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2007-06-01 73216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-10 951632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1c9bba112845b04;Google Update Service (gupdate1c9bba112845b04); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ccosm;Contrl Center of Storm Media; C:\Program Files\StormII\stormliv.exe [2008-03-11 473184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Darling11us
Active Member
 
Posts: 5
Joined: April 18th, 2009, 10:01 pm

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Dakeyras » April 23rd, 2009, 4:58 am

Hi :)

Good morning from Wuhan, CN
Nice to meet you Dakeyras, and I am happy, that you will try to help me.
Like wise, I am always more than happy myself to assist anyone with a malware problem.

First - I do not feel to have a save computer
Second - I feel that nothing had changed - it is not too slow, but not the same as fast as it was before when I have bought it.
OK, you want to help me - that is nice.
Thats is OK I appreciate your concerns etc. So far we have not done any proactive measures, merely carried out a deeper scan of your computer so I am more able to ascertain the overall situation.

Once we have removed any malware if present, I will address the overall performance of your computer OK.

I did try to follow your advices - But I have "info.txt" no longer.
I had it once in the same Task-Field ( it is the large blue part between "Start" and "Clock").
Because you wrote that this was "minimized", I try to find it and cancelled this file from the blue space. ( it was the same kind of a list - like the log.txt-list )
I repeated the steps, but could no more get the "minimized" info.txt
Not a problem I assure you!

A question if I may, is the any particular reason you did not move HijackThis.exe to its own folder? Did you not understand the instructions and or encounter a problem? This is not a problem however as we can address this in a different manner but I would like to know the reason why please, thank you.

OK take your time with the below there is absolutely no rush. Any problems and or something you do not understand, just stop what you are doing Vera and inform myself straight away.

Next:

To find the elusive RSIT info.txt as follows:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please look within this folder (if present):

C:\rsit >> double click on in >> now open info.txt and post the contents in your next reply please, thank you.

Multiple Anti-Malware Application Advice:

At present you have both the below listed: active in system memory, this will cause a system conflict and create a drain on system resources. Also it actually lessens overall online protection. I would like you to uninstall both. Do not worry we will be replacing them shortly with a far more effective security application OK.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Ad-Aware <-- AKA Lavasoft Ad-Aware
a-squared Free 4.0

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Peer to Peer Software:

It appears you have eMule installed. I would like for your good self to read this forums policy about such software applications and why it is not a wise move to use them at all.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):

G:\Program Files\eMule

Clean Temp Files:

Launch your installed CCLeaner application:

  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

Now Reboot(restart) your computer.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now? Any problems encountred and or further symptoms?
  • RSIT's info.txt.
  • Malwarebytes Anti-Malware Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Darling11us » April 23rd, 2009, 12:05 pm

I have done so far everything and I will continue using your help. I will also report, when I have done everything.
Before I continue ( btw I do trust you ) - - but you send me to a "bad site" for downloading mbam-setup.exe ( my WOT tells me not to trust them ).
Are you sure, that this site:
hxxp://www.zoombli.com/PrimaryLanding/S ... yOptimizer

is OK?
Vera
Last edited by NonSuch on April 23rd, 2009, 4:43 pm, edited 1 time in total.
Reason: Edited to disable live link.
Darling11us
Active Member
 
Posts: 5
Joined: April 18th, 2009, 10:01 pm

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Darling11us » April 23rd, 2009, 12:29 pm

Dakeyras wrote:Hi

I have try to download it from cdnet ( I have used google ).
I have downloaded it 2899kb and tried to install.
After some installing-work came a notice:

Destination
The feature you are trying to use is on a CD-Rom or other removable disk that is not available.
Insert the 'Destination" disk and click OK

I really don't know what to do.

I want to continue although it is 0:29 in China
Darling11us
Active Member
 
Posts: 5
Joined: April 18th, 2009, 10:01 pm

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Dakeyras » April 23rd, 2009, 3:23 pm

Hi :)

Not a cause for concern, the URL I provided for the Malwarebytes' Anti-Malware download is actually the oficial one. What has happened here is that one or more of the malware infections on your computer is causing a browser redirection.

Please delete whatever Malwarebytes' Anti-Malware installer you did manage to download, then empty your Recycle Bin.

Next:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • A guide on how to disable the aforementioned can be read here
  • When finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt in your next reply.


Note:
Do not forget to re-enable your Anti-Virus application after running the above scan!

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next:

Please download HijackThis from here.

  • Choose the default location of C:\Program Files\Trend Micro\HijackThis as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Click the Install button.
  • Accept the license agreement .
  • The progam will place a shortcut on your desktop. This will make it easier for you to access the tool when required.
  • Click Do a system scan and save a log file. A Notepad file will open.
  • To post the text, first you must highlight the entire text and then press the (Ctrl+C) keys which copies it to your clipboard.
  • Now paste the log into this thread using the (Ctrl + V) buttons.
  • DO NOT use the AnalyzeThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet.

Note: Do not delete your other copy of HijackThis untill I tell you to OK.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now? Any problems encountred and or further symptoms?
  • ComboFix Log.
  • Malwarebytes Anti-Malware Log.
  • A HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby Dakeyras » April 25th, 2009, 5:06 am

Hi :)

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I am blond, but not stupid - but I have to giveup .....

Unread postby NonSuch » April 28th, 2009, 4:49 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware