Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware or virus has my system locked up - Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 16th, 2009, 2:42 am

My system either has a virus or malware issue, or possibly both. Whatever it is has it almost locked up. I'm running in safe mode right now and apparently this is the only way it will run. In regular mode when windows opens up, a series of "help" screens start to open up in the foreground as well as the background. Depending on what program I try to open as to what help screens open up. In checking the processes running in the Task Manager, there were as many as 300 running at one time, with most of them being "help programs". Eventually they could be closed out, but it takes a long time. Then things seem to run fairly smooth for a bit until something triggers the problem to start over. I installed 2 more anti-virus/spyware programs, but they didn't help. Finally the whole system locked up and had to be manually shut down. Please tell me what to do before my pc has a total meltdown. My log is below for you to review. Thanks in advance for all your help!

Logfile of HijackThis v1.99.1
Scan saved at 12:53:20 AM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\aol\1199131984\ee\aolsoftware.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1199131984\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [GWMDMMSG] "C:\WINDOWS\GWMDMMSG.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://aolcom.pogo.com/cdl/launcher/Pog ... taller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://legacy.aolsvc.aol.com/onlinegame ... axhost.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop ... 0.0.80.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am
Advertisement
Register to Remove

Re: Malware or virus has my system locked up - Please help!

Unread postby askey127 » May 20th, 2009, 7:02 pm

Hi myoungpepper
------------------------------------------------------
Please note that all instructions here are customized for this computer only. The tools used may cause damage if used on a computer with different infections.
For any outsiders reading this thread that appear to have similar problems, please post a new log in the HJT forum and wait for help.


My name is askey127 and I will be helping you remove any infection(s) that you may have.

Please observe these rules while we work:
  • Please give all responses as a reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"
  • If you have a problem with something, stop and ask! Don't keep going on.
  • Please don't remove, install or uninstall anything new unless I ask you to do so.
  • Don't assume that if the symptoms go away, computer is clean (Just because you can't see a problem doesn't mean it isn't there)
If you can do those things, everything should go smoothly :D

Please Note that your security programs may give warnings about some of the tools I will ask you to use. In any such case, please give permissions.
Be assured that any website links I give you are verified to be safe.
-----------------------------------------------------------
YOU HAVE NO ANTI-VIRUS PROGRAM
Download just one of these free anti-virus programs, update it and run a full scan. Have it fix anything it finds.
Consider this an Emergency until you complete it!----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish

Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------
Run the RSIT Scanner
Please download the Scanner http://images.malwareremoval.com/random/RSIT.exe and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

So we are looking for the contents of install.txt from CCleaner, and the two logs from the RSIT scanner.
Make separate posts for each if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 21st, 2009, 1:12 am

Hi askey127,
Thank you for your reply and instructions. I do have a few questions before I proceed with the clean-up. First of all, I have to work in the "safe mode" now because the regular mode is too bogged down to get anywhere. Will this hinder any of the cleaning process you've given me? Also, I have been using the internet since I sent you the HJT log. I haven't downloaded anything, but did clear some AOL cache and temp files. Will that be a problem? Should I send you an updated log of my system? Also, because of having to work in safe mode, I don't have access to my printer. Is there anything I can do to make the printer available? If not, I can get my instructions printed by someone elses computer, but having mine would be more convenient. Thanks again for your help. I can't wait to get this thing up and running again!

myoungpepper :colors:
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby askey127 » May 21st, 2009, 7:12 am

myyoungpepper,
What you have done is NOT a problem.
Do your best to follow the instructions.
You may have to download the Antivirus, CCleaner and RSIT installers using another machine, then copy them to yours with a flash drive.
In the absence of a printer, you can copy the instructions here and paste them into a new Notepad file, which you can save to your desktop, or leave running. It will give you access to everything but the download links.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 21st, 2009, 2:08 pm

Hi Askey127,
Whew, I think I followed all instructions you gave me. I did run into a slight problem with the virus scan. There were 4 viruses found, and each time it wanted my instructions, it would not let me repair the file. There was a msg. stating (Initialization of Chest Files Action was completed w/errors. And the Error Report read: Program cannot use Chest client:(null) Description: Virus chest server is not running. RPC Communication failed.) The only option it would let me click on was to "delete" the file. So, that's what I did. I hope this didn't mess anything up.
Here is the posts for the CCleaner install.txt.
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0
Adobe Reader 8.1.4
Adobe Shockwave Player 11
AdwareAlert
AntispywareBot
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 3.0
avast! Antivirus
Bonjour
CCleaner (remove only)
Consumer Input Software (remove only)
Copy Utility
DoMore
Download Updater (AOL LLC)
DVD Suite
EPSON Photo Print
EPSON TWAIN 5
FoneSync
Gateway Internet Links
GTW V.92 Modem
Hijackthis 1.99.1
HijackThis 1.99.1
ImageMixer for HDD Camcorder
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Logitech Desktop Messenger
Logitech QuickCam
Logitech® Camera Driver
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Nero 7 Essentials
NVIDIA Windows 2000/XP Display Drivers
OptiPix Pro
Photo Viewer
PICTUREKA! MUSEUM MAYHEM
PowerDVD
PowerProducer
QuickTime
RegistrySmart
ScanToWeb
Sony Picture Utility
The Sims Complete Collection
Virtual Earth 3D (Beta)
Webroot AntiVirus with AntiSpyware
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

The others will be in separate listings.
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 21st, 2009, 2:11 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Harvey at 2009-05-21 12:48:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 101 GB (77%) free of 131 GB
Total RAM: 511 MB (46% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\AntispywareBot Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\wrSpySweeper_L7C57959FAA87451CB0A6190C47E7FBDC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2008-11-05 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-08 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2008-11-05 1275176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HostManager"=C:\Program Files\Common Files\AOL\1199131984\ee\AOLSoftware.exe [2008-06-24 41824]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-09-12 196608]
"GWMDMMSG"=C:\WINDOWS\GWMDMMSG.exe [2001-08-15 100913]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2009-03-22 63864]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-01-20 6278520]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2007-10-27 50528]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.1\AOL.EXE [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe [2000-07-19 176183]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe [2008-01-28 201352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\IMX3LA~1.EXE [2006-06-08 1871872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-10-10 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\DOCUME~1\KATHER~2\MYDOCU~1\VOLUME~1\SPUVOL~1.EXE [2007-01-15 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1199131984\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1199131984\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe"="C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe:159.153.235.1/255.255.255.255:Enabled:Internet Checkers"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Java\jre1.6.0_05\bin\java.exe"="C:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AOL 9.1\aol.exe"="C:\Program Files\AOL 9.1\aol.exe:*:Enabled:AOL 9.1"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials"
"C:\Program Files\CallWave\IAM.exe"="C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-05-21 12:48:58 ----D---- C:\Program Files\trend micro
2009-05-21 12:48:57 ----D---- C:\rsit
2009-05-21 10:14:46 ----D---- C:\Program Files\CCleaner
2009-05-21 08:26:11 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-05-21 08:26:08 ----D---- C:\Program Files\Alwil Software
2009-05-16 00:51:48 ----D---- C:\Program Files\Hijackthis
2009-05-11 22:07:30 ----D---- C:\WINDOWS\ie8updates
2009-05-11 22:00:59 ----HDC---- C:\WINDOWS\ie8
2009-05-11 20:17:32 ----D---- C:\Program Files\AdwareAlert
2009-05-11 18:24:47 ----D---- C:\Program Files\RegistrySmart
2009-05-11 16:49:38 ----D---- C:\Program Files\AntispywareBot
2009-05-08 07:30:45 ----HD---- C:\Config.Msi
2009-05-08 06:44:21 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2009-05-08 00:14:21 ----D---- C:\Program Files\Windows Live Safety Center
2009-05-03 21:59:19 ----D---- C:\Program Files\3ivx
2009-05-03 21:58:01 ----D---- C:\Program Files\Common Files\muvee Technologies

======List of files/folders modified in the last 1 months======

2009-05-21 12:48:58 ----RD---- C:\Program Files
2009-05-21 12:29:00 ----D---- C:\WINDOWS\Temp
2009-05-21 11:01:55 ----D---- C:\WINDOWS\Debug
2009-05-21 11:01:55 ----D---- C:\WINDOWS
2009-05-21 08:44:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-21 08:26:42 ----D---- C:\WINDOWS\system32\drivers
2009-05-21 08:26:39 ----D---- C:\WINDOWS\system32
2009-05-21 07:41:57 ----D---- C:\Documents and Settings\Harvey\Application Data\MSN6
2009-05-21 07:09:59 ----A---- C:\WINDOWS\win.ini
2009-05-16 02:38:23 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-15 23:59:51 ----D---- C:\Documents and Settings
2009-05-12 09:43:41 ----D---- C:\WINDOWS\Prefetch
2009-05-11 23:14:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-11 22:58:06 ----D---- C:\WINDOWS\system32\en-US
2009-05-11 22:58:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-11 22:58:05 ----HD---- C:\WINDOWS\inf
2009-05-11 22:58:05 ----D---- C:\WINDOWS\Media
2009-05-11 22:58:05 ----D---- C:\WINDOWS\Help
2009-05-11 22:58:05 ----D---- C:\Program Files\Internet Explorer
2009-05-11 22:06:45 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-11 20:17:55 ----SD---- C:\WINDOWS\Tasks
2009-05-11 20:17:44 ----SHD---- C:\WINDOWS\Installer
2009-05-11 19:19:23 ----A---- C:\VETlog.txt
2009-05-08 22:49:22 ----RASH---- C:\boot.ini
2009-05-08 22:49:21 ----A---- C:\WINDOWS\system.ini
2009-05-08 22:49:19 ----D---- C:\WINDOWS\pss
2009-05-08 22:39:29 ----D---- C:\Program Files\Mozilla Firefox
2009-05-08 22:38:10 ----D---- C:\Program Files\Google
2009-05-08 10:24:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-08 08:29:57 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-08 08:26:09 ----D---- C:\WINDOWS\system32\config
2009-05-08 07:42:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-07 22:00:00 ----D---- C:\WINDOWS\system32\wbem
2009-05-07 21:59:59 ----D---- C:\WINDOWS\Registration
2009-05-05 04:14:21 ----D---- C:\Program Files\AMT
2009-05-03 21:58:59 ----A---- C:\AUTOEXEC.BAT
2009-05-03 21:58:01 ----D---- C:\Program Files\Common Files
2009-05-03 21:57:27 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-03 21:56:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-03 21:56:40 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-09-21 347648]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
S2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 ATWPKT2;ATWPKT2; \??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS []
S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTWModem;GTW V.92 Modem; C:\WINDOWS\System32\DRIVERS\GWMDM.sys [2001-08-15 1141888]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-30 829305]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-08-24 442168]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-12-07 3671408]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-01-20 1090936]
S2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-08-30 57344]
S2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
S2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2009-03-22 1131896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-08 183280]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-07 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-07 271920]
S3 PictureTaker;PictureTaker; C:\WINDOWS\System32\PCTKRNT.SYS [2007-12-29 45056]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 21st, 2009, 2:15 pm

info.txt logfile of random's system information tool 1.06 2009-05-21 12:53:10

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AdwareAlert-->MsiExec.exe /X{067C8884-9A00-4083-9AAD-8896CF06BD82}
AntispywareBot-->MsiExec.exe /X{3015C00E-2DCB-4EAE-B42D-08EC21366E76}
AOL Toolbar -->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Consumer Input Software (remove only)-->"C:\Program Files\Consumer Input\uninstall.exe"
Copy Utility-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Copy Utility\Uninst.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DoMore-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile E1E33CA7-6463-4C18-852C-24B630977733 /Prompt
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" UNINSTALL
FoneSync-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
Gateway Internet Links-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 99A393E0-1F86-4AB7-9FE3-ACEC7E10098F /Prompt
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
GTW V.92 Modem-->C:\WINDOWS\GWMDMU.exe verbose
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1-->C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImageMixer for HDD Camcorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\Setup.exe" -l0x9 UNINSTALL -removeonly
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2001-->MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Windows Live OneCare Resources v2.5.2900.24-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.24-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Word 2000 SR-1-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{E11BD6A7-5046-4D25-ABCB-386A54F71033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
OptiPix Pro-->MsiExec.exe /X{A7FEAFD3-A58A-49FA-9717-5ED86A4A19C7}
Photo Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}\Setup.exe"
PICTUREKA! MUSEUM MAYHEM-->"C:\Program Files\Oberon Media\PICTUREKA! MUSEUM MAYHEM\Uninstall.exe" "C:\Program Files\Oberon Media\PICTUREKA! MUSEUM MAYHEM\install.log"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RegistrySmart-->MsiExec.exe /X{8989E1EE-C1E4-460D-9A88-67A44C5B3E5C}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\Setup.exe" ADDREMOVEDLG
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
The Sims Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Webroot AntiVirus with AntiSpyware-->"C:\Program Files\Webroot\Spy Sweeper\unins001.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Webroot AntiVirus with AntiSpyware (disabled)
AV: Windows Live OneCare
FW: Windows Live OneCare Firewall
FW: Webroot Internet Security Essentials (disabled)

======System event log======

Computer Name: OWNER-KT69IWGH8
Event Code: 9
Message: The device, , did not respond within the timeout period.

Record Number: 51186
Source Name: MSFWDrv
Time Written: 20090512100506.000000-300
Event Type: error
User:

Computer Name: OWNER-KT69IWGH8
Event Code: 9
Message: The device, , did not respond within the timeout period.

Record Number: 51185
Source Name: MSFWDrv
Time Written: 20090512100505.000000-300
Event Type: error
User:

Computer Name: OWNER-KT69IWGH8
Event Code: 9
Message: The device, , did not respond within the timeout period.

Record Number: 51184
Source Name: MSFWDrv
Time Written: 20090512100505.000000-300
Event Type: error
User:

Computer Name: OWNER-KT69IWGH8
Event Code: 9
Message: The device, , did not respond within the timeout period.

Record Number: 51183
Source Name: MSFWDrv
Time Written: 20090512100505.000000-300
Event Type: error
User:

Computer Name: OWNER-KT69IWGH8
Event Code: 9
Message: The device, , did not respond within the timeout period.

Record Number: 51182
Source Name: MSFWDrv
Time Written: 20090512100505.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-KT69IWGH8
Event Code: 1517
Message: Windows saved user OWNER-KT69IWGH8\Harvey registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3395
Source Name: Userenv
Time Written: 20090103050844.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-KT69IWGH8
Event Code: 1517
Message: Windows saved user OWNER-KT69IWGH8\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3387
Source Name: Userenv
Time Written: 20090103023655.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-KT69IWGH8
Event Code: 1517
Message: Windows saved user OWNER-KT69IWGH8\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3379
Source Name: Userenv
Time Written: 20090102065037.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-KT69IWGH8
Event Code: 1517
Message: Windows saved user OWNER-KT69IWGH8\Harvey registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3371
Source Name: Userenv
Time Written: 20090102052146.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-KT69IWGH8
Event Code: 1517
Message: Windows saved user OWNER-KT69IWGH8\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3363
Source Name: Userenv
Time Written: 20090102033514.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby askey127 » May 21st, 2009, 4:54 pm

myoungpepper,
-----------------------------------------------------------
Disable SpySweeper
  • Open SpySweeper, click Shield Settings on the right (or Shields on the left, depending what screen you're on).
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Hosts File and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Close SpySweeper.
  • Reboot your computer, and verify Spy Sweeper is disabled.
----------------------------------------------------------
I know you just installed it, but we can now get rid of Avast and some older, vulnerable programs.
We will update them later.

Remove Program(s) with CCleaner
Open CCleaner. In the Left Pane, click Tools. Verify that Uninstall is highlighted in color, or click on it.
Click and Highlight the Following Programs, one at a time, and click the Run Uninstaller button for each one.
Wait for completion of each one before highlighting and Uninstalling the next.
avast! Antivirus
Adobe Reader 6.0
Adobe Reader 8.1.4
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Logitech Desktop Messenger

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
----------------------------------------------------------------------------------
If you can't update this program, run it anyway. When it finishes, be sure to check everything it finds and click Remove Selected.

Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked if it found any malware items, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for the Malwarebytes AntiMalware log, and a fresh HiJackThis log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 21st, 2009, 9:31 pm

askey127,

My Webroot Spysweeper subscription expired 3 days ago and is no longer working. So, I can't disable it since it's already disabled. Should I add it to the list of programs to remove with CCleaner? I can now at least sign on to Windows without alot of trouble, but it still takes forever for everything to move. Should I continue working in the safe mode or does it matter? My biggest gripe with safe mode is everything is huge and really hard to see without doing alot of scrolling. Oh, and since I don't have SpySweeper, should I still get rid of Avast? I really do appreciate all of your help.
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby askey127 » May 21st, 2009, 9:49 pm

Yes, add Spysweeper to the list of programs to remove.
Anytime you can sign in using normal mode instead of Safe mode, it is better for analysis.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 22nd, 2009, 8:44 am

I have one more question before I proceed with the current instructions. A couple of days before I made my initial contact with Malware Removal, I downloaded Windows Live One Care (Anti Virus/Spyware) program. When that didn't help, I also went to Adware and added their 3 programs. Which are Adware Alert, Anti SpywareBot & Registry Smart. (These 3 programs I am paying for). So, what should I do with them now? Also add them to the list to be removed, just disable them for now, or leave them alone? Thanks again. :cheers:
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby askey127 » May 22nd, 2009, 1:28 pm

myoungpepper,
The Adware programs are called Rogue antispyware programs.
The most gracious evaluation is that they are not the best. They are reputed to make you pay to remove any identified threats after the first one.
Not an ethical ideal for spyware removal.
Adware's set of applications is no match for either Malwarebytes Anti-Malware or SuperAntiSpyware.

These should be removed:
AdwareAlert
AntispywareBot
Webroot AntiVirus with AntiSpyware

And you should remove either Windows Live One Care, or Avast and keep the other.
Windows Live OneCare is competent and so is Avast, but you should not run both.
Windows Live OneCare has a built in Firewall which Avast does not.
There is public information that Windows Live OneCare will be discontinued in its present form sometime later this year, although I am certain Microsoft will support updates for a generous length of time.

After you make your chosen removals, I still would like to see the Malwarebytes log after you run its scan.
(You may have trouble removing AdwareAlert and/or AntispywareBot. This would confirm the purveyor's ethics).
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 23rd, 2009, 2:37 pm

Askey127,

As you said, the Adware programs only added to the problems I was having. This is so frustrating and I don't understand how they can legally get away with this practice. Anyway, I think I finally got rid of all of the files. So, at this point, I kept the Microsoft
Live OneCare program and got rid of Avast as well as Webroot, and all the others you mentioned. Below you will find the latest HJT log and behind that will be my MalwareBytes' log. Hopefully things will continue moving forward and soon this computer will be running like new, (well as new as a 9yr old pc can run anyway ;) ).
Thanks for all your help!!

Logfile of HijackThis v1.99.1
Scan saved at 1:21:57 PM, on 5/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\AOL\1199131984\ee\AOLSoftware.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1199131984\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [GWMDMMSG] "C:\WINDOWS\GWMDMMSG.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://aolcom.pogo.com/cdl/launcher/Pog ... taller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://legacy.aolsvc.aol.com/onlinegame ... axhost.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free- ... player.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop ... 0.0.80.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby myoungpepper » May 23rd, 2009, 2:51 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.1.2600 Service Pack 3

5/23/2009 1:08:36 PM
mbam-log-2009-05-23 (13-08-36).txt

Scan type: Quick Scan
Objects scanned: 135448
Time elapsed: 20 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 80
Files Infected: 54

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\11-05-2009-21-42-47 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts\Data\Harvey (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot (Rogue.AntiSpywareBot) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine (Rogue.AntiSpywareBot) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40 (Rogue.AntiSpywareBot) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40 (Rogue.AntiSpywareBot) -> Files: 3507 -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\100.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1013.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1014.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1028.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1029.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1030.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\107.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\11.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\122.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\124.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\136.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\141.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\142.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\142.qit\3.bin (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\143.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\144.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\145.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1663.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1694.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1724.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1759.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1761.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1762.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\1763.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\486.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\551.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\604.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\62.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\64.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\669.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\737.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\739.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\740.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\741.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\743.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\746.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\747.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\748.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\749.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\776.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\777.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\778.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\784.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\790.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\791.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\8.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\93.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\97.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\12.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\15.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\18.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\19.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\20.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\21.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\3.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\4.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\5.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\6.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\9.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2009 May 22 - 10_50_46 PM_500.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\11-05-2009-21-42-47\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\11-05-2009-21-42-47\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\11-05-2009-21-42-47\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\11-05-2009-21-42-47\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts\Data\Harvey\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts\Data\Harvey\outfit.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts\Data\Harvey\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Harvey\Application Data\FunWebProducts\Data\Harvey\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Log\2009 May 22 - 10_50_20 PM_515.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-16-40\142.qit\3.bin\MWSOEPLG.DLL (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\0.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\0.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\1.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\1.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\10.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\10.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\11.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\11.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\12.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\13.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\13.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\14.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\14.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\15.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\16.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\16.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\17.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\17.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\18.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\19.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\2.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\2.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\20.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\21.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\3.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\4.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\5.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\6.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\7.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\7.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\8.qit (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\8.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AntispywareBot\Quarantine\11-05-2009-19-44-01\9.qnf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2009 May 11 - 06_25_14 PM_609.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2009 May 11 - 10_02_50 PM_531.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Registry Backups\2009-05-11_18-45-31.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Registry Backups\2009-05-11_18-50-13.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
myoungpepper
Regular Member
 
Posts: 27
Joined: May 16th, 2009, 1:17 am

Re: Malware or virus has my system locked up - Please help!

Unread postby askey127 » May 23rd, 2009, 5:23 pm

myoungpepper,
In some cultures, the word "legal" has no standing.
------------------------------------------------------------
Download the latest version of Java SE Runtime Environment(JRE), and install it to your computer.
It is the 5th one on the page, called Java SE Runtime Environment (JRE) 6 Update 13
Select Windows, multi-language, and check to agree to the license.
Download it, choose save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
--------------------------------------------------------
Download the Newest Version of Adobe Reader
  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

If you prefer a simple reader, without plug-ins, that is smaller and faster, take a look at the free Foxit Reader here : http://www.foxitsoftware.com/downloads/
I would recommend the older Foxit version 2.3 only, without the toolbar. Foxit version 3.0 has the undesirable ASK toolbar.
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

I think you will be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware