Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HijackThis Report. Please HELP me!! (should be right now)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 17th, 2009, 8:15 pm

Sorry, the first post i put up was of a StartupList report. Hopefully this should be the HijackThis log you need! Thanks in advance :D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:09, on 18/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbappHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABABB13-1770-4CC4-926B-43C0E09FB8FF}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ABABB13-1770-4CC4-926B-43C0E09FB8FF}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10071 bytes
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm
Advertisement
Register to Remove

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby MWR 3 day Mod » November 20th, 2009, 11:48 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby km2357 » November 21st, 2009, 2:09 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 23rd, 2009, 9:29 am

Hi km2357, dont worry about the delay i understand i'm just glad to have your help! Here is a fresh HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:10, on 23/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbappHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABABB13-1770-4CC4-926B-43C0E09FB8FF}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ABABB13-1770-4CC4-926B-43C0E09FB8FF}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9980 bytes
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby km2357 » November 23rd, 2009, 4:31 pm

Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident


Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


Step # 2: Remove Hijackthis Entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Step # 3 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.



Step # 4: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click No.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 23rd, 2009, 8:35 pm

Hi km2357
Step #1
I tried to do what you told me to do with Spybot but when it came to step 2 and changing the settings, I tried to run Spybot and for some reason it failed to open?

Step #2
I removed the files you told me to on HijackThis

R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

Step #3
I downloaded dds to my desktop and ran the program. The program ran and said 2 files should pop up after the scan was done but these files dont pop up?? I thought Spybot might be blocking it in someway so uninstalled that but still after i do the scan the 2 files fail to pop up??

Step #4
Here is the log produced by gmer

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-11-24 00:31:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: D:\DOCUME~1\Dave\LOCALS~1\Temp\pxldipoc.sys


---- System - GMER 1.0.15 ----

SSDT spkz.sys ZwEnumerateKey [0xFA9AECA4]
SSDT spkz.sys ZwEnumerateValueKey [0xFA9AF032]

Code 8117C080 ZwFlushInstructionCache
Code 8115F286 IofCallDriver
Code FFA59286 IofCompleteRequest
Code FFA5796D ZwSaveKey
Code 811EC8DD ZwSaveKeyEx

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 812B61F8
Device \FileSystem\Fastfat \Fat FF9971F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\ESQULhylqbbqoeparwwiyouirwvyqmqsnsdtx.sys (*** hidden *** ) [SYSTEM] ESQULserv.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


Thanks again for your time and help!
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby km2357 » November 24th, 2009, 2:26 am

I downloaded dds to my desktop and ran the program. The program ran and said 2 files should pop up after the scan was done but these files dont pop up?? I thought Spybot might be blocking it in someway so uninstalled that but still after i do the scan the 2 files fail to pop up??


Try disabling AVG 8 first, then try running DDS again.

If the two DDS Logs appear (DDS and Attach.txt) then post them in your next post/reply. If they don't appear (be sure to wait at least a few minutes for them to appear) let me know and we'll use a different tool in place of DDS.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 24th, 2009, 7:21 am

Try disabling AVG 8 first, then try running DDS again.

If the two DDS Logs appear (DDS and Attach.txt) then post them in your next post/reply. If they don't appear (be sure to wait at least a few minutes for them to appear) let me know and we'll use a different tool in place of DDS.


I diasbled AVG and then ran the scan again but still the files fail to appear?? Ive tried at least 5 times now but everytime nothing happens.
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby km2357 » November 24th, 2009, 3:38 pm

We'll try a different scanner then. :)

Step # 1 Download and Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 24th, 2009, 7:36 pm

Hi km2357, thanks again for your help.

Here are the two logs produced by RSIT
Firstly log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-11-24 23:32:21
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 15 GB (66%) free of 23 GB
Total RAM: 191 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:55, on 24/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbappHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Dave\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ABABB13-1770-4CC4-926B-43C0E09FB8FF}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ABABB13-1770-4CC4-926B-43C0E09FB8FF}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9124 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2009-07-11 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll [2009-07-13 299288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2} - GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll [2009-07-13 1138968]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-07-11 434271]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"SiSPower"=SiSPower.dll,ModeAgent []
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2004-11-26 90112]
"PCMService"=c:\Apps\Powercinema\PCMService.exe [2005-05-11 127118]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-07-11 32838]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2009-07-11 24688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-07-11 32838]
"SmileyApp"=C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe [2009-07-13 606488]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Documents and Settings\Dave\Desktop\MP3 Tunes\utorrent.exe"="D:\Documents and Settings\Dave\Desktop\MP3 Tunes\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2131e830-24e8-11de-81f2-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-1-27-100003256-100024792-100013548-9164.com k:\
shell\Open\command - RECYCLER\S-2-1-27-100003256-100024792-100013548-9164.com k:\


======List of files/folders created in the last 1 months======

2009-11-24 23:32:21 ----D---- C:\rsit
2009-11-17 15:23:24 ----D---- C:\Program Files\Trend Micro
2009-11-12 14:14:01 ----D---- C:\b2ef70b41efbc5cf5198b6

======List of files/folders modified in the last 1 months======

2009-11-24 15:37:38 ----D---- C:\Program Files\Mozilla Firefox
2009-11-24 10:59:35 ----D---- C:\WINDOWS\Temp
2009-11-24 10:58:49 ----A---- C:\WINDOWS\win.ini
2009-11-24 00:58:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-24 00:08:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-24 00:03:34 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-23 23:21:42 ----D---- C:\WINDOWS\PREFETCH
2009-11-17 15:23:24 ----RD---- C:\Program Files
2009-11-11 13:41:43 ----SHD---- C:\WINDOWS\Installer
2009-11-11 13:41:31 ----D---- C:\Program Files\Opera
2009-11-06 17:17:19 ----D---- C:\Program Files\Internet Explorer
2009-10-26 11:22:56 ----AD---- C:\WINDOWS\system32
2009-10-26 11:22:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-02 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-04 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-01-04 13184]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2003-07-16 221736]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-01-04 239104]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2003-08-20 548952]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2003-07-02 39348]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2003-07-02 1301128]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2003-07-02 167384]
S3 RecAgent;recagent; \??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2003-07-02 86128]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-02 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-02 297752]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221266]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\APPS\Powercinema\Kernel\TV\CLSched.exe [2005-05-11 110672]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-07-11 28762]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-07-02 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 24th, 2009, 7:39 pm

And info.txt aswell! Thank you for your time.

info.txt logfile of random's system information tool 1.06 2009-11-24 23:33:05

======Uninstall list======

-->"c:\apps\skype\phone\unins000.exe"
-->"C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
-->C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
-->MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\Setup.exe" -l0x9 -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica MP3 Audio Mixer-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AlfaDVD-->"C:\Program Files\AlfaDVD\Uninstall.exe"
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
GamingHarbor Toolbar-->"D:\Documents and Settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
GamingHarbor Toolbar-->D:\Documents and Settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Cutter Joiner 1.17-->"C:\Program Files\SuperAudiotool\MP3 Cutter Joiner\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Web Search (My Fun Cards)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem3.inf
Sky Broadband-->MsiExec.exe /I{14C35072-D7D0-4B29-B5BF-C94E426D77E9}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Search Dispatcher-->"C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) [2009-11-23]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-11-23]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-11-23]
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) [2009-11-23]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: Home
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 3397
Source Name: Windows Update Agent
Time Written: 20090911181731.000000+060
Event Type: error
User:

Computer Name: Home
Event Code: 7000
Message: The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3375
Source Name: Service Control Manager
Time Written: 20090911175936.000000+060
Event Type: error
User:

Computer Name: Home
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 3368
Source Name: Windows Update Agent
Time Written: 20090906153753.000000+060
Event Type: error
User:

Computer Name: Home
Event Code: 7000
Message: The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3351
Source Name: Service Control Manager
Time Written: 20090906153030.000000+060
Event Type: error
User:

Computer Name: Home
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 3347
Source Name: W32Time
Time Written: 20090902233925.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\PROGRA~1\COMMON~1\SONICS~1\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby km2357 » November 25th, 2009, 12:25 am

Step # 1: Add/Remove Programs

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

GamingHarbor Toolbar

My Web Search (My Fun Cards)

System Search Dispatcher


Reboot your Computer.


Step # 2: Download and Run ComboFix

Download ComboFix from any of the links below. You must rename it to raverdave before saving it. Save it to your Desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on raverdave & follow the prompts.
    When finished, it will produce a report for you.
  • Please include C:\ComboFix.txt in your next reply so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 25th, 2009, 8:41 am

Hi km2357

I managed to uninstall all of the programs that you told me to and run ComboFix so here is the log that it produced. Thank you so much again for your time and help, it's much appreciated!


ComboFix 09-11-24.04 - Dave 25/11/2009 12:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.191.6 [GMT 0:00]
Running from: d:\documents and settings\Dave\Desktop\raverdave.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-4156357671-1225664236-4064586095-1003
c:\windows\system32\drivers\ESQULhylqbbqoeparwwiyouirwvyqmqsnsdtx.sys
c:\windows\system32\ESQULbrkrjdnkitlsdjkksgpefmnmfdgbxeib.dll
c:\windows\system32\ESQULudoltfmqjvipxjwunjxxhbowprccaiqp.dll
c:\windows\system32\ESQULzcounter
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
d:\documents and settings\Dave\Local Settings\Application Data\DoubleD
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\_tm16.tmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\_tm32.tmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
d:\documents and settings\Dave\Local Settings\Temporary Internet Files\stb06759.tmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\248d6576afce4ee94af42d7350131106.gif
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\24a70fb875fab686b6b3c217612bc07c.gif
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\default1.dat
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\loading.dat
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\loading.gif
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Cursor.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_DailyVideo.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Game.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Glitter.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Logo.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Option.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Recipe.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Ringtone.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Screensaver.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Search.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_Config.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_Config.mx.new
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_TellAFriend.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Wallpaper.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Web.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_01.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_02.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_03.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_04.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_05.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_06.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_07.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\pixel.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\ProductInfo.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\profile.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\SearchEngineList.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\tbcore.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\ToolbarLayout.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\UpdateCentre.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\UpdateCentreBk.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\URLDynamic.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\URLStatic.mx
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\About.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Component_ComboBox.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Cursor.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Cursor.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_DailyVideo.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Game.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Glitter.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Glitter.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Logo.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Option.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Recipe.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Ringtone.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Screensaver.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Search.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Smiley.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Smiley.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Wallpaper.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Web.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_01.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_01.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_02.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_02.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_03.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_03.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_04.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_04.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_05.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_05.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_06.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_06.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_07.mg
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_07.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDefault.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay18.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay20.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters18.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters20.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnOption.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley18.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley20.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd18.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd20.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink.png
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink18.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink20.bmp
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin1.skf
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin2.skf
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin3.skf
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin4.skf
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\TellafriendSkin.skf
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\TellafriendSkin_s.skf
d:\documents and settings\Internet\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\ToastSkin.skf
d:\documents and settings\Internet\Local Settings\Temporary Internet Files\_tm1.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-24 23:32 . 2009-11-24 23:33 -------- d-----w- C:\rsit
2009-11-17 15:23 . 2009-11-17 15:23 -------- d-----w- c:\program files\Trend Micro
2009-11-17 15:07 . 2009-11-17 15:07 -------- d-----w- d:\documents and settings\Dave\Local Settings\Application Data\AVG Security Toolbar
2009-11-14 22:56 . 2009-11-14 22:56 -------- d-----w- d:\documents and settings\Dave\Local Settings\Application Data\Unity
2009-11-12 14:14 . 2009-11-12 14:14 -------- d-----w- C:\b2ef70b41efbc5cf5198b6
2009-11-11 13:38 . 2009-11-11 13:38 -------- d-sh--w- d:\documents and settings\Dave\PrivacIE
2009-11-07 13:19 . 2009-11-07 13:19 -------- d-----w- d:\documents and settings\Internet\Application Data\OD2
2009-11-07 11:44 . 2009-11-07 11:44 -------- d-----w- d:\documents and settings\Georgia\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 00:08 . 2009-04-05 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-24 00:03 . 2009-04-05 16:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 13:41 . 2009-09-02 09:54 -------- d-----w- c:\program files\Opera
2009-10-19 15:06 . 2009-07-08 14:07 -------- d-----w- d:\documents and settings\Dave\Application Data\BitTorrent
2009-10-08 14:45 . 2009-07-08 14:26 5 ----a-w- c:\windows\system32\SySCut.dat
2009-09-02 09:05 . 2009-04-05 16:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-02 09:05 . 2009-04-05 16:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 09:05 . 2009-04-05 16:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-20 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 09:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/04/2009 16:15 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/04/2009 16:15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/04/2009 16:15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/04/2009 16:15 297752]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/04/2009 09:27 721904]
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
.
------- Supplementary Scan -------
.
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - d:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\dmwq6200.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/sear ... -web_uk&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\Dave\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-25 12:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-25 12:33
ComboFix-quarantined-files.txt 2009-11-25 12:33

Pre-Run: 15,961,739,264 bytes free
Post-Run: 15,943,933,952 bytes free

- - End Of File - - 81E8193E9F1557C20331F14D530A64DC
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby km2357 » November 25th, 2009, 3:52 pm

Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    Folder::
    
    d:\documents and settings\Dave\Application Data\BitTorrent
    c:\Program Files\BitTorrent
    
    Registry::
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
    IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on raverdave's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. (raverdave.exe)
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh RSIT Log taken after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: My HijackThis Report. Please HELP me!! (should be right now)

Unread postby raverdave » November 25th, 2009, 8:17 pm

Hi km2357

Here firstly is the log produced by Combofix


ComboFix 09-11-24.04 - Dave 25/11/2009 23:46.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.191.57 [GMT 0:00]
Running from: d:\documents and settings\Dave\Desktop\raverdave.exe
Command switches used :: d:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\15772-bittorrent.4dda.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
d:\documents and settings\Dave\Application Data\BitTorrent
d:\documents and settings\Dave\Application Data\BitTorrent\American History X 1998 XviD DVDRip.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\bittorrent.lng
d:\documents and settings\Dave\Application Data\BitTorrent\Brüno (2009) English DVDrip.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Brüno 2009 TELESYNC AAC-SecretMyth (Kingdom-Release).torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Bruno (2009) DVDRip-MAXSPEED.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Bruno[2009]DVDrip-XXA.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Chopper [2000][DVDRip][720x400][H.264-AAC] ~SaaS~.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\dht.dat
d:\documents and settings\Dave\Application Data\BitTorrent\dht.dat.old
d:\documents and settings\Dave\Application Data\BitTorrent\Freddy.Got.Fingered.2001.DvdRip.eng.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Harry.Potter.and.the.Halfblood.Prince.XviD.ENG.MeW.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Random Concept weekender 2009 Vol 18_.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\resume.dat
d:\documents and settings\Dave\Application Data\BitTorrent\resume.dat.old
d:\documents and settings\Dave\Application Data\BitTorrent\Role.Models[2008][Unrated.Edition]DvDrip-aXXo.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\rss.dat
d:\documents and settings\Dave\Application Data\BitTorrent\rss.dat.old
d:\documents and settings\Dave\Application Data\BitTorrent\settings.dat
d:\documents and settings\Dave\Application Data\BitTorrent\settings.dat.old
d:\documents and settings\Dave\Application Data\BitTorrent\Sub Focus - Sub Focus [2009-MP3-320-M3U-Cov][Bubanee].torrent
d:\documents and settings\Dave\Application Data\BitTorrent\The Final Destination 2009 CAM THS.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\The Hangover.2009.Cam-AlienFilms.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Transformers 2 Revenge Of The Fallen DVDRip XviD-MAXSPEED.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Transformers[2007]DvDrip[Eng]-aXXo.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Welcome Home Roscoe Jenkins[2008]DvDrip[Eng]-NikonXp.torrent
d:\documents and settings\Dave\Application Data\BitTorrent\Yes.Man.2008.DvDRip-FxM.torrent

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-24 23:32 . 2009-11-24 23:33 -------- d-----w- C:\rsit
2009-11-17 15:23 . 2009-11-17 15:23 -------- d-----w- c:\program files\Trend Micro
2009-11-17 15:07 . 2009-11-17 15:07 -------- d-----w- d:\documents and settings\Dave\Local Settings\Application Data\AVG Security Toolbar
2009-11-14 22:56 . 2009-11-14 22:56 -------- d-----w- d:\documents and settings\Dave\Local Settings\Application Data\Unity
2009-11-12 14:14 . 2009-11-12 14:14 -------- d-----w- C:\b2ef70b41efbc5cf5198b6
2009-11-11 13:38 . 2009-11-11 13:38 -------- d-sh--w- d:\documents and settings\Dave\PrivacIE
2009-11-07 13:19 . 2009-11-07 13:19 -------- d-----w- d:\documents and settings\Internet\Application Data\OD2
2009-11-07 11:44 . 2009-11-07 11:44 -------- d-----w- d:\documents and settings\Georgia\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 00:08 . 2009-04-05 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-24 00:03 . 2009-04-05 16:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 13:41 . 2009-09-02 09:54 -------- d-----w- c:\program files\Opera
2009-10-08 14:45 . 2009-07-08 14:26 5 ----a-w- c:\windows\system32\SySCut.dat
2009-09-02 09:05 . 2009-04-05 16:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-02 09:05 . 2009-04-05 16:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 09:05 . 2009-04-05 16:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-25_12.29.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 00:00 . 2009-11-26 00:00 16384 c:\windows\temp\Perflib_Perfdata_700.dat
+ 2008-10-16 13:09 . 2009-08-06 19:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 35552 c:\windows\system32\wups.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-11-25 16:14 . 2009-08-06 19:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-25 16:14 . 2009-08-06 19:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-10 16:37 . 2009-08-06 19:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-10 16:37 . 2009-08-06 19:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-10 16:56 . 2009-08-06 19:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-10 16:56 . 2009-08-06 19:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-10 16:56 . 2009-08-06 19:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-10 16:56 . 2009-08-06 19:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-10 16:56 . 2009-08-06 19:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-20 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 09:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/04/2009 16:15 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/04/2009 16:15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/04/2009 16:15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/04/2009 16:15 297752]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/04/2009 09:27 721904]
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 14:00]
.
.
------- Supplementary Scan -------
.
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - d:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\dmwq6200.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/sear ... -web_uk&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\Dave\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 00:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2344)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-11-26 00:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 00:12
ComboFix2.txt 2009-11-25 12:33

Pre-Run: 15,488,212,992 bytes free
Post-Run: 15,645,650,944 bytes free

- - End Of File - - 12D277D40956EC03C9D7FD0C19B79F35
raverdave
Regular Member
 
Posts: 15
Joined: November 17th, 2009, 1:57 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware