Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

XPAntispyware2009 has me totally blocked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

XPAntispyware2009 has me totally blocked

Unread postby Lido » November 27th, 2008, 12:21 pm

My daughter accidently accepted and loaded this junk on her lap top. I cannot access the net. I loaded HJT on the laptop with USB but it will not run so I assume the spyware is blocking it. When the spyware loads, I see reference to WinTech Protection LTD. Constantly getting pop ups saying the computer has become infected and need to register now. Help on this would be appreciated.
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm
Advertisement
Register to Remove

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » November 29th, 2008, 2:13 am

Welcome Lido

I will be helping you under the guidance of one of our expert coaches.
Please give me a little time to get back to you with instructions.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • A lack of symptoms does not necessarily mean your computer is clean.
  • Continue to respond to this thread until I give you the All Clean!
Please Note: My instructions to you are checked by an expert prior to posting. This may cause a small delay between posts.
Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after a log will appear
  • Click Yes at the next prompt, another log named attach.txt will appear
  • A window will open instructing you to post both logs. Copy the contents of both logs & post in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » November 29th, 2008, 10:39 am

Here you go and thank you. Also, I see the spyware program in "Add-Remove." When I click on it to remove, it instead starts the program running.


DDS (Version 1.0) - NTFSx86
Run by Charles at 8:56:41.21 on Sat 11/29/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.685 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dqzezixw\pkpypkxq.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\XP_Antispyware\XP_Antispyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [XP Antispyware 2009] "c:\program files\xp_antispyware\XP_Antispyware.exe" /hide
mRun: [brastk] brastk.exe
mExplorerRun: [Za6Bww5OAg] c:\documents and settings\all users\application data\dqzezixw\pkpypkxq.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk870BYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: __c0047209 - c:\windows\system32\__c0047209.dat
AppInit_DLLs: karna.dat
SSODL: StrAplCmd - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - c:\program files\uqbjlwd\StrAplCmd.dll

============= SERVICES / DRIVERS ===============

R2 Basics Service;Basics Service;"c:\program files\seagate\basics\service\SyncServicesBasics.exe" [2007-10-9 124280]
R2 DNADownloader;DNADownloader;c:\program files\gamespot\DownloadManager_Win32.exe [2007-5-9 700416]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\CDSPACEX.sys []
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-7-13 6656]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\NSNDIS5.SYS [2004-3-23 17280]
S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\drivers\TwoRabts.sys []
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys []
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys []
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys []
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys []
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys []

=============== Created Last 30 ================

2008-11-27 11:26 <DIR> --d----- c:\program files\Trend Micro
2008-11-12 06:18 10,240 a------- c:\windows\system32\brastk.exe
2008-11-11 22:56 10,240 a------- c:\windows\brastk.exe
2008-11-11 18:37 13,270 a------- c:\program files\common files\gipelyq.dat
2008-11-07 05:54 11,189 a------- c:\windows\suzohyc.reg
2008-11-05 06:49 12,957 a------- c:\windows\system32\bula.dl
2008-11-02 18:16 19,276 a------- c:\windows\tydyrex.scr
2008-11-02 18:16 14,759 a------- c:\windows\system32\owekal.inf
2008-11-02 18:16 13,865 a------- c:\windows\opakixot._sy
2008-11-02 18:16 11,832 a------- c:\windows\odapugowo.dat
2008-11-02 18:16 17,566 a------- c:\windows\kijilywyja._sy
2008-11-02 18:16 15,620 a------- c:\windows\system32\exeleky.inf
2008-11-02 18:16 13,799 a------- c:\windows\asuviwaky.bat
2008-11-02 18:16 10,811 a------- c:\windows\vocy.inf
2008-11-02 18:16 10,445 a------- c:\windows\system32\syvo.db
2008-11-02 18:16 19,536 a------- c:\windows\system32\neze.exe
2008-11-02 18:16 10,833 a------- c:\windows\vuqogeg.reg
2008-11-02 18:09 224,075 a------- c:\windows\system32\_scui.cpl
2008-10-30 23:31 18,272 a------- c:\docume~1\alluse~1\applic~1\tufumicyro.scr
2008-10-30 23:31 16,696 a------- c:\windows\epapegyda.ban
2008-10-30 23:31 15,127 a------- c:\windows\ruquqogavi.reg
2008-10-30 23:31 12,495 a------- c:\docume~1\alluse~1\applic~1\wukedy.pif
2008-10-30 23:31 11,053 a------- c:\program files\common files\gaveju.reg
2008-10-30 23:31 18,113 a------- c:\windows\system32\vubygiz.exe
2008-10-30 23:31 16,938 a------- c:\windows\zebumu.bin
2008-10-30 23:31 16,877 a------- c:\windows\uqet.dl
2008-10-30 23:31 16,416 a------- c:\windows\ybowicu.dat
2008-10-30 23:31 13,803 a------- c:\docume~1\alluse~1\applic~1\zaryquzaw.com
2008-10-30 23:31 10,507 a------- c:\windows\zilucoka.exe
2008-10-30 19:30 15,021 a------- c:\program files\common files\hije.dat

==================== Find3M ====================

2008-11-27 10:14 6,144 a------- c:\windows\system32\karna.dat
2008-11-27 10:14 6,144 a------- c:\windows\karna.dat
2008-11-07 05:54 57,432 a------- c:\windows\system32\nvModes.dat
2008-11-02 18:26 <DIR> --d----- c:\program files\XP_AntiSpyware
2008-11-02 17:39 93,115 a------- c:\windows\system32\wini104552502.exe
2008-10-29 17:03 17,670 a------- c:\windows\utycyl.dat
2008-10-29 17:03 16,358 a------- c:\windows\tadame.exe
2008-10-29 17:03 14,939 a------- c:\windows\wixodocyw.bat
2008-10-29 17:03 14,328 a------- c:\windows\potumab.vbs
2008-10-29 17:03 11,657 a------- c:\windows\system32\akeqehuk.vbs
2008-10-29 17:03 10,130 a------- c:\windows\system32\ohed.vbs
2008-10-29 17:03 17,915 a------- c:\windows\system32\afysu.pif
2008-10-29 17:03 14,029 a------- c:\windows\wyfateho.bin
2008-10-29 17:03 12,089 a------- c:\windows\xuzog.bat
2008-10-28 00:18 14,571 a------- c:\windows\ecapeza.reg
2008-10-28 00:18 12,638 a------- c:\windows\silylovihe.com
2008-10-28 00:18 11,723 a------- c:\windows\eremis.bat
2008-10-28 00:18 17,542 a------- c:\windows\yromy.bin
2008-10-26 21:01 <DIR> --d----- c:\program files\SecondLife
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-10 20:46 28,160 a------- c:\windows\system32\dllcache\beep.sys
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-27 17:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 06:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-04 11:42 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-04 11:42 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-09-01 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-09-01 10:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-08-09 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound
2008-04-05 13:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-03-29 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2007-10-13 09:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2007-04-05 19:23 <DIR> --d----- c:\docume~1\charles\applic~1\MySpace
2007-02-17 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-01-14 17:47 <DIR> --d----- c:\docume~1\charles\applic~1\LimeWire
2006-12-16 02:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ubisoft
2006-10-30 05:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sandlot Games
2006-07-16 15:40 <DIR> --d----- c:\docume~1\charles\applic~1\Intel
2006-07-16 15:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
2006-04-05 12:49 <DIR> --d----- c:\docume~1\charles\applic~1\PC Tools
2005-10-04 10:15 <DIR> --d----- c:\docume~1\charles\applic~1\Symantec
2005-08-21 15:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2005-06-26 11:32 <DIR> --d----- c:\docume~1\charles\applic~1\McAfee.com Personal Firewall
2005-06-19 17:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2005-05-05 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2005-05-04 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Groove Games
2005-04-12 14:01 <DIR> --d----- c:\docume~1\charles\applic~1\Jasc Software Inc
2004-08-11 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 8:57:13.76 ===============
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » November 29th, 2008, 11:07 am

Hi Lido

Could I also see the contents of the Attach.txt log please?

I'll get back to soon with further instructions.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » November 29th, 2008, 11:24 am

Can you explain what that is or where I can locate the attached text doc? I loaded the DDS program onto the USB memory, attached it to the bad laptop, ran the DDS program from the USB and copied the results to the USB. I then copied everything from the report and pasted it in the above message. Thanks.
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » November 29th, 2008, 11:40 am

OK, I have redone DDS and have the atttach file. I can't figure out how to insert the zipped file onto this message board. Do you want me to paste the entire contents here?
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » November 29th, 2008, 11:43 am

Hi Lido

Just copy & paste the contents of Attach.txt as you did with the first log.

Thanks
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » November 29th, 2008, 11:51 am

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/19/2005 4:04:03 PM
System Uptime: 11/29/2008 1:21:26 AM (9 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 798/133mhz
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A05 | DELL - 27d5091c | A05 | 9/27/2005 8:00:00 PM

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 3.141 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_01AA1028&REV_03\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 570x Gigabit Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_01AA1028&REV_03\4&2FA23535&0&00F0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\315220E1374FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\315220E1374FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
Service: w29n51

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP524: 11/1/2008 12:23:59 PM - System Checkpoint
RP525: 11/2/2008 8:00:55 PM - System Checkpoint
RP526: 11/10/2008 11:32:32 PM - System Checkpoint
RP527: 11/11/2008 8:01:32 PM - Software Distribution Service 3.0
RP528: 11/15/2008 4:04:27 AM - System Checkpoint
RP529: 11/16/2008 10:48:54 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AGEIA PhysX v2.3.3
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Broadcom Advanced Control Suite 2
Cisco Systems VPN Client 4.6.04.0043
Conexant D110 MDC V.92 Modem
DAEMON Tools
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell ResourceCD
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Converter
Drive Manager
EAX4 Unified Redist
Express Burn
ExtractNow
GameSpot Download Manager
Google Earth
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 11
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LimeWire PRO 4.16.6
Macromedia Shockwave Player
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
mIWA
MixPad
mLogView
mMHouse
Modem Helper
MP3 Cutter 1.2
mPfMgr
mPfWiz
mProSafe
MSAC-USM1
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
My Way Search Assistant
mZConfig
nanoPEG-Editor 2.3 Hauppauge Edition
Network Stumbler 0.4.0 (remove only)
NVIDIA Drivers
PCFriendly
PowerDVD 5.3
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
swiynfj
The Sims 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VeohTV BETA
Viewpoint Media Player
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WindowsÓÅ»¯´óʦ
WinRAR archiver
XP Antispyware 2009
ZSMC USB PC Camera

==== Event Viewer Messages ===================

11/22/2008 7:57:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/27/2008 10:31:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'brastk.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/29/2008 10:27:55 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

==== End Of File ===========================
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » December 1st, 2008, 8:20 pm

Hi Lido

On your clean computer with Internet access do the following:

Flash_Disinfector
  • Download Flash_Disinfector here and save it to your desktop.
  • Double click to run it
  • You will be prompted to plug in your USB drive. Plug it in
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Once this is done download the following & save to your flashdrive:

Combofix
Link 1
Link 2
Link 3

Malwarebytes' Anti-Malware
mbam-setup.exe

Plug your flash drive into the infected computer & transfer mbam-setup.exe & ComboFix.exe to the Desktop.

Malwarebytes' Anti-Malware
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.


Combofix
**It is IMPORTANT that ComboFix.exe is saved directly to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
    The ones that need to be closed/disabled are:
    Trend Micro | AdAware | Spybot - Search & Destroy
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply along with a new HijackThis log
.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
Malwarebytes log
Combofix log
New HijackThis log (if possible)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » December 6th, 2008, 12:37 am

MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/5/2008 10:51:45 PM
mbam-log-2008-12-05 (22-51-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239263
Time elapsed: 2 hour(s), 1 minute(s), 9 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 3
Registry Keys Infected: 23
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 104

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\dqzezixw\pkpypkxq.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\dqzezixw\pkpypkxq.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\XP_Antispyware\XP_Antispyware.exe (Rogue.XPAntiSpyware) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\XP_Antispyware\htmlayout.dll (Rogue.AntivirusPro2009) -> Delete on reboot.
C:\Program Files\XP_Antispyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\Program Files\XP_Antispyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2E5A65BB-B055-C0DD-0118-09975F2EE086} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0047209 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\straplcmd (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\za6bww5oag (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Start Menu\Programs\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\uqbjlwd\StrAplCmd.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\dqzezixw\pkpypkxq.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\XP_Antispyware\htmlayout.dll (Rogue.AntivirusPro2009) -> Delete on reboot.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\wscui.cpl (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> Delete on reboot.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Start Menu\Programs\XP_Antispyware\Uninstall.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Start Menu\Programs\XP_Antispyware\XP_Antispyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swiynfj_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\swiynfj_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sloane\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

************************
COMBOLOG

ComboFix 08-12-05.02 - Charles 2008-12-05 23:06:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.673 [GMT -5:00]
Running from: c:\documents and settings\Charles\Desktop\ComboFix2.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin12.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin13.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin14.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin15.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMinZsMod6.zip
c:\documents and settings\Sloane\Cookies\akewanany.com
c:\documents and settings\Sloane\Cookies\cutib.com
c:\documents and settings\Sloane\Cookies\deqymis._dl
c:\documents and settings\Sloane\Cookies\fatirojij.bin
c:\documents and settings\Sloane\Cookies\tedoteg._sy
c:\documents and settings\Sloane\Cookies\xojemo.db
c:\documents and settings\Sloane\Cookies\xumepe.db
c:\documents and settings\Sloane\Cookies\zyqyt.db
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\cijyhehax.dat
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\ipotyved._dl
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\jadyl.sys
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\purevejaty._dl
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\ugenybi.scr
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\usamemoge.bin
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\vafan._dl
c:\documents and settings\Sloane\Local Settings\Temporary Internet Files\wepurom.com
c:\documents and settings\Sydney\Cookies\unebygewu.dat
c:\documents and settings\Sydney\Local Settings\Temporary Internet Files\fego.reg
c:\documents and settings\Sydney\Local Settings\Temporary Internet Files\ubivanely.vbs
c:\program files\livestream
c:\program files\livestream\img\p2e_1_3.bmp
c:\program files\livestream\img\p2e_2_3.bmp
c:\program files\livestream\img\p2e_3_3.bmp
c:\program files\livestream\img\p2e_go_3.bmp
c:\program files\livestream\img\p2e_logo_2.bmp
c:\program files\livestream\p2e\p2e_1.206.1.htm
c:\program files\livestream\p2e\p2eredir.htm
c:\windows\Downloaded Program Files.\cnsdtu.cab
c:\windows\Downloaded Program Files.\CnsDtu.dll
c:\windows\Downloaded Program Files\sms.ico
c:\windows\Downloaded Program Files\taobao.ico
c:\windows\Downloaded Program Files\yahoomsg.ico
c:\windows\Downloaded Program Files\ymail.ico
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\documents and settings\Charles\Application Data\Malwarebytes
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 20:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 20:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 11:26 . 2008-11-27 11:26 <DIR> d-------- c:\program files\Trend Micro
2008-11-11 18:37 . 2008-11-11 18:37 13,270 --a------ c:\program files\Common Files\gipelyq.dat
2008-11-07 05:54 . 2008-11-07 05:54 11,189 --a------ c:\windows\suzohyc.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 03:55 --------- d-----w c:\program files\uqbjlwd
2008-12-06 03:51 --------- d-----w c:\program files\MSN Messenger
2008-12-06 03:51 --------- d-----w c:\documents and settings\All Users\Application Data\dqzezixw
2008-11-30 05:22 --------- d-----w c:\documents and settings\Sloane\Application Data\LimeWire
2008-11-02 23:16 19,276 ----a-w c:\windows\tydyrex.scr
2008-11-02 23:16 18,457 ----a-w c:\program files\Common Files\ipiseh._sy
2008-11-02 23:16 13,799 ----a-w c:\windows\asuviwaky.bat
2008-11-02 23:16 13,625 ----a-w c:\program files\Common Files\qivi.lib
2008-11-02 23:16 12,716 ----a-w c:\documents and settings\Sloane\Application Data\ujowo.pif
2008-11-02 23:16 11,939 ----a-w c:\documents and settings\Sloane\Application Data\sito.scr
2008-11-02 23:16 11,835 ----a-w c:\documents and settings\Sloane\Application Data\ifydihy.dll
2008-11-02 23:16 10,833 ----a-w c:\windows\vuqogeg.reg
2008-10-31 04:31 19,804 ----a-w c:\documents and settings\Sloane\Application Data\uxaholicaz.scr
2008-10-31 04:31 18,272 ----a-w c:\documents and settings\All Users\Application Data\tufumicyro.scr
2008-10-31 04:31 17,162 ----a-w c:\documents and settings\Sloane\Application Data\edikuryko.sys
2008-10-31 04:31 16,938 ----a-w c:\windows\zebumu.bin
2008-10-31 04:31 15,127 ----a-w c:\windows\ruquqogavi.reg
2008-10-31 04:31 13,803 ----a-w c:\documents and settings\All Users\Application Data\zaryquzaw.com
2008-10-31 04:31 12,495 ----a-w c:\documents and settings\All Users\Application Data\wukedy.pif
2008-10-31 04:31 11,053 ----a-w c:\program files\Common Files\gaveju.reg
2008-10-31 04:31 10,507 ----a-w c:\windows\zilucoka.exe
2008-10-31 00:30 15,021 ----a-w c:\program files\Common Files\hije.dat
2008-10-29 22:03 17,338 ----a-w c:\program files\Common Files\lyza.ban
2008-10-29 22:03 16,749 ----a-w c:\documents and settings\Sydney\Application Data\boca.dll
2008-10-29 22:03 16,358 ----a-w c:\windows\tadame.exe
2008-10-29 22:03 14,939 ----a-w c:\windows\wixodocyw.bat
2008-10-29 22:03 14,328 ----a-w c:\windows\potumab.vbs
2008-10-29 22:03 14,029 ----a-w c:\windows\wyfateho.bin
2008-10-29 22:03 12,089 ----a-w c:\windows\xuzog.bat
2008-10-29 22:03 10,714 ----a-w c:\program files\Common Files\setukaz.db
2008-10-28 05:18 19,627 ----a-w c:\documents and settings\All Users\Application Data\egafemedix.vbs
2008-10-28 05:18 19,340 ----a-w c:\program files\Common Files\howyho._sy
2008-10-28 05:18 17,542 ----a-w c:\windows\yromy.bin
2008-10-28 05:18 15,515 ----a-w c:\documents and settings\Sloane\Application Data\mapijunyc.exe
2008-10-28 05:18 14,571 ----a-w c:\windows\ecapeza.reg
2008-10-28 05:18 14,447 ----a-w c:\program files\Common Files\mobe._sy
2008-10-28 05:18 12,638 ----a-w c:\windows\silylovihe.com
2008-10-28 05:18 12,627 ----a-w c:\documents and settings\Sloane\Application Data\zuhyc.reg
2008-10-28 05:18 12,477 ----a-w c:\documents and settings\All Users\Application Data\ybakivymu.sys
2008-10-28 05:18 11,723 ----a-w c:\windows\eremis.bat
2008-10-27 02:01 --------- d-----w c:\program files\SecondLife
2008-10-25 02:02 --------- d-----w c:\documents and settings\Sloane\Application Data\AdobeUM
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 10:20 --------- d-----w c:\documents and settings\Sydney\Application Data\AdobeUM
2008-10-06 21:29 --------- d-----w c:\documents and settings\Sydney\Application Data\LimeWire
2008-09-10 20:33 30,776 -c--a-w c:\documents and settings\Sydney\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 01:52 30,776 -c--a-w c:\documents and settings\Sloane\Application Data\GDIPFONTCACHEV1.DAT
2007-10-13 14:19 60,968 ----a-w c:\documents and settings\Charles\GoToAssistDownloadHelper.exe
2007-01-06 07:11 1 -c--a-w c:\documents and settings\Sloane\SI.bin
2005-06-17 07:57 774,144 -c--a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"UMonit"="c:\windows\system32\umonit.exe" [2004-05-11 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 180269]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

c:\documents and settings\Sloane\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GDM_TrayApp.exe [2007-05-09 237568]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [2007-05-09 700416]
S3 cdspacex;cdspacex;c:\windows\system32\DRIVERS\CDSPACEX.sys []
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-07-13 6656]
S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\DRIVERS\TwoRabts.sys []
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\DRIVERS\w600bus.sys []
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w600mdfl.sys []
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\w600mdm.sys []
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\w600mgmt.sys []
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w600obex.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 23:17:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe??ed1&Pid_8?????VID808?????Uf?C?USB\RO8???UB?0???????????????????????????w?U??????????tq7?l??????|p??|????m??|C??w?????????Uf?B$?|???w???w*?,??Uf????????????????????????????????w????????????tq7?????T?????7?????tq7???????=????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Real\RealPlayer\realplay.exe
.
**************************************************************************
.
Completion time: 2008-12-05 23:20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 04:20:11

Pre-Run: 3,264,581,632 bytes free
Post-Run: 4,820,348,928 bytes free

233 --- E O F --- 2008-11-12 01:14:11

***************************
HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:26 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk870BYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7321 bytes
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » December 6th, 2008, 10:13 am

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire PRO 4.16.6

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs that may be installed.
When finished post a new Uninstall here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » December 7th, 2008, 10:52 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:50 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk870BYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » December 7th, 2008, 11:07 pm

Hi Lido

Could I see new Uninstall list as well please?

Thanks
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby jmw3 » December 11th, 2008, 8:43 am

Do you still need assistance with this?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: XPAntispyware2009 has me totally blocked

Unread postby Lido » December 15th, 2008, 1:19 am

Uninstall List:

Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AGEIA PhysX v2.3.3
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Advanced Control Suite 2
Cisco Systems VPN Client 4.6.04.0043
Conexant D110 MDC V.92 Modem
DAEMON Tools
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell ResourceCD
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Converter
Drive Manager
Drive Manager
EAX4 Unified Redist
Express Burn
ExtractNow
GameSpot Download Manager
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 11
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mHlpDell
Lido
Regular Member
 
Posts: 31
Joined: December 22nd, 2006, 8:54 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 161 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware