Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware, Spyware and all slowing down computer too much

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware, Spyware and all slowing down computer too much

Unread postby Negash » November 16th, 2008, 4:56 pm

Hello, This laptop is giving a lot problems. It is too slow and lots of pop up coming on. Avg is not helping that much but i saw some virus. At first i download hijack this and then try to install but computer will not install. I deleted and downloaded hijack this and tried again not working. Friend suggest to do system restore but said sometimes that doesnot help still. I did restore system to original and now i can install hijack this but i still there is malware when i scan ....
THe report for hijack is here

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:45 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4674 bytes
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm
Advertisement
Register to Remove

Re: Malware, Spyware and all slowing down computer too much

Unread postby peku006 » November 19th, 2008, 11:03 am

Hello and welcome to Malware Removal.

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

For general slowness, see here

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware, Spyware and all slowing down computer too much

Unread postby Negash » November 20th, 2008, 9:29 pm

hello;
Ok i did every step now here it is
#1
RSIT
log file
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-20 20:24:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 40 GB (75%) free of 53 GB
Total RAM: 478 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:19 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4770 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\McAfee AntiSpyware.job
C:\WINDOWS\tasks\McAfee.com Update Check (NEGASH-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-C1B6BA4D46-Owner).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 390256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2005-03-15 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-03-19 78960]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-08-12 102400]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-08-12 684032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-27 98304]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2004-08-17 245760]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2004-10-02 184320]
"_AntiSpyware"=C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe [2004-10-19 114688]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"=C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll [2004-10-19 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"

======List of files/folders created in the last 1 months======

2008-11-20 20:24:13 ----D---- C:\rsit
2008-11-16 15:46:33 ----D---- C:\Program Files\Trend Micro
2008-11-03 13:54:39 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-11-03 13:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-03 13:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-03 13:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-03 13:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-03 13:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-03 13:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-03 13:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-03 13:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-03 13:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-03 13:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-03 13:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-03 13:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-03 13:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-03 13:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-03 13:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-03 13:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-03 13:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-03 13:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-03 13:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-03 13:21:19 ----D---- C:\Program Files\MSXML 4.0
2008-11-03 13:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-03 13:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-30 03:09:23 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-30 03:00:28 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-30 03:00:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-30 03:00:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-30 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-30 03:00:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-29 01:53:04 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-29 01:40:26 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-29 01:40:12 ----A---- C:\WINDOWS\ModemLog_Conexant SoftK56 Data Fax Modem.txt
2008-10-29 01:07:48 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-10-29 01:06:23 ----D---- C:\Program Files\Bonjour
2008-10-29 01:06:09 ----D---- C:\Program Files\Apple Software Update
2008-10-29 01:06:09 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-29 00:58:35 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-27 17:50:48 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-10-27 16:50:15 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-27 16:50:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 16:50:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 16:49:10 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-10-27 16:39:41 ----SHD---- C:\RECYCLER
2008-10-27 16:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-27 16:38:29 ----D---- C:\Program Files\CyberLink
2008-10-27 16:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-27 16:38:16 ----D---- C:\Program Files\McAfee
2008-10-27 16:38:16 ----D---- C:\Program Files\Common Files\McAfee
2008-10-27 16:38:16 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2008-10-27 16:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-10-27 16:37:47 ----D---- C:\Program Files\McAfee.com
2008-10-27 16:37:47 ----A---- C:\WINDOWS\system32\mcinsctl.dll
2008-10-27 16:37:47 ----A---- C:\WINDOWS\system32\mcgdmgr.dll
2008-10-27 16:37:33 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-27 16:36:08 ----D---- C:\WINDOWS\RegisteredPackages
2008-10-27 16:35:53 ----D---- C:\Program Files\Gateway
2008-10-27 16:35:01 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-27 16:34:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-27 16:34:56 ----D---- C:\Program Files\Analog Devices
2008-10-27 16:34:56 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-10-27 16:34:56 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-10-27 16:34:04 ----D---- C:\Documents and Settings\Owner\Application Data\SampleView
2008-10-27 16:33:29 ----A---- C:\WINDOWS\system32\Marker32.exe
2008-10-27 16:33:21 ----A---- C:\WINDOWS\wallpg.exe
2008-10-27 16:33:13 ----A---- C:\WINDOWS\POWERCFG.EXE
2008-10-27 16:30:39 ----D---- C:\Program Files\Microsoft Picture It! 9
2008-10-27 16:30:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-27 16:29:57 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2008-10-27 16:29:57 ----A---- C:\WINDOWS\system32\SynTPCoI.dll
2008-10-27 16:29:57 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2008-10-27 16:29:57 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2008-10-27 16:29:57 ----A---- C:\WINDOWS\system32\SynCOM.dll
2008-10-27 16:29:56 ----D---- C:\Program Files\Synaptics
2008-10-27 16:29:54 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-27 16:29:39 ----D---- C:\Program Files\BigFix
2008-10-27 16:29:39 ----A---- C:\WINDOWS\BigFixClientOverride.dll
2008-10-27 16:29:22 ----N---- C:\WINDOWS\UNNeroBurnRights.exe
2008-10-27 16:29:22 ----A---- C:\WINDOWS\system32\NeroCo.dll
2008-10-27 16:28:37 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2008-10-27 16:28:36 ----A---- C:\WINDOWS\system32\picn20.dll
2008-10-27 16:28:36 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2008-10-27 16:28:36 ----A---- C:\WINDOWS\system32\imagx5.dll
2008-10-27 16:28:36 ----A---- C:\WINDOWS\system32\imagr5.dll
2008-10-27 16:28:35 ----D---- C:\Program Files\Common Files\Ahead
2008-10-27 16:28:35 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2008-10-27 16:28:32 ----D---- C:\Program Files\Ahead
2008-10-27 16:28:24 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-10-27 16:28:23 ----A---- C:\WINDOWS\unvise32qt.exe
2008-10-27 16:28:20 ----D---- C:\Program Files\AOL Companion
2008-10-27 16:28:13 ----A---- C:\WINDOWS\system32\vbar332.dll
2008-10-27 16:28:13 ----A---- C:\WINDOWS\system32\SimpleRegistry.dll
2008-10-27 16:28:13 ----A---- C:\WINDOWS\system32\Msstdfmt.dll
2008-10-27 16:28:13 ----A---- C:\WINDOWS\system32\aamd532.dll
2008-10-27 16:28:11 ----D---- C:\Program Files\Pure Networks
2008-10-27 16:28:11 ----D---- C:\Program Files\Learn2.com
2008-10-27 16:28:10 ----D---- C:\WINDOWS\occache
2008-10-27 16:28:09 ----D---- C:\Program Files\Viewpoint
2008-10-27 16:28:09 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-27 16:28:06 ----A---- C:\WINDOWS\system32\shdocvw.bak
2008-10-27 16:28:00 ----D---- C:\Program Files\AOL Toolbar
2008-10-27 16:26:09 ----D---- C:\WINDOWS\system32\QuickTime
2008-10-27 16:26:09 ----D---- C:\Program Files\QuickTime
2008-10-27 16:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-10-27 16:26:04 ----D---- C:\Program Files\Common Files\Nullsoft
2008-10-27 16:25:54 ----D---- C:\My Music
2008-10-27 16:25:51 ----D---- C:\Program Files\Real
2008-10-27 16:25:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-27 16:25:51 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-27 16:25:51 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-27 16:25:50 ----D---- C:\Program Files\Common Files\Real
2008-10-27 16:25:50 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-27 16:25:18 ----A---- C:\WINDOWS\system32\jgdwmie.dll
2008-10-27 16:25:14 ----A---- C:\WINDOWS\system32\roboex32.dll
2008-10-27 16:25:14 ----A---- C:\WINDOWS\system32\Inetwh32.dll
2008-10-27 16:24:51 ----A---- C:\WINDOWS\system32\AOLDial.dll
2008-10-27 16:24:48 ----D---- C:\Program Files\Common Files\aolshare
2008-10-27 16:24:45 ----D---- C:\Program Files\America Online 9.0
2008-10-27 16:24:45 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-10-27 16:22:34 ----D---- C:\Program Files\Common Files\AOL
2008-10-27 16:21:57 ----D---- C:\Program Files\Microsoft Money
2008-10-27 16:21:42 ----D---- C:\Program Files\MSN Encarta Plus
2008-10-27 16:21:30 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-27 16:21:30 ----A---- C:\WINDOWS\system32\java.exe
2008-10-27 16:21:16 ----D---- C:\Program Files\Java
2008-10-27 16:21:15 ----D---- C:\Program Files\Common Files\Java
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\PUBOLE32.DLL
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\ochlp30e.dll
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\msvcr70.dll
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\msvcp70.dll
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\msvci70.dll
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\msls2.dll
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\mfcuia32.dll
2008-10-27 16:20:55 ----RA---- C:\WINDOWS\system32\mfcans32.dll
2008-10-27 16:20:55 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-10-27 16:20:53 ----RA---- C:\WINDOWS\system32\Ltwvc11n.dll
2008-10-27 16:20:53 ----RA---- C:\WINDOWS\system32\ltfil11n.DLL
2008-10-27 16:20:53 ----A---- C:\WINDOWS\system32\LTKRN11N.DLL
2008-10-27 16:20:53 ----A---- C:\WINDOWS\system32\LTIMG11N.DLL
2008-10-27 16:20:53 ----A---- C:\WINDOWS\system32\LTDIS11n.dll
2008-10-27 16:20:52 ----RA---- C:\WINDOWS\system32\Lfpng11n.dll
2008-10-27 16:20:52 ----RA---- C:\WINDOWS\system32\lfgif11n.dll
2008-10-27 16:20:52 ----RA---- C:\WINDOWS\system32\hlp95en.dll
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFWMF11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFTIF11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFTGA11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFPSD11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFPCX11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFPCD11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFFAX11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFEPS11N.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFCMP11n.DLL
2008-10-27 16:20:52 ----A---- C:\WINDOWS\system32\LFBMP11N.DLL
2008-10-27 16:20:11 ----D---- C:\Program Files\Microsoft Works
2008-10-27 16:20:11 ----D---- C:\Program Files\Microsoft Office
2008-10-27 16:20:05 ----D---- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-10-27 16:20:03 ----D---- C:\Program Files\Common Files\New Boundary
2008-10-27 16:15:23 ----A---- C:\WINDOWS\system32\capicom.dll
2008-10-27 16:15:21 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-27 16:14:14 ----RSD---- C:\WINDOWS\assembly
2008-10-27 16:14:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-27 16:14:13 ----D---- C:\WINDOWS\system32\URTTemp
2008-10-27 16:12:13 ----D---- C:\Program Files\CONEXANT
2008-10-27 16:12:03 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-10-27 16:09:06 ----SHD---- C:\System Volume Information
2008-10-27 15:54:07 ----D---- C:\WINDOWS\creator
2008-10-27 15:53:54 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-27 15:53:54 ----A---- C:\WINDOWS\system32\HSFCI007.dll
2008-10-27 15:53:53 ----D---- C:\WINDOWS\SMINST
2008-10-27 15:53:05 ----RD---- C:\Program Files
2008-10-27 15:52:23 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-27 15:48:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-27 15:46:40 ----D---- C:\My Backup -- 27-10-08 1346

======List of files/folders modified in the last 1 months======

2008-11-20 20:24:15 ----D---- C:\WINDOWS\Prefetch
2008-11-20 20:05:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 19:40:39 ----D---- C:\WINDOWS\WinSxS
2008-11-20 19:40:21 ----SHD---- C:\WINDOWS\Installer
2008-11-20 19:37:13 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 19:21:25 ----A---- C:\WINDOWS\win.ini
2008-11-20 19:06:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-20 18:58:00 ----SD---- C:\WINDOWS\Tasks
2008-11-16 16:04:59 ----HD---- C:\WINDOWS\inf
2008-11-15 19:00:39 ----D---- C:\WINDOWS\Temp
2008-11-03 14:11:59 ----D---- C:\Program Files\Common Files
2008-11-03 13:57:26 ----D---- C:\WINDOWS
2008-11-03 13:56:30 ----D---- C:\WINDOWS\system32
2008-11-03 13:30:18 ----A---- C:\WINDOWS\imsins.BAK
2008-11-03 13:30:05 ----D---- C:\Program Files\Messenger
2008-11-03 13:24:45 ----D---- C:\WINDOWS\Registration
2008-11-03 13:24:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 13:23:47 ----D---- C:\Program Files\Internet Explorer
2008-10-30 03:32:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 03:09:23 ----D---- C:\WINDOWS\Debug
2008-10-29 01:41:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-29 01:00:00 ----A---- C:\WINDOWS\setuplog.txt
2008-10-29 00:58:54 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-29 00:58:54 ----D---- C:\WINDOWS\Help
2008-10-27 17:48:10 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-27 17:47:21 ----RASH---- C:\boot.ini
2008-10-27 17:34:19 ----D---- C:\WINDOWS\security
2008-10-27 16:49:43 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-10-27 16:39:47 ----D---- C:\WINDOWS\OPTIONS
2008-10-27 16:39:20 ----D---- C:\WINDOWS\system32\Restore
2008-10-27 16:39:16 ----D---- C:\WINDOWS\I386
2008-10-27 16:38:58 ----A---- C:\WINDOWS\system32\oeminfo.ini
2008-10-27 16:38:58 ----A---- C:\WINDOWS\system32\emver.ini
2008-10-27 16:37:41 ----D---- C:\Program Files\Windows Media Player
2008-10-27 16:33:21 ----D---- C:\Documents and Settings
2008-10-27 16:32:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-27 16:29:27 ----D---- C:\WINDOWS\system32\oobe
2008-10-27 16:20:56 ----RSD---- C:\WINDOWS\Fonts
2008-10-27 16:20:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-27 16:14:26 ----D---- C:\WINDOWS\system32\mui
2008-10-27 16:09:45 ----A---- C:\WINDOWS\system.ini
2008-10-27 15:56:45 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-26 341760]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-10-14 1043072]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-10-14 197120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-08-12 185664]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-07-13 67968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-10-14 679808]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner; C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe [2004-10-19 90112]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2008-10-27 172032]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2004-08-16 249856]

-----------------EOF-----------------

Info file

info.txt logfile of random's system information tool 1.04 2008-11-20 20:24:20

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee AntiSpyware-->MsiExec.exe /I{F39A74A0-FAE2-401C-AED1-1C941AA28EA8}
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoftK56 Data Fax Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F\HXFSETUP.EXE -U -Iask20305.inf
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#2

Malaware file
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2

11/20/2008 8:22:38 PM
mbam-log-2008-11-20 (20-22-38).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 112065
Time elapsed: 34 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Application Data\Facegame\Facegame.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\3nick568.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\TDSS5384.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\s298 (Adware.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\s2kg (Adware.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\mmmatt.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\g27.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\awtrQJCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\getsn32.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\smwin32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSshkx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\uesiuqcr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\wpv583.cpx (Adware.ISM) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\yaywwTnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\{9d8dbc83-57dd-26af-62f9-96a43911c332}.dll-uninst.exe (Adware.Vapsup) -> Quarantined and deleted successfully.


I hope everything is in order and correct. thank you
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm

Re: Malware, Spyware and all slowing down computer too much

Unread postby peku006 » November 21st, 2008, 5:37 am

Hi Negash

It seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - F-Secure Online Scan

  1. Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
  2. You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
  3. Click on Accept to accept the License Agreement.
  4. Click on Custom Scan.
    • Under Virus Scan Options, select the Scan whole system option.
    • Under Other Scan Options, select these options:
      • Scan all files
      • Scan whole system for rootkits
      • Scan whole system for spyware
      • Scan inside archives
      • Use advanced heuristics
  5. Click Start.
  6. It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
  7. Click on I want decide item by item.
  8. Under Actions, select None for all infections found.
  9. Click Next.
  10. Click on Show Report.
  11. Please copy and paste this report in your next reply.
  12. Click Finish.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the F-Secure Online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware, Spyware and all slowing down computer too much

Unread postby Negash » November 23rd, 2008, 2:29 pm

Hello;
I instal a new antivirus called Avira personal and it is working so far. But i have problem going on the F-secure scanner. I went on the website and did everything but after it downloads then start scanning i have an error. Error says to close scanner and browser and try again (Id: 12). SO i closed everything and tried still not working. I also installed new internet explorer too but still same error. It does not work with mozilla also. I don't know what to do so should still send the Hijackthis file?
Thank you
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm

Re: Malware, Spyware and all slowing down computer too much

Unread postby peku006 » November 23rd, 2008, 2:44 pm

Hi Negash
we can try kaspersky......

1 - Update Java

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
  • A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 10.

  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply,with a fresh Hijackthis log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware, Spyware and all slowing down computer too much

Unread postby peku006 » November 27th, 2008, 5:14 am

Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware, Spyware and all slowing down computer too much

Unread postby NonSuch » November 29th, 2008, 7:06 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 74 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware