Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browsers NOT working

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browsers NOT working

Unread postby billyboy90210 » January 2nd, 2009, 1:39 am

Hi,

i am a new member and this is the first time im seeking help through this forum. i have windows xp professional service pack 2.
i use NOD32 anti virus. problem started when i downloaded something and my antivirus detected virus/trojan and i removed it by deleting it. since then my browsers dont work at all. meaning when i double click them they dont respond. on task manager they show activity but dont respond. only way i can get them to work is click on them as soon as windows loads. if i dont do it fast, they dont respond. i have tried reinstalling them but doesnt work. i have downloaded another browser but same thing happens. i use internet explorer and mozilla fire fox. and shut down on my computer takes ages.

i would really appreciate your help. thanks

here is my latest HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:16 AM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Bilal\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: mss.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe (file missing)

--
End of file - 5016 bytes
billyboy90210
Active Member
 
Posts: 3
Joined: January 2nd, 2009, 1:10 am
Advertisement
Register to Remove

Re: Browsers NOT working

Unread postby silver » January 7th, 2009, 2:41 am

Hi billyboy90210,

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c dir "C:\mss.dll" /a /s >> "%userprofile%\desktop\look.txt" 2>>&1
A black box will open and a file will appear on your Desktop called look.txt.
Please wait until the black box closes before opening it, and post the contents in your next response.

------------------------------------------------------------------------

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

------------------------------------------------------------------------

Once complete, please post the look.txt output and both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Browsers NOT working

Unread postby billyboy90210 » January 9th, 2009, 1:00 am

i've been doning some workings of my own. here's my HijackThis Log updated.
can you kindly check if this needs the same working as the .dll file doesnot appear any more.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:45 AM, on 1/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Bilal\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5112 bytes
billyboy90210
Active Member
 
Posts: 3
Joined: January 2nd, 2009, 1:10 am

Re: Browsers NOT working

Unread postby silver » January 9th, 2009, 1:06 am

Yes, please follow the instructions as posted, also tell me what you have done since the original log was posted.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Browsers NOT working

Unread postby billyboy90210 » January 9th, 2009, 1:39 am

i cleaned all my temporary internet files and cookies with ATF Cleaner by Atribune.

then i used Malwarebytes Anti-Malware and did a quick scan with that. a registry key was infected which i fixed through the program.

and then from my HijackThis program i fixed "O20 - AppInit_DLLs: mss.dll"

here are the logs u ask me to post.

Volume in drive C has no label.
Volume Serial Number is 94E6-9043
File Not Found


and from RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bilal at 2009-01-09 10:38:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 23 GB (60%) free of 38 GB
Total RAM: 1014 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:23 AM, on 1/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Bilal\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bilal\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bilal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5125 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\NSSstub.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
"ACU"=C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"=C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe [2009-01-06 181624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2007-10-26 4354048]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-12-20 3065344]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-24 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
""=":*:Enabled:Windows Service Processor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07c5777a-b566-11dd-aa0d-aa7f45eceee0}]
shell\AutoRun\command - G:\0w.com
shell\explore\command - G:\0w.com
shell\open\command - G:\0w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b6980b-b626-11dd-aa0f-00197da6a8de}]
shell\AutoRun\command - G:\0w.com
shell\explore\command - G:\0w.com
shell\open\command - G:\0w.com


======List of files/folders created in the last 1 months======

2009-01-09 10:38:21 ----D---- C:\rsit
2009-01-09 09:36:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-06 17:10:47 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-01-06 17:10:47 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-06 17:10:32 ----D---- C:\WINDOWS\system32\Adobe
2009-01-06 10:07:16 ----D---- C:\ComboFix
2009-01-05 09:49:13 ----D---- C:\Documents and Settings\Bilal\Application Data\Malwarebytes
2009-01-05 09:49:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 09:49:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-03 16:48:51 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-01-03 16:48:51 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-01-03 16:48:51 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-01-03 16:48:51 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-01-03 16:48:51 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-01-03 16:48:51 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-31 16:53:10 ----D---- C:\Program Files\PartyGaming
2008-12-31 11:10:54 ----D---- C:\Program Files\a-squared Free
2008-12-30 17:45:59 ----SHD---- C:\RECYCLER
2008-12-30 17:20:40 ----D---- C:\WINDOWS\temp
2008-12-30 17:20:39 ----A---- C:\ComboFix.txt
2008-12-30 17:14:33 ----A---- C:\Boot.bak
2008-12-30 17:14:28 ----RASHD---- C:\cmdcons
2008-12-30 17:08:18 ----D---- C:\WINDOWS\ERDNT
2008-12-30 16:43:21 ----D---- C:\Program Files\Trend Micro
2008-12-29 11:41:56 ----D---- C:\Documents and Settings\Bilal\Application Data\SUPERAntiSpyware.com
2008-12-26 02:36:16 ----D---- C:\Documents and Settings\Bilal\Application Data\dvdcss
2008-12-20 14:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-20 12:50:04 ----D---- C:\Documents and Settings\Bilal\Application Data\Google
2008-12-20 12:44:25 ----D---- C:\WINDOWS\WBEM
2008-12-20 12:44:24 ----D---- C:\WINDOWS\system32\en-US
2008-12-20 12:42:44 ----HDC---- C:\WINDOWS\ie7
2008-12-20 12:42:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-20 12:41:52 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-20 12:41:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-20 12:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-20 12:41:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-20 12:41:03 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-20 12:23:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-20 12:23:26 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-12-20 12:23:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-20 12:23:07 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2008-12-20 12:22:57 ----D---- C:\Program Files\Google
2008-12-20 12:22:57 ----D---- C:\Program Files\DAP
2008-12-20 11:21:34 ----RA---- C:\WINDOWS\system32\igfxres.dll
2008-12-20 11:19:36 ----D---- C:\WINDOWS\Prefetch
2008-12-20 11:13:07 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-20 11:05:41 ----A---- C:\WINDOWS\pnplog.txt
2008-12-20 11:01:53 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-20 11:01:53 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-20 11:01:32 ----RA---- C:\WINDOWS\SET3A.tmp
2008-12-20 11:01:29 ----RA---- C:\WINDOWS\SET2E.tmp
2008-12-20 11:01:27 ----RA---- C:\WINDOWS\SET2B.tmp
2008-12-20 10:49:52 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-12-20 10:49:47 ----D---- C:\WINDOWS\setup.pss
2008-12-19 14:31:51 ----D---- C:\Documents and Settings\Bilal\Application Data\IDM
2008-12-19 12:24:48 ----D---- C:\Program Files\IDM Computer Solutions

======List of files/folders modified in the last 1 months======

2009-01-09 09:56:57 ----D---- C:\WINDOWS
2009-01-09 09:56:40 ----SHD---- C:\WINDOWS\Installer
2009-01-09 09:56:39 ----RD---- C:\Program Files
2009-01-09 09:56:34 ----SD---- C:\WINDOWS\Tasks
2009-01-09 09:52:20 ----D---- C:\Program Files\Mozilla Firefox
2009-01-09 09:36:50 ----D---- C:\Program Files\Common Files
2009-01-09 09:34:55 ----D---- C:\WINDOWS\system32
2009-01-09 09:34:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-09 09:30:37 ----D---- C:\WINDOWS\system32\Lang
2009-01-09 08:33:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-08 03:30:21 ----D---- C:\Documents and Settings\Bilal\Application Data\uTorrent
2009-01-07 23:35:34 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-06 17:13:30 ----D---- C:\Documents and Settings\Bilal\Application Data\Adobe
2009-01-06 10:07:32 ----SHD---- C:\System Volume Information
2009-01-06 10:07:32 ----D---- C:\WINDOWS\system32\Restore
2009-01-05 22:20:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 12:49:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-05 09:56:29 ----D---- C:\WINDOWS\system32\drivers
2009-01-03 16:48:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-31 13:14:26 ----D---- C:\Program Files\Internet Explorer
2008-12-30 17:30:53 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-30 17:19:57 ----A---- C:\WINDOWS\system.ini
2008-12-30 17:19:17 ----D---- C:\WINDOWS\AppPatch
2008-12-30 17:14:33 ----RASH---- C:\boot.ini
2008-12-29 11:50:33 ----A---- C:\WINDOWS\imsins.BAK
2008-12-28 20:09:24 ----HD---- C:\WINDOWS\inf
2008-12-20 15:59:04 ----D---- C:\WINDOWS\system32\Setup
2008-12-20 15:59:04 ----D---- C:\WINDOWS\system
2008-12-20 15:58:52 ----D---- C:\WINDOWS\system32\usmt
2008-12-20 15:58:24 ----D---- C:\WINDOWS\mui
2008-12-20 15:58:23 ----D---- C:\WINDOWS\ime
2008-12-20 15:58:23 ----D---- C:\WINDOWS\ehome
2008-12-20 15:58:21 ----RSD---- C:\WINDOWS\Fonts
2008-12-20 15:58:06 ----D---- C:\WINDOWS\PeerNet
2008-12-20 15:57:49 ----D---- C:\WINDOWS\system32\npp
2008-12-20 15:57:37 ----D---- C:\WINDOWS\msagent
2008-12-20 15:54:56 ----D---- C:\WINDOWS\twain_32
2008-12-20 15:54:39 ----D---- C:\WINDOWS\system32\icsxml
2008-12-20 15:54:02 ----D---- C:\WINDOWS\system32\1033
2008-12-20 15:52:40 ----D---- C:\WINDOWS\WinSxS
2008-12-20 15:52:40 ----D---- C:\WINDOWS\Driver Cache
2008-12-20 13:27:46 ----D---- C:\WINDOWS\security
2008-12-20 12:46:01 ----D---- C:\WINDOWS\Help
2008-12-20 12:44:13 ----D---- C:\WINDOWS\Media
2008-12-20 11:21:55 ----D---- C:\WINDOWS\Registration
2008-12-20 11:21:13 ----A---- C:\WINDOWS\setuplog.txt
2008-12-20 11:19:05 ----D---- C:\WINDOWS\system32\config
2008-12-20 11:14:12 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-20 11:14:06 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-20 11:13:41 ----D---- C:\WINDOWS\system32\ias
2008-12-20 11:13:11 ----RD---- C:\WINDOWS\Web
2008-12-20 11:13:01 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-20 11:12:48 ----A---- C:\WINDOWS\win.ini
2008-12-20 11:12:43 ----D---- C:\WINDOWS\system32\oobe
2008-12-20 11:11:54 ----D---- C:\WINDOWS\system32\Com
2008-12-20 11:11:25 ----D---- C:\Program Files\Messenger
2008-12-20 11:11:23 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 11:01:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-20 11:01:35 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-19 14:36:10 ----D---- C:\Documents and Settings\Bilal\Application Data\DMCache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-18 17801]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 b57w2k;BCM5701 Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-08-17 96640]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-08-23 3584]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.05 2009-01-09 10:38:24

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
101 MP3 Splitter & Joiner V3.1-->C:\PROGRA~1\101MP3~1\UNWISE.EXE C:\PROGRA~1\101MP3~1\INSTALL.LOG
Absolute MP3 Splitter version 2.7.1-->"C:\Program Files\Absolute MP3 Splitter\unins000.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Premiere Pro-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Atheros Client Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92F31257-15BA-46EE-887D-3C18C0790ACE}\Setup.exe" -l0x9 -removeonly
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Plus 1.0-->C:\WINDOWS\iun506.exe d:\Media Plus\irunin.ini
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Splitter & Joiner Pro 4.21-->"C:\Program Files\MP3 Splitter & Joiner Pro\unins000.exe"
Nero 8 Lite 8.1.1.0-->"C:\Program Files\Nero\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SRS Audio Sandbox-->MsiExec.exe /X{00029EB7-E72E-4E78-88A5-D0BB7D917433}
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"

=====HijackThis Backups=====

O20 - AppInit_DLLs: mss.dll

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: STARCOM-F87009B
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{954415BC-C8C7-4566-9C4A-ABA3C7D2CDA3} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 2175
Source Name: Tcpip
Time Written: 20081206093922.000000+300
Event Type: information
User:

Computer Name: STARCOM-F87009B
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 2174
Source Name: Service Control Manager
Time Written: 20081206093921.000000+300
Event Type: information
User:

Computer Name: STARCOM-F87009B
Event Code: 7035
Message: The SASENUM service was successfully sent a start control.

Record Number: 2173
Source Name: Service Control Manager
Time Written: 20081206093916.000000+300
Event Type: information
User: STARCOM-F87009B\Bilal

Computer Name: STARCOM-F87009B
Event Code: 7036
Message: The Computer Browser service entered the stopped state.

Record Number: 2172
Source Name: Service Control Manager
Time Written: 20081206093916.000000+300
Event Type: information
User:

Computer Name: STARCOM-F87009B
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 2171
Source Name: Service Control Manager
Time Written: 20081206093916.000000+300
Event Type: information
User:

Application event log

Computer Name: STARCOM-F87009B
Event Code: 1000
Message: Faulting application avp.exe, version 6.0.3.837, faulting module unknown, version 0.0.0.0, fault address 0x00000001.

Record Number: 155
Source Name: Application Error
Time Written: 20081119161327.000000+300
Event Type: error
User:

Computer Name: STARCOM-F87009B
Event Code: 4097
Message: The application, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe, generated an application error
The error occurred on 11/19/2008 @ 16:13:04.281
The exception generated was c0000005 at address 00000001 (<nosymbols>)

Record Number: 154
Source Name: DrWatson
Time Written: 20081119161304.000000+300
Event Type: information
User:

Computer Name: STARCOM-F87009B
Event Code: 1000
Message: Faulting application avp.exe, version 6.0.3.837, faulting module unknown, version 0.0.0.0, fault address 0x00000001.

Record Number: 153
Source Name: Application Error
Time Written: 20081119161254.000000+300
Event Type: error
User:

Computer Name: STARCOM-F87009B
Event Code: 4097
Message: The application, C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe, generated an application error
The error occurred on 11/19/2008 @ 16:12:26.046
The exception generated was c0000005 at address 00000001 (<nosymbols>)

Record Number: 152
Source Name: DrWatson
Time Written: 20081119161226.000000+300
Event Type: information
User:

Computer Name: STARCOM-F87009B
Event Code: 1000
Message: Faulting application avp.exe, version 6.0.3.837, faulting module unknown, version 0.0.0.0, fault address 0x00000001.

Record Number: 151
Source Name: Application Error
Time Written: 20081119161223.000000+300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
billyboy90210
Active Member
 
Posts: 3
Joined: January 2nd, 2009, 1:10 am

Re: Browsers NOT working

Unread postby silver » January 9th, 2009, 4:20 am

Hi billyboy90210,

Please open Start->Control Panel->Add/Remove Programs, and remove the following:
SoulSeek Client 156c
ESET NOD32 Antivirus
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
SoulSeek needs to be removed as site policy is to require users to remove all P2P programs as part of cleaning.

The NOD32 installation you have is cracked and illegal. Please download one of these free replacements, uninstall NOD32 and it's associated crack, then install the replacement:
Antivir: http://www.free-av.com/
Avast!: http://www.avast.com/eng/download-avast-home.html

You have DAP installed on your system, it is not technically malware but the free version is ad supported and not recommended.
A safe, ad-free alternative is wxDownloadfast
You can remove DAP via Start->Control Panel->Add/Remove Programs.

Party Poker has been reported as being malware-related so I strongly recommend you remove it.
To do so, uninstall PartyPoker via Add/Remove Programs

------------------------------------------------------------------------

Your drive G: (probably a removable storage device) appears to have been infected by a worm, do you know what this drive letter is? If so, please make sure it and any other flash drives are on hand for the next step:

Download Flash_Disinfector to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
  • You will be prompted to plug in your flash drive(s) - please do so
  • When the program is finished a message box will appear - click OK and your desktop should now appear.
  • If it doesn't, press Ctrl + Shift + Esc to open Task Manager, type in explorer.exe and press Enter - your desktop should now appear.

------------------------------------------------------------------------

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

If you removed DAP and/or Party Poker, and the following lines are still present, please remove them as appropriate:
DAP:
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
Party Poker:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Backup Your Registry:
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

------------------------------------------------------------------------

Please download OTMoveIt3 by OldTimer to your Desktop (right-click the link, select Save Target As…, select your Desktop and press Save)
  • Double-click OTMoveIt3.exe to start the program.
  • Copy the lines in the OTMoveIt script below to the clipboard by highlighting ALL of it and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
    OTMoveIt Script:
    Code: Select all
    :Services
    NOD32FiXTemDono
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    "C:\Program Files\Soulseek\slsk.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07c5777a-b566-11dd-aa0d-aa7f45eceee0}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63b6980b-b626-11dd-aa0f-00197da6a8de}]
    :Files
    C:\Program Files\Intelinet
    C:\Documents and Settings\Bilal\Application Data\uTorrent
    c:\0w.com /s
  • Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTMoveIt3

------------------------------------------------------------------------

Please make a new RSIT log:
  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, one file will open log.txt
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt in your next response

------------------------------------------------------------------------

Now please open Malwarebytes Antimalware, choose the Logs tab and locate the log of the cleaning scan you performed.
Please post the contents of this log along with the OTMoveIt report and the new RSIT report in your next response.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Browsers NOT working

Unread postby silver » January 11th, 2009, 8:24 pm

How are you getting on?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Browsers NOT working

Unread postby silver » January 14th, 2009, 9:12 pm

Due to a Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 329 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware