Virus blocks me from Antivirus sites/updates

GunOA · 28th August 2008

Hi, I recently got a virus that blocks me from MOST antivirus and help sites. It also slows down my computer greatly. Also I am posting from a clean computer, because the infected one won't let me submit the post...

The only other detail I can give is that it came with other viruses, like the google redirect virus and fake antivirus background change.

This is my HijackThis log, the only reason I was able to DL this was from sending it from my other computer, so please note that I will require alternative download sites that aren't blocked or require extra time to send the programs from my clean computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:31 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Winamp5.1\winamp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Andy Lin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrit...lass/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrit...lass/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7317 bytes

Please help

Thanks!

**noahdfear** · 28th August 2008

Welcome to WindowsBBS GunOA

Unfortunately, there's nothing rogue showing in your log. Fortunately, we have another tool at our disposal that gives us a better look at things.

Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please post the contents of both logs here in your next reply.

GunOA · 29th August 2008

Hi, noahdfear and thanks for helping me.
Heres the log of RSIT.

Logfile of random's system information tool (written by random/random)
Run by Andy Lin at 2008-08-28 18:04:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 26 GB (34%) free of 78 GB
Total RAM: 2559 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:15 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy Lin\Desktop\RSIT.exe
C:\Documents and Settings\Andy Lin\Desktop\Andy Lin.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrit...lass/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrit...lass/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7405 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - blank []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-07-14 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-05-15 185784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe [2004-03-18 131072]
"nForce Tray Options"=sstray.exe /r []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2008-04-01 1271032]
"MilShieldSlave"=C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe [2008-04-15 747008]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-07-14 1232152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-04-24 288576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxs ervice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcore service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawser vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxs ervice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcore service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Upload Mgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e0 9be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\half-life\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Xfire\ua_lsp_inst.exe"="C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Ares Lite Edition\Ares.exe"="C:\Program Files\Ares Lite Edition\Ares.exe:*:Enabled:Ares"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Media Player Classic\mplayerc.exe"="C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\Andy Lin\Desktop\utorrent.exe"="C:\Documents and Settings\Andy Lin\Desktop\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Valve\Steam\SteamApps\rickytan77\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\rickytan77\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\half-life\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\team fortress classic\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\blewis2@cox.net\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\blewis2@cox.net\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\softnyx\GunBound\GunBound.gme"="C:\Program Files\softnyx\GunBound\GunBound.gme:*

isabled:GunBound"
"C:\Program Files\MAIET\Gunz\Gunz.exe"="C:\Program Files\MAIET\Gunz\Gunz.exe:*

isabled:Gunz"
"C:\Program Files\Wizet\Wizet\MapleStory\Patcher.exe"="C:\Program Files\Wizet\Wizet\MapleStory\Patcher.exe:*

isabled:Patcher MFC ?? ????"
"C:\Program Files\Wizet\Wizet\MapleStory\NewPatcher.exe"="C:\Program Files\Wizet\Wizet\MapleStory\NewPatcher.exe:*

isabled:Patcher MFC ?? ????"
"C:\Program Files\Softnyx\Rakion\Bin\Rakion.bin"="C:\Program Files\Softnyx\Rakion\Bin\Rakion.bin:*

isabled:Rakion"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\team fortress classic\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Sierra\Empire Earth II\EE2.exe"="C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II"
"C:\Program Files\Valve\Steam\SteamApps\csurmamacs\half-life\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\csurmamacs\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\poison_maniac\half-life\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\poison_maniac\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\poison_maniac\team fortress classic\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\poison_maniac\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe"="C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Crazy Browser\Crazy Browser.exe"="C:\Program Files\Crazy Browser\Crazy Browser.exe:*:Enabled:Crazy Browser"
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\day of defeat\hl.exe"="C:\Program Files\Steam\steamapps\auron305@yahoo.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\war master\half-life\hl.exe"="C:\Program Files\Steam\steamapps\war master\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\war master\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\war master\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\war master\ricochet\hl.exe"="C:\Program Files\Steam\steamapps\war master\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\war master\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\war master\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\war master\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\war master\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\warsow.exe"="C:\Documents and Settings\Andy Lin\Desktop\New Folder\warsow.exe:*:Enabled:Warsow"
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe"="C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\G4BOX\Metin2\metin2.bin"="C:\Program Files\G4BOX\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe"="C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe"="C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{6046c3c2-5bce-11d9-9d0a-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d5dc1bbc-5bd0-11d9-aaa0-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe

List of files/folders created in the last three months

2008-08-28 18:04:08 ----D---- C:\rsit
2008-08-27 22:46:32 ----D---- C:\WINDOWS\system32\SuperAdBlocker.com
2008-08-27 19:20:12 ----D---- C:\Program Files\Trend Micro
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\java.exe
2008-08-26 04:30:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-26 04:30:37 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-26 04:30:37 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SUPERAntiSpyware.com
2008-08-26 04:13:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-26 01:51:28 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-08-26 01:25:33 ----A---- C:\bug.txt
2008-08-26 01:17:23 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-26 01:16:58 ----A---- C:\rapport.txt
2008-08-24 22:45:09 ----A---- C:\WINDOWS\ScUnin.exe
2008-08-24 22:44:44 ----D---- C:\Program Files\Starcraft
2008-08-23 18:05:02 ----D---- C:\Mp3 Output
2008-08-23 18:02:27 ----A---- C:\WINDOWS\system32\cc3270mt.dll
2008-08-23 18:00:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\AVS4YOU
2008-08-23 17:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-23 17:59:08 ----D---- C:\Program Files\Common Files\AVSMedia
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-08-20 08:57:37 ----A---- C:\WINDOWS\wb.ini
2008-08-20 08:57:37 ----A---- C:\WINDOWS\system32\wbsys.dll
2008-08-20 08:57:36 ----D---- C:\Program Files\Common Files\Stardock
2008-08-20 08:57:36 ----D---- C:\Program Files\AlienGUIse
2008-08-20 08:32:16 ----D---- C:\Program Files\Apple Software Update
2008-08-19 08:29:35 ----D---- C:\Program Files\Easy Video Splitter
2008-08-19 08:25:33 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\vorbis.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\ogg.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\FXDV1to2.dll
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDSuninst.exe
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDS.dll
2008-08-19 08:25:30 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2008-08-19 05:46:05 ----D---- C:\Program Files\AviSynth 2.5
2008-08-19 05:45:59 ----D---- C:\Program Files\Red Kawa
2008-08-19 00:22:58 ----D---- C:\Program Files\Bonjour
2008-08-19 00:21:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-19 00:21:32 ----D---- C:\Program Files\Common Files\Apple
2008-08-19 00:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-19 00:10:01 ----D---- C:\Program Files\iTunes
2008-08-19 00:10:01 ----D---- C:\Program Files\iPod
2008-07-25 18:46:19 ----D---- C:\Program Files\Pidgin
2008-07-25 12:57:27 ----D---- C:\Documents and Settings\Andy Lin\Application Data\vlc
2008-07-25 12:48:08 ----D---- C:\Program Files\VideoLAN
2008-07-24 16:15:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\gtk-2.0
2008-07-24 16:13:43 ----D---- C:\Documents and Settings\Andy Lin\Application Data\.purple
2008-07-15 16:09:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-06-19 16:22:29 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SPORE Creature Creator
2008-06-19 16:19:54 ----D---- C:\Program Files\Electronic Arts
2008-06-09 18:37:05 ----D---- C:\Program Files\WinPcap
2008-06-09 18:36:39 ----D---- C:\Program Files\WC3Banlist

Too many characters, I split the log in half.

GunOA · 29th August 2008

The rest of the log.

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S3 ao9o8kj7;ao9o8kj7; C:\WINDOWS\system32\drivers\ao9o8kj7.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\ANDYLI~1\LOCALS~1\Temp\catchme.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-04-19 39248]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-04-19 52304]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-04-19 59984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-04-19 83536]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 npkcusb;npkcusb; \??\C:\WINDOWS\system32\npkcusb.sys []
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\System32\DRIVERS\sr.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 231192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 MilShieldCleaner;MilShieldCleaner; C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe [2008-04-15 331776]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;Spyware Doctor Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Sorry if I'm a bit slow, since I have to DL RSIT from a clean computer and send it. Also I have to send the log back at the end, since my infected computer wont let me post on these forums...

**noahdfear** · 29th August 2008

Any idea what this folder is on your desktop?

ah\Glider_148

Looks as though there's been quite a lot of malware gain access through the Windows Firewall from that folder. Please don't do anything with it just yet if it's still present.

Can you get to this page with the affected computer? If so, do the following on that computer.

Click here
If it launches a file download dialog for download_file.exe from noahdfear.net, click Run.
download_file.vbs file should appear on the desktop, and shortly there-after a renamed copy of ComboFix.
Please note that the vbs file is recognized by some security programs as a Trojan-Downloader.JS and may try to block it. I assure you, the file is safe.
If successful, double click the renamed ComboFix and follow the prompts.

If you cannot do that, do this.

Download ComboFix by sUBs from here, then transfer it to the affected computer's desktop.

Close all open programs and windows
Double click combofix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

GunOA · 29th August 2008

Glider shouldn't be dangerous, I don't use it anymore, but its a program for a game.

I couldn't download from your first link from my infected computer, but I sent ComboFix over and started it. It said Rootkit detected and needs to restart my computer, I've ran ComboFix 2 days ago and it still says rootkit and just restarts my computer. Should I turn off AVG? If so how?

Also when It reboots my computer, It doesn't resume running.

**noahdfear** · 29th August 2008

Delete the copy of ComboFix now on that computer. Rename ComboFix to something like FomboCix.exe or Combo-Fix.exe, then transfer it to the computer and try again. If it restarts again without running, just rename it and run again. Give it a couple 3 attempts if necessary

I'm not concerned about the Glider game, but about the many random named files with access through the firewall living in it's path. The naming convention is typical of malware.

"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe"="C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe"="C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe"="C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe:*:Enabled: "

For now, lets just make sure the path is not the same should something in the registry tell one of those nasties to run. Please rename the ah folder on your desktop to something else, such as oldah.

GunOA · 29th August 2008

Ok, I did as you said and renamed ComboFix and resent it, but it still said the same thing and restarted my computer. Also about Glider, the folder ah isnt on my desktop anymore. Also I did a search "glider" and nothing came up. I think I deleted glider awhile back and I don't know whats going on right now.

**noahdfear** · 29th August 2008

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to the desktop (download and transfer over if necessary).

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

When the updating is complete, physically disconnect the computer from the internet.
Once the program has loaded, select 'Perform Quick Scan', then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

As soon as MBAM is completely done, close it and run ComboFix. Do not reconnect the internet connection until after ComboFix has restarted the machine and produced a log.

GunOA · 29th August 2008

ComboFix Log

ComboFix 08-08-28.04 - Andy Lin 2008-08-28 21:14:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2094 [GMT -7:00]
Running from: C:\Documents and Settings\Andy Lin\Desktop\FomboCix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\bin.clearspring.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\interclick.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\interclick.com\ud.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\static.youku.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\static.youku.com\v1.0.0305\v\swf\qplayer.swf \qplayer.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\static.youku.com\v1.0.0307\v\swf\qplayer.swf \qplayer.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings .sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.so l

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdssserv

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Documents and Settings\Andy Lin\Application Data\Malwarebytes
2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 20:48 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 20:48 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 18:04 . 2008-08-28 18:04 <DIR> d-------- C:\rsit
2008-08-27 22:46 . 2008-08-27 22:46 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-08-27 19:20 . 2008-08-27 19:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 05:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-26 04:53 . 2008-08-26 04:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-26 04:30 . 2008-08-26 04:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-26 04:30 . 2008-08-26 04:30 <DIR> d-------- C:\Documents and Settings\Andy Lin\Application Data\SUPERAntiSpyware.com
2008-08-26 04:30 . 2008-08-26 04:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-26 01:51 . 2003-03-18 13:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-26 01:17 . 2008-08-26 05:20 1,714 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-24 22:45 . 2008-08-24 22:46 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-08-24 22:45 . 2008-08-24 22:46 35,190 --a------ C:\WINDOWS\scunin.dat
2008-08-24 22:45 . 2008-08-24 22:46 967 --a------ C:\WINDOWS\ScUnin.pif
2008-08-24 22:44 . 2008-08-25 00:13 <DIR> d-------- C:\Program Files\Starcraft
2008-08-23 18:05 . 2008-08-23 18:05 <DIR> d-------- C:\Mp3 Output
2008-08-23 18:02 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-08-23 18:00 . 2008-08-23 18:03 <DIR> d-------- C:\Documents and Settings\Andy Lin\Application Data\AVS4YOU
2008-08-23 17:59 . 2008-08-23 18:07 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-23 17:59 . 2008-08-23 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-23 17:59 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-08-23 17:59 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-08-23 17:59 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-08-23 17:59 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-20 09:12 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-08-20 09:07 . 2008-08-20 09:07 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-08-20 08:59 . 2008-08-21 21:08 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-08-20 08:57 . 2008-08-20 08:57 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-20 08:57 . 2008-08-20 09:11 <DIR> d-------- C:\Program Files\AlienGUIse
2008-08-20 08:57 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-08-20 08:57 . 2008-08-20 08:57 56 --a------ C:\WINDOWS\wb.ini
2008-08-20 08:32 . 2008-08-20 08:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-19 08:29 . 2008-08-19 08:29 <DIR> d-------- C:\Program Files\Easy Video Splitter
2008-08-19 08:25 . 2001-08-23 16:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-19 08:25 . 2005-12-31 08:19 1,097,728 --a------ C:\WINDOWS\system32\vorbis.dll
2008-08-19 08:25 . 2003-11-16 10:48 909,312 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-08-19 08:25 . 2002-10-06 12:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-08-19 08:25 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2008-08-19 08:25 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-08-19 08:25 . 2005-01-12 19:34 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-08-19 08:25 . 2005-12-31 08:13 24,576 --a------ C:\WINDOWS\system32\ogg.dll
2008-08-19 08:25 . 2000-06-13 00:00 2,493 --a------ C:\WINDOWS\system32\COMCTL32.DEP
2008-08-19 05:46 . 2008-08-19 05:46 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-08-19 05:45 . 2008-08-19 05:45 <DIR> d-------- C:\Program Files\Red Kawa
2008-08-19 00:22 . 2008-08-19 00:22 <DIR> d-------- C:\Program Files\Bonjour
2008-08-19 00:21 . 2008-08-19 00:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-19 00:21 . 2008-08-19 00:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-19 00:21 . 2008-08-19 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-19 00:21 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-08-19 00:10 . 2008-08-19 00:23 <DIR> d-------- C:\Program Files\iTunes
2008-08-19 00:10 . 2008-08-19 00:23 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 04:25 --------- d-----w C:\Program Files\Steam
2008-08-29 02:36 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-29 01:05 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\.purple
2008-08-29 01:03 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\gtk-2.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Warcraft III
2008-08-27 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 12:42 --------- d-----w C:\Program Files\Java
2008-08-26 06:23 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-08-26 06:23 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll
2008-08-25 03:56 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\BitTorrent
2008-08-20 09:57 --------- d-----w C:\Program Files\Winamp5.1
2008-08-19 08:20 --------- d-----w C:\Program Files\LimeWire
2008-08-19 07:22 --------- d-----w C:\Program Files\QuickTime
2008-08-19 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 00:43 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-11 08:25 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\Xfire
2008-08-11 08:24 --------- d-s---w C:\Program Files\Xfire
2008-08-06 11:47 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\SPORE Creature Creator
2008-07-28 00:28 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-27 00:41 --------- d-----w C:\Program Files\VideoLAN
2008-07-26 01:46 --------- d-----w C:\Program Files\Pidgin
2008-07-25 19:57 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\vlc
2008-07-25 06:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-19 14:35 --------- d-----w C:\Program Files\WC3Banlist
2008-07-15 23:09 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-14 15:54 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-19 23:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-01 03:59 1,685 ----a-w C:\Program Files\DeIsL1.isu
1996-02-07 15:07 24,576 ----a-w C:\Program Files\_ISREG32.DLL
.

------- Sigcheck -------

2004-05-26 18:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2003-03-31 05:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-08-25 23:23 502272 9b1bd82bd0761b5ba986af66d2809c30 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 406,016 2006-10-31 22:28:28 C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-01 23:29 1271032]
"MilShieldSlave"="C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" [2008-04-15 00:12 747008]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-15 19:44 185784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-18 17:41 131072]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-08-28 19:36 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-04-24 19:45 288576 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steamapps\\auron305@yahoo.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\auron305@yahoo.com\\half-life\\hl.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Steam\\steamapps\\poison_maniac\\counter-strike\\hl.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\auron305@yahoo.com\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\gunoa\\counter-strike\\hl.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"6887:TCP"= 6887:TCP:6887
"6888:TCP"= 6888:TCP:6888
"6889:TCP"= 6889:TCP:6889
"6990:TCP"= 6990:TCP:6990
"6991:TCP"= 6991:TCP:6991
"6992:TCP"= 6992:TCP:6992
"6993:TCP"= 6993:TCP:6993
"6994:TCP"= 6994:TCP:6994
"6995:TCP"= 6995:TCP:6995
"6996:TCP"= 6996:TCP:6996
"6997:TCP"= 6997:TCP:6997
"6998:TCP"= 6998:TCP:6998
"60384:TCP"= 60384:TCP:PORT_60384
"9842:TCP"= 9842:TCP:*

isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*

isabled:SolidNetworkManager

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-28 19:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 19:36]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{6046c3c2-5bce-11d9-9d0a-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d5dc1bbc-5bd0-11d9-aaa0-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Andy Lin\Application Data\Mozilla\Firefox\Profiles\wl4ru2ft.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 21:23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\3d4a75ec-cec7-454f-844c-707f0f9bf0f2.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_10650.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-28 21:32:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 04:31:48

Pre-Run: 27,336,904,704 bytes free
Post-Run: 27,293,466,624 bytes free

290

GunOA · 29th August 2008

MBAM Log

Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

9:05:33 PM 8/28/2008
mbam-log-08-28-2008 (21-05-33).txt

Scan type: Quick Scan
Objects scanned: 46720
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 20
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_id (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_options (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_server1 (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_reserv (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_forms (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_certs (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_options (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_ss (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pstorag e (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_command (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_file (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_idproje ct (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pauseop t (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pausece rt (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletec ookie (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletes ol (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_newversion (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_patch (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanc ed\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Andy Lin\xrt_mhdd.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon.old (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

GunOA · 29th August 2008

New HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:45 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Andy Lin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrit...lass/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrit...lass/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7856 bytes

Thanks for all your help.

Also I can now access antivirus sites, so maybe this problem is fixed, but I'll leave that up to you.

**noahdfear** · 29th August 2008

Disregard this post. Will post again after I've studied your logs.

**noahdfear** · 29th August 2008

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Double click fix.reg and allow it to merge with the registry.

Please download FindAWF
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, awf.txt will open. Please post it's contents here.

GunOA · 29th August 2008

Can you further explain how to do the fix.reg thing. I made a new text document and copied the text over, then

Save as:
Filename fix.reg
Save as type: all files
encoding: ANSI

I save it to my desktop and when i double click it still opens as a notepad.