Same problem as Nicko

Taek1 · 2008/07/04

Hey guys.
Ive had this trojan problem for a couple of days and whenever i open my program files i get the same problems as Nicko except it says dangerous files instead of trojan. I posted my details and stuff on Nicko's thread but ill just post them again here to make things easier. Any help would be great.

Here is the first .txt file.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-60
CPU 1: AMD Turion(tm) 64 X2 Mobile Technology TL-60
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1022.1 MiB / 596.95 MiB
Pagefile Memory (total/avail): 2459.62 MiB / 2001.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.84 MiB

C: is Fixed (FAT32) - 70.08 GiB total, 46.34 GiB free.
D: is Fixed (FAT32) - 71.12 GiB total, 43.8 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-22RST0 - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 7.81 GiB
\PARTITION1 (bootable) - Unknown - 70.1 GiB - C:
\PARTITION2 - Unknown - 71.14 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enable dxpsp2res.dll,-22019 "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enable dxpsp2res.dll,-22019 "
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe "= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\downloads\\SteamInstall.msi "= "C:\\Program Files\\downloads\\SteamInstall.msi:*:Enabled:SteamInstall "
"D:\\Program Files\\Steam\\Steam.exe "= "D:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client "
"C:\\WINDOWS\\System32\\rtcshare.exe "= "C:\\WINDOWS\\System32\\rtcshare.exe: *:Enabled:RTC App Sharing "
"C:\\Program Files\\NetMeeting\\conf.exe "= "C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting® "
"D:\\Program Files\\Steam\\steamapps\\ickle_boy\\counter-strike source\\hl2.exe "= "D:\\Program Files\\Steam\\steamapps\\ickle_boy\\counter-strike source\\hl2.exe:*:Enabled:hl2 "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"D:\\FreeGames\\liero_sdl-2.01\\lierosdl-2.01\\lieroai.exe "= "D:\\FreeGames\\liero_sdl-2.01\\lierosdl-2.01\\lieroai.exe:*:Enabled:lieroai "
"D:\\Program Files\\Vietcong2\\vietcong2.exe "= "D:\\Program Files\\Vietcong2\\vietcong2.exe:*:Enabled:vietcong2 "
"D:\\Program Files\\Acclaim\\2Moons\\minilauncher.exe "= "D:\\Program Files\\Acclaim\\2Moons\\minilauncher.exe:*:Enabled:2moons "
"D:\\Program Files\\Warcraft III\\Frozen Throne.exe "= "D:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne "
"D:\\Program Files\\Warcraft III\\Warcraft III.exe "= "D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III "
"D:\\Program Files\\Warcraft III\\War3.exe "= "D:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:War3 "
"D:\\Program Files\\Warcraft III\\w3l.exe "= "D:\\Program Files\\Warcraft III\\w3l.exe:*:Enabled:w3l "
"C:\\Program Files\\Azureus\\Azureus.exe "= "C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus "
"C:\\Program Files\\BitTorrent_DNA\\dna.exe "= "C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA "
"C:\\Program Files\\BitTorrent\\bittorrent.exe "= "C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent "
"D:\\Program Files\\Steam\\steamapps\\ickle_boy\\counter-strike\\hl.exe "= "D:\\Program Files\\Steam\\steamapps\\ickle_boy\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher "
"C:\\Documents and Settings\\HN\\Desktop\\CabalTemp\\ESTSetupLoader.exe "= "C:\\Documents and Settings\\HN\\Desktop\\CabalTemp\\ESTSetupLoader.exe:*:Enabled:EST! download engine "
"D:\\Program Files\\Steam\\steamapps\\ickle_boy\\half-life 2 deathmatch\\hl2.exe "= "D:\\Program Files\\Steam\\steamapps\\ickle_boy\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2 "
"D:\\Program Files\\Steam\\steamapps\\zen05\\counter-strike source\\hl2.exe "= "D:\\Program Files\\Steam\\steamapps\\zen05\\counter-strike source\\hl2.exe:*:Enabled:hl2 "
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe "= "D:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe "
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "= "D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "= "D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe "
"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe "= "D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe "
"D:\\Program Files\\Launcher.exe "= "D:\\Program Files\\Launcher.exe:*:Enabled:Knight OnLine "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\\WINDOWS\\System32\\dpvsetup.exe "= "C:\\WINDOWS\\System32\\dpvsetup.exe: *:Enabled:Microsoft DirectPlay Voice Test "
"C:\\WINDOWS\\System32\\rundll32.exe "= "C:\\WINDOWS\\System32\\rundll32.exe: *:Enabled:Run a DLL as an App "
"C:\\UnrealGold\\System\\Unreal.exe "= "C:\\UnrealGold\\System\\Unreal.exe:*: Enabled:Unreal "
"C:\\Program Files\\DNA\\btdna.exe "= "C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA "
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer "
"C:\\Program Files\\FlashGet\\flashget.exe "= "C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
"D:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe "= "D:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe:*:Enabled:TmForever "
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe "= "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\Kaspersky Anti-Virus\\setup.exe "= "C:\\Program Files\\Kaspersky Anti-Virus\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\hn\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-D928810BF0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
game.dll=setx path "C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;D:\Program files\warcraft III
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\hn
LOGONSERVER=\\ACER-D928810BF0
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\hn\LOCALS~1\Temp
TMP=C:\DOCUME~1\hn\LOCALS~1\Temp
USERDOMAIN=ACER-D928810BF0
USERNAME=hn
USERPROFILE=C:\Documents and Settings\hn
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

hn (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu "
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
#1 DVD Ripper 7.1 --> C:\Program Files\No1 DVD Ripper\uninst.exe
2moons --> MsiExec.exe /I{0B69C194-49D3-4A47-A0F9-BBEEAC28E886}
Acer Arcade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x0009 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer OrbiCam --> Rundll32.exe BisonR07.dll,WinMainRmv
Acer Screensaver --> MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c "C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll "
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Art Williams Screensaver --> "C:\WINDOWS\Downloaded Installations\uninstall Art_Will.exe "
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVG 7.5 --> D:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BA Installer --> MsiExec.exe /I{EDA0FFC5-7964-4E2F-9014-693F04695933}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Optimizer Adssite --> C:\WINDOWS\system32\adssite-remove.exe
Canon i350 --> C:\WINDOWS\system32\CNMCP53.exe "-PRINTERNAMECanon i350" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmi0409.dll "
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe "
Counter-Strike --> "D:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "D:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source --> "D:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat: Source --> "D:\Program Files\Steam\steam.exe" steam://uninstall/300
Driver Genius Professional Edition --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe "
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1120 --> "C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe "
Free DVD Ripper Version 2.25 --> "C:\Program Files\Free DVD Ripper\unins000.exe "
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
Growler Guncam --> MsiExec.exe /I{9B743536-28E5-4A48-A1CC-8600A18386C3}
Half-Life 2 --> "D:\Program Files\Steam\steam.exe" steam://uninstall/220
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcZUnM5k.inf
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Icon Restore 1.0 --> C:\WINDOWS\unins000.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Matroska Pack - Lazy Man's MKV 0.9.9 --> "C:\Program Files\LD-Anime\unins000.exe "
MessengerDiscovery Live 1.4.5408 --> "C:\Program Files\MessengerDiscovery\unins000.exe "
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Drivers 3.31 --> "D:\Program Files\My Drivers\unins000.exe "
Ninja Reflex: Steamworks Edition Demo --> "D:\Program Files\Steam\steam.exe" steam://uninstall/13010
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe "
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Search Assistant Adssite --> C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC IrCC V5.1.3600.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F\HXFSETUP.EX E -U -IAcrS09Fp.inf
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffPlug 3 --> C:\Program Files\StuffPlug3\Uninstall.exe
TrackMania Nations Forever --> "D:\Program Files\Steam\steam.exe" steam://uninstall/11020
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe "
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7 \amdk8.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type20204 / Error
Event Submitted/Written: 07/04/2008 02:46:52 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application winlogon.exe, version 0.0.0.0, faulting module tuvSMeFW.dll, version 0.0.0.0, fault address 0x000052df.
Error in creating result PEAP-TLV in response to received PEAP-TLV (winlogon.exe!ld!)

Event Record #/Type20195 / Error
Event Submitted/Written: 07/04/2008 02:45:36 PM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Event Record #/Type20193 / Error
Event Submitted/Written: 07/04/2008 02:45:36 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-07-04 04:45:36,234 ACER-D928810BF0 [000236:000280] ERROR 000 AVG7.AM service module run failed: Error 0x80040154

Event Record #/Type20191 / Warning
Event Submitted/Written: 07/04/2008 02:43:38 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\yayxxvwt.dll

Event Record #/Type20190 / Warning
Event Submitted/Written: 07/04/2008 02:43:36 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\yayxxvwt.dll

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type28961 / Error
Event Submitted/Written: 07/04/2008 03:10:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments " "
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type28951 / Error
Event Submitted/Written: 07/04/2008 03:00:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments " "
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type28924 / Error
Event Submitted/Written: 07/04/2008 02:45:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The eLock2FSCTLDriver service failed to start due to the following error:
%%2

Event Record #/Type28923 / Error
Event Submitted/Written: 07/04/2008 02:45:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The eLock2BurnerLockDriver service failed to start due to the following error:
%%2

Event Record #/Type28906 / Error
Event Submitted/Written: 07/04/2008 02:42:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The eLock2FSCTLDriver service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-07-04 15:24:59 ------------

Taek1 · 2008/07/04

Part 2

This is the second txt file that deckards gave me.

Deckard's System Scanner v20071014.68
Run by hn on 2008-07-04 16:11:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-04 16:11:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\BR040286.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\hn\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {2DFD02C5-B330-48FA-904D-5C1E3B03DE51} - C:\WINDOWS\system32\yayxxvwt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: XTTBPos00 - {E014A78F-34DC-4BE5-83BB-58CA12E384B6} - C:\WINDOWS\system32\snoptas.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {f42e3635-5d1a-22ff-1c0b-da74331d9aee} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe "
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [e1d93cf9] rundll32.exe "C:\WINDOWS\system32\qctffkqi.dll ",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: tuvSMeFW - C:\WINDOWS\system32\tuvSMeFW.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12744 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 15:45:40 0 d-------- C:\Documents and Settings\hn\Application Data\Malwarebytes
2008-07-04 15:45:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 15:45:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 14:43:50 0 d-------- C:\Program Files\Driver-Soft
2008-07-04 14:40:35 0 dr-h----- C:\Documents and Settings\hn\Recent
2008-07-04 14:28:46 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-07-04 14:27:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-04 14:19:50 0 d-------- C:\Program Files\Avira
2008-07-04 14:19:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-04 14:16:42 18128896 --a------ C:\Documents and Settings\hn\ntuser.dat
2008-07-04 07:07:52 91520 --a------ C:\WINDOWS\system32\qctffkqi.dll
2008-07-03 20:05:12 152737 --ahs---- C:\WINDOWS\system32\twvxxyay.ini2
2008-07-03 20:05:06 318720 --a------ C:\WINDOWS\system32\yayxxvwt.dll
2008-07-03 20:01:48 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 20:01:19 0 d-------- C:\Program Files\Spyware Doctor
2008-07-03 20:01:19 0 d-------- C:\Documents and Settings\hn\Application Data\PC Tools
2008-07-03 19:28:30 26624 --a------ C:\WINDOWS\system32\snoptas.dll
2008-07-03 19:28:16 26624 --a------ C:\WINDOWS\system32\agin_bho.dll
2008-07-03 19:28:03 26624 --a------ C:\WINDOWS\system32\wdolo32.dll
2008-07-03 19:25:55 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-03 16:34:32 0 d-------- C:\Program Files\MSBuild
2008-07-03 16:34:22 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-03 16:34:13 0 d-------- C:\Program Files\Reference Assemblies
2008-07-03 16:32:53 0 d-------- C:\Program Files\MSXML 6.0
2008-06-25 18:09:37 0 d-------- C:\Documents and Settings\hn\Application Data\Samsung
2008-06-25 17:57:57 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-25 17:56:56 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-25 17:55:56 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-25 17:55:52 0 d-------- C:\Program Files\Samsung
2008-06-18 18:15:42 0 d-------- C:\Program Files\CCleaner
2008-06-18 17:52:39 0 d-------- C:\WINDOWS\pss
2008-06-18 17:27:21 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-07 13:56:04 0 d--hs---- C:\FOUND.000

-- Find3M Report ---------------------------------------------------------------

2008-07-04 14:43:42 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-27 22:50:40 0 d-------- C:\Program Files\Growler Guncam
2008-05-27 22:50:22 0 d-------- C:\Program Files\Common Files\GC Install
2008-05-23 15:30:32 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-19 16:41:32 0 d-------- C:\Documents and Settings\hn\Application Data\Apple Computer
2008-05-19 16:41:16 0 d-------- C:\Program Files\iPod
2008-05-19 16:41:10 0 d-------- C:\Program Files\iTunes
2008-05-19 16:40:56 0 d-------- C:\Program Files\Bonjour
2008-05-19 16:40:12 0 d-------- C:\Program Files\QuickTime
2008-05-19 16:39:50 0 d-------- C:\Program Files\Apple Software Update
2008-05-19 16:39:26 0 d-------- C:\Program Files\Common Files\Apple
2008-05-08 22:20:32 0 d-------- C:\Documents and Settings\hn\Application Data\FrostWire
2008-05-08 22:20:16 0 d-------- C:\Program Files\FrostWire
2008-05-08 22:20:14 0 d-------- C:\Program Files\AskSBar
2008-05-08 21:22:58 0 d-------- C:\Program Files\MSN Messenger
2008-05-08 21:22:58 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-07 16:14:16 0 d-------- C:\Program Files\StuffPlug3
2008-05-05 18:59:08 53862 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-04-20 07:41:46 8 --a------ C:\Documents and Settings\hn\Application Data\usb.dat.bin
2008-04-19 15:49:54 0 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 20:26:58 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
08/05/2008 10:20 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
04/12/2007 04:12 AM 282624 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DFD02C5-B330-48FA-904D-5C1E3B03DE51}]
03/07/2008 08:05 PM 318720 --a------ C:\WINDOWS\system32\yayxxvwt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E014A78F-34DC-4BE5-83BB-58CA12E384B6}]
03/07/2008 07:28 PM 26624 --a------ C:\WINDOWS\system32\snoptas.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
08/05/2008 10:20 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f42e3635-5d1a-22ff-1c0b-da74331d9aee}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} "= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [08/05/2008 10:20 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "=" " []
"AzMixerSel "= "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [14/04/2006 10:35 PM]
"PCMService "= "C:\Program Files\Acer\Acer Arcade\PCMService.exe" [27/04/2006 12:10 PM]
"ntiMUI "= "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [11/05/2005 05:15 PM]
"@ "=" " []
"Acer ePresentation HPD "= "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [31/03/2006 04:39 PM]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00 AM]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00 AM]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
"ePower_DMC "= "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [30/05/2006 12:11 PM]
"Boot "= "C:\Acer\Empowering Technology\ePower\Boot.exe" [15/03/2006 10:12 PM]
"RTHDCPL "= "RTHDCPL.EXE" [27/06/2006 11:54 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel "= "SkyTel.EXE" [16/05/2006 03:04 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr "= "ALCMTR.EXE" [03/05/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"BisonInst0402 "= "C:\WINDOWS\BR040286.exe" [08/05/2007 11:19 PM]
"eRecoveryService "= "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [01/06/2006 02:40 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 05:00 AM C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22/11/2007 05:16 PM]
"AVG7_CC "= "D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/06/2008 09:01 AM]
"e1d93cf9 "= "C:\WINDOWS\system32\qctffkqi.dll" [04/07/2008 07:07 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]
"antispy "= "C:\Program Files\IEAntiVirus\ANTIVIR.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" /background

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 6:15:54 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [17/01/2006 10:45:32 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [15/11/2007 5:06:11 PM]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [27/03/2006 11:37:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSMeFW]
tuvSMeFW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\yayxxvwt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33734f9e-5332-11dc-9443-0016d4d370ca}]
AutoRun\command- F:\wd_windows_tools\setup.exe

*Newly Created Service* - MBAMCATCHME

-- End of Deckard's System Scanner: finished at 2008-07-04 16:13:03 ------------

Geri · 2008/07/04

Hi Taek1
Welcome to Windowsbbs.

I see you have P2P software ( FrostWire 4.13.5 Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Virus and Spyware removal.

Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):

Ask Toolbar
J2SE Runtime Environment 5.0 Update 12
Search Assistant Adssite

Please note any other programs that you dont recognize in that list and post them in your next response

Now do this please.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log and a new dss log.

Thanks
Geri

Taek1 · 2008/07/05

reply to geri

Hey geri thanks for helpin me out, here are the reports, im not sure if this mbam log is the full report u wanted, as u mention it twice im not sure if they're 2 separate things but anyway.

Malwarebytes' Anti-Malware 1.19
Database version: 920
Windows 5.1.2600 Service Pack 2

4:19:24 PM 4/07/2008
mbam-log-7-4-2008 (16-19-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 114009
Time elapsed: 29 minute(s), 8 second(s)

Deckard's System Scanner v20071014.68
Run by hn on 2008-07-05 16:56:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-05 16:57:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\BR040286.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG7\avgamsvr.exe
D:\Program Files\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\hn\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {f42e3635-5d1a-22ff-1c0b-da74331d9aee} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe "
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: tuvSMeFW - C:\WINDOWS\system32\tuvSMeFW.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12243 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-04 16:19:42 154293 --ahs---- C:\WINDOWS\system32\twvxxyay.ini2
2008-07-04 15:45:40 0 d-------- C:\Documents and Settings\hn\Application Data\Malwarebytes
2008-07-04 15:45:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 15:45:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 14:43:50 0 d-------- C:\Program Files\Driver-Soft
2008-07-04 14:40:35 0 dr-h----- C:\Documents and Settings\hn\Recent
2008-07-04 14:28:46 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-07-04 14:27:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-04 14:19:50 0 d-------- C:\Program Files\Avira
2008-07-04 14:19:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-04 14:16:42 18128896 --a------ C:\Documents and Settings\hn\ntuser.dat
2008-07-03 20:05:06 318720 -----n--- C:\WINDOWS\system32\yayxxvwt.dll
2008-07-03 20:01:48 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 20:01:19 0 d-------- C:\Program Files\Spyware Doctor
2008-07-03 20:01:19 0 d-------- C:\Documents and Settings\hn\Application Data\PC Tools
2008-07-03 19:28:16 26624 --a------ C:\WINDOWS\system32\agin_bho.dll
2008-07-03 19:28:03 26624 --a------ C:\WINDOWS\system32\wdolo32.dll
2008-07-03 19:25:55 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-03 16:34:32 0 d-------- C:\Program Files\MSBuild
2008-07-03 16:34:22 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-03 16:34:13 0 d-------- C:\Program Files\Reference Assemblies
2008-07-03 16:32:53 0 d-------- C:\Program Files\MSXML 6.0
2008-06-25 18:09:37 0 d-------- C:\Documents and Settings\hn\Application Data\Samsung
2008-06-25 17:57:57 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-25 17:56:56 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-25 17:55:56 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-25 17:55:52 0 d-------- C:\Program Files\Samsung
2008-06-18 18:15:42 0 d-------- C:\Program Files\CCleaner
2008-06-18 17:52:39 0 d-------- C:\WINDOWS\pss
2008-06-18 17:27:21 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-06-07 13:56:04 0 d--hs---- C:\FOUND.000

-- Find3M Report ---------------------------------------------------------------

2008-07-05 10:17:22 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-27 22:50:40 0 d-------- C:\Program Files\Growler Guncam
2008-05-27 22:50:22 0 d-------- C:\Program Files\Common Files\GC Install
2008-05-23 15:30:32 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-19 16:41:32 0 d-------- C:\Documents and Settings\hn\Application Data\Apple Computer
2008-05-19 16:41:16 0 d-------- C:\Program Files\iPod
2008-05-19 16:41:10 0 d-------- C:\Program Files\iTunes
2008-05-19 16:40:56 0 d-------- C:\Program Files\Bonjour
2008-05-19 16:40:12 0 d-------- C:\Program Files\QuickTime
2008-05-19 16:39:50 0 d-------- C:\Program Files\Apple Software Update
2008-05-19 16:39:26 0 d-------- C:\Program Files\Common Files\Apple
2008-05-08 22:20:32 0 d-------- C:\Documents and Settings\hn\Application Data\FrostWire
2008-05-08 22:20:16 0 d-------- C:\Program Files\FrostWire
2008-05-08 22:20:14 0 d-------- C:\Program Files\AskSBar
2008-05-08 21:22:58 0 d-------- C:\Program Files\MSN Messenger
2008-05-08 21:22:58 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-07 16:14:16 0 d-------- C:\Program Files\StuffPlug3
2008-04-20 07:41:46 8 --a------ C:\Documents and Settings\hn\Application Data\usb.dat.bin
2008-04-19 15:49:54 0 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 20:26:58 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
08/05/2008 10:20 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f42e3635-5d1a-22ff-1c0b-da74331d9aee}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "=" " []
"AzMixerSel "= "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [14/04/2006 10:35 PM]
"PCMService "= "C:\Program Files\Acer\Acer Arcade\PCMService.exe" [27/04/2006 12:10 PM]
"ntiMUI "= "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [11/05/2005 05:15 PM]
"@ "=" " []
"Acer ePresentation HPD "= "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [31/03/2006 04:39 PM]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00 AM]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00 AM]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
"ePower_DMC "= "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [30/05/2006 12:11 PM]
"Boot "= "C:\Acer\Empowering Technology\ePower\Boot.exe" [15/03/2006 10:12 PM]
"RTHDCPL "= "RTHDCPL.EXE" [27/06/2006 11:54 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel "= "SkyTel.EXE" [16/05/2006 03:04 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr "= "ALCMTR.EXE" [03/05/2005 03:43 AM C:\WINDOWS\Alcmtr.exe]
"BisonInst0402 "= "C:\WINDOWS\BR040286.exe" [08/05/2007 11:19 PM]
"eRecoveryService "= "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [01/06/2006 02:40 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 05:00 AM C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22/11/2007 05:16 PM]
"AVG7_CC "= "D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/06/2008 09:01 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]
"antispy "= "C:\Program Files\IEAntiVirus\ANTIVIR.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" /background

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 6:15:54 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [17/01/2006 10:45:32 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [15/11/2007 5:06:11 PM]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [27/03/2006 11:37:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSMeFW]
tuvSMeFW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33734f9e-5332-11dc-9443-0016d4d370ca}]
AutoRun\command- F:\wd_windows_tools\setup.exe

-- End of Deckard's System Scanner: finished at 2008-07-05 16:57:37 ------------

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 32
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayxxvwt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qctffkqi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Unloaded module successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Unloaded module successfully.
C:\WINDOWS\system32\snoptas.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2dfd02c5-b330-48fa-904d-5c1e3b03de51} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2dfd02c5-b330-48fa-904d-5c1e3b03de51} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e014a78f-34dc-4be5-83bb-58ca12e384b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e014a78f-34dc-4be5-83bb-58ca12e384b6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a471012f-e2e5-48eb-9a8b-9d4090b1d0c7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1648e328-3e5a-4ea5-a9c6-e5f09ee272da} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648e328-3e5a-4ea5-a9c6-e5f09ee272da} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{315108e4-e3af-460f-b264-f2acc9e1aceb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{315108e4-e3af-460f-b264-f2acc9e1aceb} (Adware.BHO) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssitesearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e1d93cf9 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxxvwt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxxvwt -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayxxvwt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\twvxxyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twvxxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qctffkqi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iqkfftcq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\snoptas.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\hn\Local Settings\Application Data\Mozilla\Firefox\Profiles\k11eup14.default\Cache\4499FF9Fd01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\system volume information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP285\A0147439.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP285\A0149662.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\system volume information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP288\A0149960.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\system volume information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP289\A0150127.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\system volume information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP292\A0150370.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rightonadz-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.

ok. those are the reports, once again thanks alot or helpin me.

Geri · 2008/07/05

Hi Taek1
Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

Log in or Sign up

Same problem as Nicko

Taek1 Inactive Thread Starter

Taek1 Inactive Thread Starter

Geri Inactive Alumni

Taek1 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Same problem as Nicko

Taek1 Inactive Thread Starter

Taek1 Inactive Thread Starter

Geri Inactive Alumni

Taek1 Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches