Virus blocks me from Antivirus sites/updates

Hi, I recently got a virus that blocks me from MOST antivirus and help sites. It also slows down my computer greatly. Also I am posting from a clean computer, because the infected one won't let me submit the post...

The only other detail I can give is that it came with other viruses, like the google redirect virus and fake antivirus background change.


This is my HijackThis log, the only reason I was able to DL this was from sending it from my other computer, so please note that I will require alternative download sites that aren't blocked or require extra time to send the programs from my clean computer.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:31 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Winamp5.1\winamp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Andy Lin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrity/Unit 4 - 01 Intro to Equations/class/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrity/alg13-1/class/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7317 bytes

Please help
Thanks!

 

Welcome to WindowsBBS GunOA

Unfortunately, there's nothing rogue showing in your log. Fortunately, we have another tool at our disposal that gives us a better look at things.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of both logs here in your next reply.

 

Hi, noahdfear and thanks for helping me.
Heres the log of RSIT.

Logfile of random's system information tool (written by random/random)
Run by Andy Lin at 2008-08-28 18:04:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 26 GB (34%) free of 78 GB
Total RAM: 2559 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:15 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy Lin\Desktop\RSIT.exe
C:\Documents and Settings\Andy Lin\Desktop\Andy Lin.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrity/Unit 4 - 01 Intro to Equations/class/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrity/alg13-1/class/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7405 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - blank []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-07-14 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mxomssmenu "=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-05-15 185784]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nwiz "=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMixerTray "=C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe [2004-03-18 131072]
"nForce Tray Options "=sstray.exe /r []
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"MSConfig "=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam "=c:\program files\steam\steam.exe [2008-04-01 1271032]
"MilShieldSlave "=C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe [2008-04-15 747008]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-07-14 1232152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-04-24 288576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Valve\Steam\Steam.exe "= "C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam "
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\half-life\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\counter-strike\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\Xfire\ua_lsp_inst.exe "= "C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike source\hl2.exe "= "C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Ares Lite Edition\Ares.exe "= "C:\Program Files\Ares Lite Edition\Ares.exe:*:Enabled:Ares "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\BitTornado\btdownloadgui.exe "= "C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui "
"C:\Program Files\Media Player Classic\mplayerc.exe "= "C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic "
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\day of defeat\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Xfire\Xfire.exe "= "C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire "
"C:\Documents and Settings\Andy Lin\Desktop\utorrent.exe "= "C:\Documents and Settings\Andy Lin\Desktop\utorrent.exe:*:Enabled:utorrent "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Valve\Steam\SteamApps\rickytan77\counter-strike\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\rickytan77\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\half-life\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\team fortress classic\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\shadowremedy@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Valve\Steam\SteamApps\blewis2@cox.net\counter-strike\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\blewis2@cox.net\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\softnyx\GunBound\GunBound.gme "= "C:\Program Files\softnyx\GunBound\GunBound.gme:*isabled:GunBound "
"C:\Program Files\MAIET\Gunz\Gunz.exe "= "C:\Program Files\MAIET\Gunz\Gunz.exe:*isabled:Gunz "
"C:\Program Files\Wizet\Wizet\MapleStory\Patcher.exe "= "C:\Program Files\Wizet\Wizet\MapleStory\Patcher.exe:*isabledatcher MFC ?? ???? "
"C:\Program Files\Wizet\Wizet\MapleStory\NewPatcher.exe "= "C:\Program Files\Wizet\Wizet\MapleStory\NewPatcher.exe:*isabledatcher MFC ?? ???? "
"C:\Program Files\Softnyx\Rakion\Bin\Rakion.bin "= "C:\Program Files\Softnyx\Rakion\Bin\Rakion.bin:*isabled:Rakion "
"C:\Program Files\Starcraft\StarCraft.exe "= "C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft "
"C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\team fortress classic\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\auron305@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Sierra\Empire Earth II\EE2.exe "= "C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II "
"C:\Program Files\Valve\Steam\SteamApps\csurmamacs\half-life\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\csurmamacs\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Valve\Steam\SteamApps\poison_maniac\half-life\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\poison_maniac\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Valve\Steam\SteamApps\poison_maniac\team fortress classic\hl.exe "= "C:\Program Files\Valve\Steam\SteamApps\poison_maniac\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Warcraft III\Warcraft III.exe "= "C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III "
"C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Crazy Browser\Crazy Browser.exe "= "C:\Program Files\Crazy Browser\Crazy Browser.exe:*:Enabled:Crazy Browser "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\day of defeat\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Steam\steamapps\war master\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\war master\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\war master\counter-strike source\hl2.exe "= "C:\Program Files\Steam\steamapps\war master\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\war master\ricochet\hl.exe "= "C:\Program Files\Steam\steamapps\war master\ricochet\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\war master\half-life 2 deathmatch\hl2.exe "= "C:\Program Files\Steam\steamapps\war master\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\war master\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\war master\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\half-life 2 deathmatch\hl2.exe "= "C:\Program Files\Steam\steamapps\b3aa7ffdd89e8e4e433e5cf85f0fc50f\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 "
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\warsow.exe "= "C:\Documents and Settings\Andy Lin\Desktop\New Folder\warsow.exe:*:Enabled:Warsow "
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\G4BOX\Metin2\metin2.bin "= "C:\Program Files\G4BOX\Metin2\metin2.bin:*:Enabled:metin2 "
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe "= "C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe "= "C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6046c3c2-5bce-11d9-9d0a-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5dc1bbc-5bd0-11d9-aaa0-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe


List of files/folders created in the last three months

2008-08-28 18:04:08 ----D---- C:\rsit
2008-08-27 22:46:32 ----D---- C:\WINDOWS\system32\SuperAdBlocker.com
2008-08-27 19:20:12 ----D---- C:\Program Files\Trend Micro
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\java.exe
2008-08-26 04:30:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-26 04:30:37 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-26 04:30:37 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SUPERAntiSpyware.com
2008-08-26 04:13:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-26 01:51:28 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-08-26 01:25:33 ----A---- C:\bug.txt
2008-08-26 01:17:23 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-26 01:16:58 ----A---- C:\rapport.txt
2008-08-24 22:45:09 ----A---- C:\WINDOWS\ScUnin.exe
2008-08-24 22:44:44 ----D---- C:\Program Files\Starcraft
2008-08-23 18:05:02 ----D---- C:\Mp3 Output
2008-08-23 18:02:27 ----A---- C:\WINDOWS\system32\cc3270mt.dll
2008-08-23 18:00:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\AVS4YOU
2008-08-23 17:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-23 17:59:08 ----D---- C:\Program Files\Common Files\AVSMedia
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-08-20 08:57:37 ----A---- C:\WINDOWS\wb.ini
2008-08-20 08:57:37 ----A---- C:\WINDOWS\system32\wbsys.dll
2008-08-20 08:57:36 ----D---- C:\Program Files\Common Files\Stardock
2008-08-20 08:57:36 ----D---- C:\Program Files\AlienGUIse
2008-08-20 08:32:16 ----D---- C:\Program Files\Apple Software Update
2008-08-19 08:29:35 ----D---- C:\Program Files\Easy Video Splitter
2008-08-19 08:25:33 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\vorbis.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\ogg.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\FXDV1to2.dll
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDSuninst.exe
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDS.dll
2008-08-19 08:25:30 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2008-08-19 05:46:05 ----D---- C:\Program Files\AviSynth 2.5
2008-08-19 05:45:59 ----D---- C:\Program Files\Red Kawa
2008-08-19 00:22:58 ----D---- C:\Program Files\Bonjour
2008-08-19 00:21:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-19 00:21:32 ----D---- C:\Program Files\Common Files\Apple
2008-08-19 00:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-19 00:10:01 ----D---- C:\Program Files\iTunes
2008-08-19 00:10:01 ----D---- C:\Program Files\iPod
2008-07-25 18:46:19 ----D---- C:\Program Files\Pidgin
2008-07-25 12:57:27 ----D---- C:\Documents and Settings\Andy Lin\Application Data\vlc
2008-07-25 12:48:08 ----D---- C:\Program Files\VideoLAN
2008-07-24 16:15:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\gtk-2.0
2008-07-24 16:13:43 ----D---- C:\Documents and Settings\Andy Lin\Application Data\.purple
2008-07-15 16:09:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-06-19 16:22:29 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SPORE Creature Creator
2008-06-19 16:19:54 ----D---- C:\Program Files\Electronic Arts
2008-06-09 18:37:05 ----D---- C:\Program Files\WinPcap
2008-06-09 18:36:39 ----D---- C:\Program Files\WC3Banlist

Too many characters, I split the log in half.

 

The rest of the log.


List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S3 ao9o8kj7;ao9o8kj7; C:\WINDOWS\system32\drivers\ao9o8kj7.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\ANDYLI~1\LOCALS~1\Temp\catchme.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-04-19 39248]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-04-19 52304]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-04-19 59984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-04-19 83536]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 npkcusb;npkcusb; \??\C:\WINDOWS\system32\npkcusb.sys []
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\System32\DRIVERS\sr.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 231192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 MilShieldCleaner;MilShieldCleaner; C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe [2008-04-15 331776]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;Spyware Doctor Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Sorry if I'm a bit slow, since I have to DL RSIT from a clean computer and send it. Also I have to send the log back at the end, since my infected computer wont let me post on these forums...

 

Any idea what this folder is on your desktop?

ah\Glider_148

Looks as though there's been quite a lot of malware gain access through the Windows Firewall from that folder. Please don't do anything with it just yet if it's still present.

Can you get to this page with the affected computer? If so, do the following on that computer.

• Click here
  
• If it launches a file download dialog for download_file.exe from noahdfear.net, click Run.
• download_file.vbs file should appear on the desktop, and shortly there-after a renamed copy of ComboFix.
  
• Please note that the vbs file is recognized by some security programs as a Trojan-Downloader.JS and may try to block it. I assure you, the file is safe.
  
• If successful, double click the renamed ComboFix and follow the prompts.

If you cannot do that, do this.

Download ComboFix by sUBs from here, then transfer it to the affected computer's desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Glider shouldn't be dangerous, I don't use it anymore, but its a program for a game.

I couldn't download from your first link from my infected computer, but I sent ComboFix over and started it. It said Rootkit detected and needs to restart my computer, I've ran ComboFix 2 days ago and it still says rootkit and just restarts my computer. Should I turn off AVG? If so how?

Also when It reboots my computer, It doesn't resume running.

 

Delete the copy of ComboFix now on that computer. Rename ComboFix to something like FomboCix.exe or Combo-Fix.exe, then transfer it to the computer and try again. If it restarts again without running, just rename it and run again. Give it a couple 3 attempts if necessary

I'm not concerned about the Glider game, but about the many random named files with access through the firewall living in it's path. The naming convention is typical of malware.

"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe "= "C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\fpj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe "= "C:\Documents and Settings\Andy Lin\Desktop\New Folder\Glider_148\efkrocu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfayhebnan.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\smrozvnmk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lkjyvydxf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\lnmzj.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hnbybs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jtsfgnk.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\brcaddivo.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kiefnc.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\etldsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\oqkbpjiw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohbdl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anizff.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dmgh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\zwh.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\nryl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eqnleq.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzpzbsp.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jvz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ozfmbs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mvmnthgz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\xxyckgudda.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\jozcmks.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\wfxcuw.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mbncymyb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dcuu.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\anf.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\avjjxrddy.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kzcoms.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\eabfi.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\yajinnjsm.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ojlcsnxae.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\qgamldod.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\dhewnegsui.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\hjb.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\kumubujl.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\bcifs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\gzewdnz.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\pfwfvqhs.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\ohgsxuifr.exe:*:Enabled: "
"C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe "= "C:\Documents and Settings\Andy Lin\Desktop\ah\Glider_148\mtc.exe:*:Enabled: "


For now, lets just make sure the path is not the same should something in the registry tell one of those nasties to run. Please rename the ah folder on your desktop to something else, such as oldah.

 

Ok, I did as you said and renamed ComboFix and resent it, but it still said the same thing and restarted my computer. Also about Glider, the folder ah isnt on my desktop anymore. Also I did a search "glider" and nothing came up. I think I deleted glider awhile back and I don't know whats going on right now.

 

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to the desktop (download and transfer over if necessary).

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
  
  When the updating is complete, physically disconnect the computer from the internet.
  
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


As soon as MBAM is completely done, close it and run ComboFix. Do not reconnect the internet connection until after ComboFix has restarted the machine and produced a log.

 

ComboFix Log

ComboFix 08-08-28.04 - Andy Lin 2008-08-28 21:14:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2094 [GMT -7:00]
Running from: C:\Documents and Settings\Andy Lin\Desktop\FomboCix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\bin.clearspring.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\interclick.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\interclick.com\ud.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\static.youku.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\static.youku.com\v1.0.0305\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\#SharedObjects\VVPLFEKV\static.youku.com\v1.0.0307\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Andy Lin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Documents and Settings\Andy Lin\Application Data\Malwarebytes
2008-08-28 20:48 . 2008-08-28 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 20:48 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 20:48 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 18:04 . 2008-08-28 18:04 <DIR> d-------- C:\rsit
2008-08-27 22:46 . 2008-08-27 22:46 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-08-27 19:20 . 2008-08-27 19:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 05:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-26 04:53 . 2008-08-26 04:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-26 04:30 . 2008-08-26 04:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-26 04:30 . 2008-08-26 04:30 <DIR> d-------- C:\Documents and Settings\Andy Lin\Application Data\SUPERAntiSpyware.com
2008-08-26 04:30 . 2008-08-26 04:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-26 01:51 . 2003-03-18 13:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-26 01:17 . 2008-08-26 05:20 1,714 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-24 22:45 . 2008-08-24 22:46 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-08-24 22:45 . 2008-08-24 22:46 35,190 --a------ C:\WINDOWS\scunin.dat
2008-08-24 22:45 . 2008-08-24 22:46 967 --a------ C:\WINDOWS\ScUnin.pif
2008-08-24 22:44 . 2008-08-25 00:13 <DIR> d-------- C:\Program Files\Starcraft
2008-08-23 18:05 . 2008-08-23 18:05 <DIR> d-------- C:\Mp3 Output
2008-08-23 18:02 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-08-23 18:00 . 2008-08-23 18:03 <DIR> d-------- C:\Documents and Settings\Andy Lin\Application Data\AVS4YOU
2008-08-23 17:59 . 2008-08-23 18:07 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-23 17:59 . 2008-08-23 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-23 17:59 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-08-23 17:59 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-08-23 17:59 . 2007-02-27 19:36 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-08-23 17:59 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-20 09:12 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-08-20 09:07 . 2008-08-20 09:07 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-08-20 08:59 . 2008-08-21 21:08 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-08-20 08:57 . 2008-08-20 08:57 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-20 08:57 . 2008-08-20 09:11 <DIR> d-------- C:\Program Files\AlienGUIse
2008-08-20 08:57 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-08-20 08:57 . 2008-08-20 08:57 56 --a------ C:\WINDOWS\wb.ini
2008-08-20 08:32 . 2008-08-20 08:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-19 08:29 . 2008-08-19 08:29 <DIR> d-------- C:\Program Files\Easy Video Splitter
2008-08-19 08:25 . 2001-08-23 16:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-08-19 08:25 . 2005-12-31 08:19 1,097,728 --a------ C:\WINDOWS\system32\vorbis.dll
2008-08-19 08:25 . 2003-11-16 10:48 909,312 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-08-19 08:25 . 2002-10-06 12:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-08-19 08:25 . 2003-08-04 00:34 40,960 --a------ C:\WINDOWS\system32\FXDV1to2.dll
2008-08-19 08:25 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-08-19 08:25 . 2005-01-12 19:34 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-08-19 08:25 . 2005-12-31 08:13 24,576 --a------ C:\WINDOWS\system32\ogg.dll
2008-08-19 08:25 . 2000-06-13 00:00 2,493 --a------ C:\WINDOWS\system32\COMCTL32.DEP
2008-08-19 05:46 . 2008-08-19 05:46 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-08-19 05:45 . 2008-08-19 05:45 <DIR> d-------- C:\Program Files\Red Kawa
2008-08-19 00:22 . 2008-08-19 00:22 <DIR> d-------- C:\Program Files\Bonjour
2008-08-19 00:21 . 2008-08-19 00:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-19 00:21 . 2008-08-19 00:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-19 00:21 . 2008-08-19 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-19 00:21 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-08-19 00:10 . 2008-08-19 00:23 <DIR> d-------- C:\Program Files\iTunes
2008-08-19 00:10 . 2008-08-19 00:23 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 04:25 --------- d-----w C:\Program Files\Steam
2008-08-29 02:36 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-29 01:05 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\.purple
2008-08-29 01:03 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\gtk-2.0
2008-08-28 16:49 --------- d-----w C:\Program Files\Warcraft III
2008-08-27 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 12:42 --------- d-----w C:\Program Files\Java
2008-08-26 06:23 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-08-26 06:23 295,424 ----a-w C:\WINDOWS\system32\termsrv.dll
2008-08-25 03:56 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\BitTorrent
2008-08-20 09:57 --------- d-----w C:\Program Files\Winamp5.1
2008-08-19 08:20 --------- d-----w C:\Program Files\LimeWire
2008-08-19 07:22 --------- d-----w C:\Program Files\QuickTime
2008-08-19 07:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 00:43 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-11 08:25 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\Xfire
2008-08-11 08:24 --------- d-s---w C:\Program Files\Xfire
2008-08-06 11:47 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\SPORE Creature Creator
2008-07-28 00:28 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-27 00:41 --------- d-----w C:\Program Files\VideoLAN
2008-07-26 01:46 --------- d-----w C:\Program Files\Pidgin
2008-07-25 19:57 --------- d-----w C:\Documents and Settings\Andy Lin\Application Data\vlc
2008-07-25 06:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-19 14:35 --------- d-----w C:\Program Files\WC3Banlist
2008-07-15 23:09 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-14 15:54 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-19 23:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-01 03:59 1,685 ----a-w C:\Program Files\DeIsL1.isu
1996-02-07 15:07 24,576 ----a-w C:\Program Files\_ISREG32.DLL
.

------- Sigcheck -------

2004-05-26 18:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2003-03-31 05:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-08-25 23:23 502272 9b1bd82bd0761b5ba986af66d2809c30 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 406,016 2006-10-31 22:28:28 C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\steam\steam.exe" [2008-04-01 23:29 1271032]
"MilShieldSlave "= "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" [2008-04-15 00:12 747008]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mxomssmenu "= "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 14:53 169264]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-15 19:44 185784]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMixerTray "= "C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-18 17:41 131072]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]
"nwiz "= "nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options "= "sstray.exe" [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3 "= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.XFR1 "= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-08-28 19:36 1235736 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-04-24 19:45 288576 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe "=
"C:\\Program Files\\mIRC\\mirc.exe "=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe "=
"C:\\Program Files\\Media Player Classic\\mplayerc.exe "=
"C:\\Program Files\\Xfire\\Xfire.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\Starcraft\\StarCraft.exe "=
"C:\\Program Files\\Steam\\steamapps\\auron305@yahoo.com\\counter-strike\\hl.exe "=
"C:\\Program Files\\Steam\\steamapps\\auron305@yahoo.com\\half-life\\hl.exe "=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"C:\\Program Files\\Steam\\steamapps\\poison_maniac\\counter-strike\\hl.exe "=
"C:\\Program Files\\AIM6\\aim6.exe "=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\counter-strike\\hl.exe "=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\half-life 2 deathmatch\\hl2.exe "=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\counter-strike source\\hl2.exe "=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"C:\\Program Files\\Steam\\steamapps\\iamthehendrix\\half-life\\hl.exe "=
"C:\\Program Files\\Steam\\steam.exe "=
"C:\\Program Files\\Steam\\steamapps\\auron305@yahoo.com\\team fortress 2\\hl2.exe "=
"C:\\Program Files\\Steam\\steamapps\\gunoa\\counter-strike\\hl.exe "=
"C:\\Program Files\\DNA\\btdna.exe "=
"C:\\Program Files\\BitTorrent\\bittorrent.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe "=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe "=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6887:TCP "= 6887:TCP:6887
"6888:TCP "= 6888:TCP:6888
"6889:TCP "= 6889:TCP:6889
"6990:TCP "= 6990:TCP:6990
"6991:TCP "= 6991:TCP:6991
"6992:TCP "= 6992:TCP:6992
"6993:TCP "= 6993:TCP:6993
"6994:TCP "= 6994:TCP:6994
"6995:TCP "= 6995:TCP:6995
"6996:TCP "= 6996:TCP:6996
"6997:TCP "= 6997:TCP:6997
"6998:TCP "= 6998:TCP:6998
"60384:TCP "= 60384:TCPORT_60384
"9842:TCP "= 9842:TCP:*isabled:SolidNetworkManager
"9842:UDP "= 9842:UDP:*isabled:SolidNetworkManager

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-28 19:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 19:36]
R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 12:24]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6046c3c2-5bce-11d9-9d0a-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5dc1bbc-5bd0-11d9-aaa0-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Andy Lin\Application Data\Mozilla\Firefox\Profiles\wl4ru2ft.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 21:23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\3d4a75ec-cec7-454f-844c-707f0f9bf0f2.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_10650.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-28 21:32:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 04:31:48

Pre-Run: 27,336,904,704 bytes free
Post-Run: 27,293,466,624 bytes free

290

 

MBAM Log

Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

9:05:33 PM 8/28/2008
mbam-log-08-28-2008 (21-05-33).txt

Scan type: Quick Scan
Objects scanned: 46720
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 20
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_id (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_options (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_server1 (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_reserv (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_forms (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_certs (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_options (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_ss (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pstorage (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_command (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_file (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_idproject (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pauseopt (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_pausecert (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletecookie (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_opt_deletesol (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_newversion (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_patch (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Andy Lin\xrt_mhdd.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon.old (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

New HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:45 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Andy Lin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrity/Unit 4 - 01 Intro to Equations/class/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrity/alg13-1/class/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7856 bytes


Thanks for all your help.

Also I can now access antivirus sites, so maybe this problem is fixed, but I'll leave that up to you.

 

Disregard this post. Will post again after I've studied your logs.

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

Double click fix.reg and allow it to merge with the registry.


Please download FindAWF
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, awf.txt will open. Please post it's contents here.

 

Can you further explain how to do the fix.reg thing. I made a new text document and copied the text over, then

Save as:
Filename fix.reg
Save as type: all files
encoding: ANSI

I save it to my desktop and when i double click it still opens as a notepad.

 

Does the icon look like a rubics cube? If so, try right click and Merge.

Please open C:\rsit and post the contents of info.txt

 

EDIT: Ok, I got it added to the registry. I'll run FindAWF now.


info.txt logfile of random's system information tool 2008-08-28 18:04:16

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbiWord 2.4.5 (remove only)-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (Remove Only)--> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe "
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6.0-->C:\Program Files\AIM6\uninst.exe
AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5--> "C:\Program Files\AviSynth 2.5\Uninstall.exe "
BitTornado 0.3.10-->C:\Program Files\BitTornado\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Combined Community Codec Pack 2006-03-06 (Remove Only)-->C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Counter-Strike--> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Video Splitter 1.28--> "C:\Program Files\Easy Video Splitter\unins000.exe "
Freez FLV to MP3 Converter--> "C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe "
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Documents and Settings\Andy Lin\Desktop\Pictures\uninst.exe
Half-Life 2: Episode One--> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two--> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2--> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2--> "C:\Documents and Settings\Andy Lin\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.5--> "C:\Program Files\LimeWire\uninstall.exe "
Magic ISO Maker v5.4 (build 0237)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maxtor Manager--> "C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mil Shield-->C:\Program Files\Mil Incorporated\Mil Shield\Uninstaller.exe
mIRC--> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Natural Selection 3.2--> "c:\program files\steam\steamapps\auron305@yahoo.com\half-life\unins000.exe "
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Phun beta 3.5--> "C:\Program Files\Phun\unins000.exe "
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Portal--> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.51--> "C:\Program Files\Real Alternative\unins000.exe "
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0--> "C:\Program Files\Registry Mechanic\unins000.exe "
Security Update for Windows XP (KB883939)--> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe "
Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896422)--> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896688)--> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899588)--> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB903235)--> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe "
Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
SPORE™ Creature Creator Trial Edition--> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.3--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sven Co-op 3.0-->C:\WINDOWS\unvise32.exe c:\program files\steam\steamapps\auron305@yahoo.com\half-life\SvenCoop\uninstal.log
Team Fortress 2--> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Core Media Player 4.0--> "C:\Program Files\CoreCodec\The Core Media Player\uninstall-tcmp4.exe "
TweakAll 3.0--> "C:\Program Files\Codeforge\TweakAll3\unins000.exe "
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB896727)--> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.08-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
WC3Banlist--> "C:\Program Files\WC3Banlist\unins000.exe "
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe "
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB890923--> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066--> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe "
Windows XP Hotfix - KB893086--> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe "
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xfire (remove only)--> "C:\Program Files\Xfire\uninst.exe "
XnView 1.80--> "C:\Program Files\XnView\unins000.exe "

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=2f02
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO
"CLASSPATH "=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

 

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Thu 08/28/2008
The current time is: 22:32:14.03


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

10/31/2006 03:28 PM 406,016 avgcc.exe
1 File(s) 406,016 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

08/04/2004 12:56 AM 158,208 MSConfig.exe
1 File(s) 158,208 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

406016 Oct 31 2006 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe "
158208 Aug 4 2004 "C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe "
158208 Aug 4 2004 "C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe "


end of report

 

Navigate to C:\Program Files\Grisoft\AVG Free\bak
Right click and copy the file avgcc.exe
Go up one folder to C:\Program Files\Grisoft\AVG Free, right click and Paste the file.

Now delete the following folders.

C:\Program Files\Grisoft\AVG Free\bak
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK


Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


Now do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

Heres the Kaspersky Online Scan report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 29, 2008 06:14:13
Records in database: 1160100
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 96482
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:21:55


File name / Threat name / Threats count
C:\Documents and Settings\Andy Lin\Desktop\Programs\SmitFraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

The selected area was scanned.