Virus blocks me from Antivirus sites/updates

noahdfear · 2008/08/29

Looks great! Delete the C:\Documents and Settings\Andy Lin\Desktop\Programs\SmitFraudFix
SmitfraudFix is updated regularly, and should be re-downloaded if needed again.

Delete FindAWF.exe

Now open MBAM and remove any items quarantined. Do the same with your resident antivirus.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

Run ATF Cleaner once again as previously described.

Run RSIT.exe again and post the log it creates.

GunOA · 2008/08/29

Logfile of random's system information tool (written by random/random)
Run by Andy Lin at 2008-08-29 18:30:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 26 GB (34%) free of 78 GB
Total RAM: 2559 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:34 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy Lin\Desktop\RSIT.exe
C:\Documents and Settings\Andy Lin\Desktop\Andy Lin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrity/Unit 4 - 01 Intro to Equations/class/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrity/alg13-1/class/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7730 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - blank []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-28 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mxomssmenu "=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-05-15 185784]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"nwiz "=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMixerTray "=C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe [2004-03-18 131072]
"nForce Tray Options "=sstray.exe /r []
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"MSConfig "=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam "=c:\program files\steam\steam.exe [2008-04-01 1271032]
"MilShieldSlave "=C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe [2008-04-15 747008]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-04-24 288576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll,wbsys.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Xfire\ua_lsp_inst.exe "= "C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\BitTornado\btdownloadgui.exe "= "C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui "
"C:\Program Files\Media Player Classic\mplayerc.exe "= "C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic "
"C:\Program Files\Xfire\Xfire.exe "= "C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Starcraft\StarCraft.exe "= "C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Warcraft III\Warcraft III.exe "= "C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III "
"C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steam.exe "= "C:\Program Files\Steam\steam.exe:*:Enabled:Steam "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\team fortress 2\hl2.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\team fortress 2\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\gunoa\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\gunoa\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*:EnabledNA "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6046c3c2-5bce-11d9-9d0a-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5dc1bbc-5bd0-11d9-aaa0-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe

List of files/folders created in the last three months

2008-08-29 18:27:28 ----D---- C:\ComboFix
2008-08-28 22:01:34 ----SHD---- C:\RECYCLER
2008-08-28 21:32:55 ----D---- C:\WINDOWS\temp
2008-08-28 21:14:44 ----D---- C:\WINDOWS\erdnt
2008-08-28 20:48:49 ----D---- C:\Documents and Settings\Andy Lin\Application Data\Malwarebytes
2008-08-28 20:48:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 20:48:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 18:04:08 ----D---- C:\rsit
2008-08-27 22:46:32 ----D---- C:\WINDOWS\system32\SuperAdBlocker.com
2008-08-27 19:20:12 ----D---- C:\Program Files\Trend Micro
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\java.exe
2008-08-26 04:30:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-26 04:30:37 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-26 04:30:37 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SUPERAntiSpyware.com
2008-08-26 04:13:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-26 01:51:28 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-08-26 01:17:23 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-26 01:16:58 ----A---- C:\rapport.txt
2008-08-24 22:45:09 ----A---- C:\WINDOWS\ScUnin.exe
2008-08-24 22:44:44 ----D---- C:\Program Files\Starcraft
2008-08-23 18:05:02 ----D---- C:\Mp3 Output
2008-08-23 18:02:27 ----A---- C:\WINDOWS\system32\cc3270mt.dll
2008-08-23 18:00:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\AVS4YOU
2008-08-23 17:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-23 17:59:08 ----D---- C:\Program Files\Common Files\AVSMedia
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-08-20 08:57:37 ----A---- C:\WINDOWS\wb.ini
2008-08-20 08:57:37 ----A---- C:\WINDOWS\system32\wbsys.dll
2008-08-20 08:57:36 ----D---- C:\Program Files\Common Files\Stardock
2008-08-20 08:57:36 ----D---- C:\Program Files\AlienGUIse
2008-08-20 08:32:16 ----D---- C:\Program Files\Apple Software Update
2008-08-19 08:29:35 ----D---- C:\Program Files\Easy Video Splitter
2008-08-19 08:25:33 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\vorbis.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\ogg.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\FXDV1to2.dll
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDSuninst.exe
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDS.dll
2008-08-19 08:25:30 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2008-08-19 05:46:05 ----D---- C:\Program Files\AviSynth 2.5
2008-08-19 05:45:59 ----D---- C:\Program Files\Red Kawa
2008-08-19 00:22:58 ----D---- C:\Program Files\Bonjour
2008-08-19 00:21:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-19 00:21:32 ----D---- C:\Program Files\Common Files\Apple
2008-08-19 00:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-19 00:10:01 ----D---- C:\Program Files\iTunes
2008-08-19 00:10:01 ----D---- C:\Program Files\iPod
2008-07-25 18:46:19 ----D---- C:\Program Files\Pidgin
2008-07-25 12:57:27 ----D---- C:\Documents and Settings\Andy Lin\Application Data\vlc
2008-07-25 12:48:08 ----D---- C:\Program Files\VideoLAN
2008-07-24 16:15:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\gtk-2.0
2008-07-24 16:13:43 ----D---- C:\Documents and Settings\Andy Lin\Application Data\.purple
2008-07-15 16:09:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-06-19 16:22:29 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SPORE Creature Creator
2008-06-19 16:19:54 ----D---- C:\Program Files\Electronic Arts
2008-06-09 18:37:05 ----D---- C:\Program Files\WinPcap
2008-06-09 18:36:39 ----D---- C:\Program Files\WC3Banlist

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S3 a8c3lant;a8c3lant; C:\WINDOWS\system32\drivers\a8c3lant.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-04-19 39248]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-04-19 52304]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-04-19 59984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-04-19 83536]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 npkcusb;npkcusb; \??\C:\WINDOWS\system32\npkcusb.sys []
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 MilShieldCleaner;MilShieldCleaner; C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe [2008-04-15 331776]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;Spyware Doctor Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Also I uninstalled ComboFix, but since I renamed it to FomboCix, the folder is still in my C drive with CF5886 amd nircmd inside, can I just delete those?

Thanks for your help, my computer is back to normal speed and I can access/update my antiviruses

I read somewhere that its bad to have multiple antivirus/spyware programs, so should I delete some? If so which ones?

noahdfear · 2008/08/29

Yes, delete the C:\ComboFix folder.

I see only AVG antivirus running. It's quite OK to have antispyware apps running along with an antivirus app. The thing to avoid is having more than 1 antivirus app.

The log looks great! Just a couple of questions.

1. Do you use/still have installed, the Yahoo Toolbar, and if so, is it functioning properly?

2. Do you use/still have installed, Spyware Doctor, and if so, is it functioning properly?

Now, you get blessed with a speech on P2P.
P2P
I see you have P2P software ([color= "Red"]Ares, BitTorrent[/color]) installed on your machine. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may have been a contributor to your recent situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

GunOA · 2008/08/30

Sorry, was away from my computer for awhile, but I don't recall installing Yahoo Toolbar and I would like to uninstall that if possible, and for Spyware Doctor, I don't use it anymore.

About the P2P, yea I know its dangerous, and I don't use them that often, but I'll be more careful about them in thne future

Thanks for helping again.

noahdfear · 2008/08/31

You can uninstall those apps via Add/Remove programs. Post a fresh RSIT log when done, after doing a reboot.

In reality, it does not matter how careful you are when using p2p apps .... there's absolutely no way for you to know what you will be getting.

GunOA · 2008/09/03

Logfile of random's system information tool (written by random/random)
Run by Andy Lin at 2008-09-03 07:52:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 26 GB (33%) free of 78 GB
Total RAM: 2559 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:21 AM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andy Lin\Desktop\Programs\Programs\RSIT.exe
C:\Program Files\trend micro\Andy Lin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: Tegrity-WebLearner-2569 - http://tegrity.odysseyk12.org/tegrity/Unit 4 - 01 Intro to Equations/class/TWebS.CAB
O16 - DPF: Tegrity-WebLearner-2713 - http://tegrity.odysseyk12.org/tegrity/alg13-1/class/TWebS.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

--
End of file - 7296 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - blank []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-28 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - blank []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz "=C:\WINDOWS\system32\nwiz.exe [2007-12-05 1626112]
"NvMixerTray "=C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe [2004-03-18 131072]
"nForce Tray Options "=sstray.exe /r []
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"MSConfig "=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MilShieldSlave "=C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe [2008-04-15 747008]
"SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-28 1235736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-04-24 288576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2008-04-01 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-05-15 185784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll,wbsys.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Xfire\ua_lsp_inst.exe "= "C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\BitTornado\btdownloadgui.exe "= "C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui "
"C:\Program Files\Media Player Classic\mplayerc.exe "= "C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic "
"C:\Program Files\Xfire\Xfire.exe "= "C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Starcraft\StarCraft.exe "= "C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Warcraft III\Warcraft III.exe "= "C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III "
"C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\poison_maniac\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\iamthehendrix\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steam.exe "= "C:\Program Files\Steam\steam.exe:*:Enabled:Steam "
"C:\Program Files\Steam\steamapps\auron305@yahoo.com\team fortress 2\hl2.exe "= "C:\Program Files\Steam\steamapps\auron305@yahoo.com\team fortress 2\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\gunoa\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\gunoa\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\DNA\btdna.exe "= "C:\Program Files\DNA\btdna.exe:*:EnabledNA "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6046c3c2-5bce-11d9-9d0a-806d6172696f}]
shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5dc1bbc-5bd0-11d9-aaa0-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe

List of files/folders created in the last three months

2008-08-31 05:08:14 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-28 22:01:34 ----SHD---- C:\RECYCLER
2008-08-28 21:32:55 ----D---- C:\WINDOWS\temp
2008-08-28 21:14:44 ----D---- C:\WINDOWS\erdnt
2008-08-28 20:48:49 ----D---- C:\Documents and Settings\Andy Lin\Application Data\Malwarebytes
2008-08-28 20:48:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 20:48:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 18:04:08 ----D---- C:\rsit
2008-08-27 22:46:32 ----D---- C:\WINDOWS\system32\SuperAdBlocker.com
2008-08-27 19:20:12 ----D---- C:\Program Files\Trend Micro
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-26 05:42:54 ----A---- C:\WINDOWS\system32\java.exe
2008-08-26 04:30:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-26 04:30:37 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-26 04:30:37 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SUPERAntiSpyware.com
2008-08-26 04:13:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-26 01:51:28 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-08-26 01:17:23 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-26 01:16:58 ----A---- C:\rapport.txt
2008-08-24 22:45:09 ----A---- C:\WINDOWS\ScUnin.exe
2008-08-24 22:44:44 ----D---- C:\Program Files\Starcraft
2008-08-23 18:05:02 ----D---- C:\Mp3 Output
2008-08-23 18:02:27 ----A---- C:\WINDOWS\system32\cc3270mt.dll
2008-08-23 18:00:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\AVS4YOU
2008-08-23 17:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-23 17:59:08 ----D---- C:\Program Files\Common Files\AVSMedia
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcr70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-08-23 17:59:07 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-08-20 08:57:37 ----A---- C:\WINDOWS\wb.ini
2008-08-20 08:57:37 ----A---- C:\WINDOWS\system32\wbsys.dll
2008-08-20 08:57:36 ----D---- C:\Program Files\Common Files\Stardock
2008-08-20 08:57:36 ----D---- C:\Program Files\AlienGUIse
2008-08-20 08:32:16 ----D---- C:\Program Files\Apple Software Update
2008-08-19 08:29:35 ----D---- C:\Program Files\Easy Video Splitter
2008-08-19 08:25:33 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\vorbis.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\ogg.dll
2008-08-19 08:25:32 ----A---- C:\WINDOWS\system32\FXDV1to2.dll
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDSuninst.exe
2008-08-19 08:25:31 ----A---- C:\WINDOWS\system32\OggDS.dll
2008-08-19 08:25:30 ----A---- C:\WINDOWS\system32\vorbisenc.dll
2008-08-19 05:46:05 ----D---- C:\Program Files\AviSynth 2.5
2008-08-19 05:45:59 ----D---- C:\Program Files\Red Kawa
2008-08-19 00:22:58 ----D---- C:\Program Files\Bonjour
2008-08-19 00:21:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-19 00:21:32 ----D---- C:\Program Files\Common Files\Apple
2008-08-19 00:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-19 00:10:01 ----D---- C:\Program Files\iTunes
2008-08-19 00:10:01 ----D---- C:\Program Files\iPod
2008-07-25 18:46:19 ----D---- C:\Program Files\Pidgin
2008-07-25 12:57:27 ----D---- C:\Documents and Settings\Andy Lin\Application Data\vlc
2008-07-25 12:48:08 ----D---- C:\Program Files\VideoLAN
2008-07-24 16:15:25 ----D---- C:\Documents and Settings\Andy Lin\Application Data\gtk-2.0
2008-07-24 16:13:43 ----D---- C:\Documents and Settings\Andy Lin\Application Data\.purple
2008-07-15 16:09:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-06-19 16:22:29 ----D---- C:\Documents and Settings\Andy Lin\Application Data\SPORE Creature Creator
2008-06-19 16:19:54 ----D---- C:\Program Files\Electronic Arts
2008-06-09 18:37:05 ----D---- C:\Program Files\WinPcap
2008-06-09 18:36:39 ----D---- C:\Program Files\WC3Banlist

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
R3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S3 ajl9v96a;ajl9v96a; C:\WINDOWS\system32\drivers\ajl9v96a.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-04-19 39248]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-04-19 52304]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-04-19 59984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-04-19 83536]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 npkcusb;npkcusb; \??\C:\WINDOWS\system32\npkcusb.sys []
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 MilShieldCleaner;MilShieldCleaner; C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe [2008-04-15 331776]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;Spyware Doctor Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Yahoo Toolbar and Spyware Doctor didn't show up in my list in Add/Remove Programs, it doesn't really bother me though, so I don't need it deleted. Unless you advise that I do.

noahdfear · 2008/09/07

Just a bit of final cleanup, if you want.

Highlight and copy the contents of the code box below.
Code:
sc delete sdAuxService
sc delete sdCoreService
reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice
reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice
reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice
reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice
exit
cls
Click Start>Run and type cmd then hit Enter to open a command window.
Right click in the command window then Paste the copied text.
The command window will close on it's own.

Now delete the following folders.

C:\rsit
C:\Program Files\Spyware Doctor

Scan again with HijackThis and place a check next to the following entries.

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)

Close all open browser windows and click Fix Checked. Exit HijackThis.

That should do it. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

Log in or Sign up

Virus blocks me from Antivirus sites/updates

noahdfear Inactive

GunOA Inactive Thread Starter

noahdfear Inactive

GunOA Inactive Thread Starter

noahdfear Inactive

GunOA Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Virus blocks me from Antivirus sites/updates

noahdfear Inactive

GunOA Inactive Thread Starter

noahdfear Inactive

GunOA Inactive Thread Starter

noahdfear Inactive

GunOA Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches