Active browsersURL is redirected–I can’t update antivirus software

[Active] browsersURL is redirected–I can’t update antivirus software

browsers URL is redirected "“I can’t update antivirus software "“ computer very slow

One of my computers (HP-laptop zd8000, running with Windows XP Professional 5.1.2600 service pack 3) is infected with some malware.
When I search in Googles the search results look ok but once I click on the results I am redirected to a site that is all advertising. Both of my browsers (My default browser is Mozilla’s Firefox (version 2.0.0.20) but same redirecting occurs with InternetExplorer (7.0.5730.11)) can’t access AVG or other antivirus sites and instead they, too are redirected to some fishy looking sites. Pretty much all pages going to certain Antivirus or anti spyware sites are redirected.

My antivirus software was not up to date, but I am now unable to update the AVG 7.5 free version antivirus software. I managed to uninstall AVG 7.5 and replaced it with AVG 8.0 free but I still can’t update it. I ran a scan and it found tracking cookies but nothing serious. I also installed and ran Threatfire from PC Tools free version "“it found something and I had it deleted but the computer is still slow and redirects the browser.
Same with Avira AntivirPersonal (free edition) found 3 threats or Trojan horses (of which one was FreeRip3.exe, which is a free MP3 Ripper and I don’t believe it is a Trojan horse - at least no one online seems to think so)

I used Restore Point in Windows with no success (first I went back 3 months, then a day).

I searched online and found that other users have similar problems, and I tried some of the suggestions:
Downloading malwarebytes: I had to download it with another computer then moved it over and found that the program won’t install. I tried it on another machine and it worked fine. Same with Spybot Search and Destroy program: during installation it is looking for the latest update or definitions and that hangs it up. ( Just on a side note: I did install Spybot on my "default" laptop and it found things that Adware from Lavasoft didn’t "“ I will use it now on all computers. The latest version is also more user friendly than it used to be).
I also tried running Adware from Lavasoft, which was my standard anti spyware program, but it wouldn’t let me download newer definitions.

ClamWin ran successfully, I couldn’t even run an update on the affected computer "“ but no results.

Somebody suggested to check the "hosts" file (under C:\WINDOWS\system32\drivers\etc). But all I found was one address to a local host, that one wasn’t supposed to delete.

Since this is my alternate and older laptop I am thinking of doing a clean install. I have a recovery disk that came with the computer. There are only 4 programs that I would need to reinstall plus 2 browsers (IE and Mozillas Firefox). Would that be the fastest way to get rid of that virus?



Below please find the log file from RSIT. I ran it first around noon today and then again later today after I did various installs and uninstalls "“ none of which fixed my problem. But it did resulted into 2 different log times> When I ran RSIT again this afternoon one log file was updated the other remained the same clock time. The log file shows 16hours while info.txt shows 12 o’clock (beats me why this didn’t update).


I also noticed that I have start up problems: Often it hangs up or it takes a long time to start up.


Thank you very much for your help,
Martin



Logfile of random's system information tool 1.05 (written by random/random)
Run by Martin at 2008-12-26 16:19:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 510 MB (57% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-23 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-23 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-05-07 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-05-07 720896]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-23 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray "=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"SynTPLpr "=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"LSBWatcher "=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2005-05-07 98304]
"OpwareSE2 "=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"hpWirelessAssistant "=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-13 180269]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-23 1261336]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
"HP Software Update "=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"eabconfg.cpl "=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"Cpqset "=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-10-22 229438]
"ATIPTA "=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-08 339968]
"Adobe Version Cue CS2 "=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Acrobat Assistant 7.0 "=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]
"ThreatFire "=C:\Program Files\ThreatFire\TFTray.exe [2008-11-17 263456]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr "=C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"AROReminder "=C:\Program Files\Advanced Registry Optimizer\aro.exe [2008-08-22 2084480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Internet Explorer\IEXPLORE.EXE "= "C:\Program Files\Internet Explorer\IEXPLORE.EXE:*isabled:Internet Explorer "
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe "= "C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1 "
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2008-12-26 12:23:30 ----D---- C:\rsit
2008-12-26 12:23:30 ----D---- C:\Program Files\trend micro
2008-12-26 10:17:33 ----D---- C:\Program Files\Avira
2008-12-26 10:17:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-23 18:27:59 ----D---- C:\Documents and Settings\Martin\Application Data\Sammsoft
2008-12-23 18:27:45 ----D---- C:\Program Files\Advanced Registry Optimizer
2008-12-23 16:52:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 15:58:47 ----D---- C:\Program Files\ThreatFire
2008-12-23 15:58:47 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-23 15:37:04 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-23 15:26:45 ----SHD---- C:\WINDOWS\CSC
2008-12-23 15:01:42 ----D---- C:\Program Files\RogueRemover FREE
2008-12-23 12:49:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 11:15:32 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-23 11:15:17 ----D---- C:\Documents and Settings\Martin\Application Data\AVGTOOLBAR
2008-12-23 11:15:02 ----D---- C:\Program Files\AVG
2008-12-23 11:15:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-10 17:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 17:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 17:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 17:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-15 14:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 14:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-15 14:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-31 20:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-31 20:25:16 ----D---- C:\WINDOWS\Prefetch
2008-10-30 21:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-30 21:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-30 21:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-30 21:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-30 21:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-30 21:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-30 21:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-30 21:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-30 21:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-30 21:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-30 21:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-30 21:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-30 21:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-30 21:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-30 21:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-30 21:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-30 21:02:11 ----D---- C:\WINDOWS\system32\scripting
2008-10-30 21:02:11 ----D---- C:\WINDOWS\l2schemas
2008-10-30 21:02:10 ----D---- C:\WINDOWS\system32\en
2008-10-30 21:02:09 ----D---- C:\WINDOWS\system32\bits
2008-10-30 20:58:12 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-30 20:50:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-25 16:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-14 19:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-14 19:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-14 19:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-14 19:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-26 16:13:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-26 15:53:47 ----D---- C:\WINDOWS\system32\drivers
2008-12-26 15:53:39 ----D---- C:\WINDOWS\Registration
2008-12-26 15:51:55 ----D---- C:\WINDOWS
2008-12-26 15:51:44 ----D---- C:\WINDOWS\Temp
2008-12-26 15:51:07 ----D---- C:\Documents and Settings\Martin\Application Data\WTablet
2008-12-26 15:47:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-26 15:43:35 ----SHD---- C:\WINDOWS\Installer
2008-12-26 15:43:35 ----RD---- C:\Program Files
2008-12-26 15:43:35 ----D---- C:\Config.Msi
2008-12-26 15:43:06 ----D---- C:\Program Files\Yahoo SiteBuilder
2008-12-23 18:28:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 16:28:14 ----D---- C:\WINDOWS\system32
2008-12-23 13:01:22 ----RASH---- C:\boot.ini
2008-12-23 13:01:22 ----A---- C:\WINDOWS\win.ini
2008-12-23 13:01:22 ----A---- C:\WINDOWS\system.ini
2008-12-23 13:01:04 ----D---- C:\WINDOWS\pss
2008-12-23 11:15:00 ----D---- C:\WINDOWS\WinSxS
2008-12-23 10:54:09 ----D---- C:\Program Files\Grisoft
2008-12-23 10:53:47 ----D---- C:\WINDOWS\system
2008-12-18 18:56:48 ----HD---- C:\WINDOWS\inf
2008-12-18 18:56:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 18:56:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 17:43:11 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 17:42:54 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-14 08:39:14 ----D---- C:\WINDOWS\Help
2008-11-09 11:11:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 20:27:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-31 20:26:30 ----A---- C:\WINDOWS\setuplog.txt
2008-10-31 20:24:13 ----D---- C:\WINDOWS\system32\Setup
2008-10-31 20:24:12 ----D---- C:\WINDOWS\system32\wbem
2008-10-31 20:24:12 ----D---- C:\WINDOWS\AppPatch
2008-10-31 20:24:10 ----RSD---- C:\WINDOWS\Fonts
2008-10-30 21:15:20 ----D---- C:\WINDOWS\security
2008-10-30 21:12:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 21:09:54 ----D---- C:\Program Files\Messenger
2008-10-30 21:02:33 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-30 21:02:32 ----D---- C:\WINDOWS\network diagnostic
2008-10-30 21:02:32 ----D---- C:\WINDOWS\ime
2008-10-30 21:02:13 ----D---- C:\WINDOWS\system32\usmt
2008-10-30 21:02:13 ----D---- C:\WINDOWS\system32\en-US
2008-10-30 21:02:09 ----D---- C:\WINDOWS\PeerNet
2008-10-30 21:02:09 ----D---- C:\Program Files\Movie Maker
2008-10-30 20:57:59 ----D---- C:\WINDOWS\system32\Restore
2008-10-30 20:57:59 ----D---- C:\WINDOWS\system32\npp
2008-10-30 20:57:59 ----D---- C:\WINDOWS\mui
2008-10-30 20:57:56 ----D---- C:\WINDOWS\msagent
2008-10-30 20:57:54 ----D---- C:\WINDOWS\srchasst
2008-10-30 20:57:53 ----D---- C:\Program Files\NetMeeting
2008-10-30 20:57:51 ----D---- C:\WINDOWS\system32\Com
2008-10-30 20:57:48 ----D---- C:\Program Files\Windows NT
2008-10-30 20:57:48 ----D---- C:\Program Files\Outlook Express
2008-10-30 20:57:44 ----D---- C:\Program Files\Common Files\System
2008-10-30 20:57:28 ----D---- C:\WINDOWS\system32\oobe
2008-10-30 20:53:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-30 20:50:28 ----D---- C:\WINDOWS\ehome
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-02 20:38:44 ----D---- C:\Documents and Settings\Martin\Application Data\AdobeUM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-23 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-09 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-09 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-08 988672]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-11-17 293120]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-11-17 280192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-15 207232]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 6144]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 AVC3310F;AVC-3310/AVC-3610 USB Loader; C:\WINDOWS\System32\Drivers\avcuwfl2.sys [2004-11-02 17536]
S3 AvcUWil2;Adaptec AVC-3210/3310/3610 USB Device; C:\WINDOWS\system32\DRIVERS\avcuwil2.sys [2004-11-02 1433920]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-07-08 53816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RT73;Sitecom Wireless Network USB Adapter 54G WL-113_002 Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-04 245504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-07 611664]
R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-08 352256]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-23 231704]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2006-08-30 942080]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-11-17 70944]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\Shared\hpqwmi.exe [2005-03-04 98304]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2006-10-27 74360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------










info.txt logfile of random's system information tool 1.05 2008-12-26 12:23:38

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe InDesign 1.5-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Adobe\InDesign 1.5\Uninst.isu" -c "C:\Program Files\Adobe\InDesign 1.5\Uninst.dll "
Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c "C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll "
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Registry Optimizer--> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AutoCAD 2000-->C:\WINDOWS\uninst.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c "C:\PROGRA~1\ACAD2000\unacad.dll
AutoCAD 2005 - English-->MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
AutoCAD 2005 Express Tools Volumes 1-9-->MsiExec.exe /X{5783F2D7-0311-0409-0000-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon i9900-->C:\WINDOWS\system32\CNMCP5p.exe "-PRINTERNAMECanon i9900" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i9900 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i9900 Installer\Inst2\cnmi0409.dll "
Canon iP90 Setup Utility--> "C:\Program Files\Canon\Canon iP90 Setup Utility\Maint.exe" /Uninstall C:\Program Files\Canon\Canon iP90 Setup Utility\uninst.ini
Canon iP90-->C:\WINDOWS\system32\CNMCP71.exe "-PRINTERNAMECanon iP90" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon iP90 Installer\Inst2\cnmi0409.dll "
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Conexant AC-97 Audio-->CIAunwdm.exe
Conexant Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C\HXFSETUP.EXE -U -Ihpm30825.inf
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Canon\Easy-WebPrint\Uninst.isu "
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FreeRIP v3.09--> "C:\Program Files\FreeRIP3\unins000.exe "
GemMaster Mystic--> "C:\Program Files\GemMaster\uninstallgemmaster.exe "
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Dual TV Tuner / Digital Video Recorder Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F575545A-51DE-4909-9095-738A83637826}\Setup.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Assistant 1.01 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo WinDVD--> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.9--> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe "
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' RogueRemover--> "C:\Program Files\RogueRemover FREE\unins000.exe "
Manual CanoScan LiDE 60-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
Nero 6 Demo-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Otto--> "C:\Program Files\EnglishOtto\uninstallotto.exe "
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Quick Launch Buttons 5.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB958215)--> "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB960714)--> "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB952069)--> "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954600)--> "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956802)--> "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Tablet-->C:\Program Files\Tablet\Remove.exe /u
TaxCut Standard 2005-->C:\PROGRA~1\TaxCut05\Program\removetc.exe
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
ThreatFire 4.0--> "C:\Program Files\ThreatFire\unins000.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Update for Windows XP (KB955839)--> "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe "
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)-->C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Winamp (remove only)--> "C:\Program Files\Winamp\UninstWA.exe "
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
Yahoo! SiteBuilder--> "C:\Program Files\Yahoo SiteBuilder\uninstall.exe "
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AV: Avira AntiVir PersonalEdition

System event log

Computer Name: HP-LAPTOP
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments " "
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 5
Source Name: DCOM
Time Written: 20081223152713.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HP-LAPTOP
Event Code: 1002
Message: The IP address lease 192.168.1.129 for the Network Card with network address 00904BF6A7C3 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 4
Source Name: Dhcp
Time Written: 20081223152651.000000-300
Event Type: error
User:

Computer Name: HP-LAPTOP
Event Code: 4201
Message: The system detected that network adapter Broadcom 802.11b/g WLAN - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3
Source Name: Tcpip
Time Written: 20081223152651.000000-300
Event Type: information
User:

Computer Name: HP-LAPTOP
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20081223152642.000000-300
Event Type: information
User:

Computer Name: HP-LAPTOP
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20081223152642.000000-300
Event Type: information
User:

Application event log

Computer Name: HP-LAPTOP
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1014
Source Name: LightScribeService
Time Written: 20060204052120.000000-300
Event Type: information
User:

Computer Name: HP-LAPTOP
Event Code: 1
Message:
Record Number: 1013
Source Name: Avg7UpdSvc
Time Written: 20060204052119.000000-300
Event Type: information
User:

Computer Name: HP-LAPTOP
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 1012
Source Name: SecurityCenter
Time Written: 20060203155239.000000-300
Event Type: information
User:

Computer Name: HP-LAPTOP
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1011
Source Name: LightScribeService
Time Written: 20060203155229.000000-300
Event Type: information
User:

Computer Name: HP-LAPTOP
Event Code: 1
Message:
Record Number: 1010
Source Name: Avg7UpdSvc
Time Written: 20060203155228.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION "=0401
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"SonicCentral "=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

 

I tried to run ComboFix as suggested by Geri to bernyx ( [Active] Computer may be infected ). It wouldn’t run.

In my post above I wrote:
ClamWin ran successfully, I couldn’t even run an update on the affected computer – but no results.
This is a mistake, what I meant to say is:
ClamWin ran successfully, I COULD run an update on the affected computer – but no results.

 

I solved my problem. Or better noahfear did it. I followed the instructions he gave to tigerdistr in the threat "win32/tenga.gen virus - it took overâ€
at
http://www.windowsbbs.com/malware-virus-removal/79729-active-win32-tenga-gen-virus-took-over.html

My problem was a different than tigerdistr, but it worked anyway.

However I’m also posting his instructions here as I did it for me anyway and I thought if anybody else has a similar problem they can just follow along here:



noahdfear suggested to tigerdistr:

“This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to Report
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.â€


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Martin: I tried that and here is the log

tdssmqlt.sys;c:\windows\system32\drivers;BackDoor.Tdss.29;Deleted.;
data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Martin\Desktop\ComboFix.exe\data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Martin\Desktop\ComboFix.exe;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Martin\Desktop;Archive contains infected objects;;
TDSSd91d.tmp;C:\Documents and Settings\Martin\Local Settings\Temp;Probably Trojan.Packed.365;;
TDSSd95c.tmp;C:\Documents and Settings\Martin\Local Settings\Temp;Trojan.Starter.896;;
mito[1].gif;C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\UBU7037W;Probably Trojan.Packed.365;;
TDSSnrsr.dll;C:\WINDOWS\system32;BackDoor.Tdss.30;;
TDSSofxh.dll;C:\WINDOWS\system32;BackDoor.Tdss.22;;
TDSSoiqb.dll;C:\WINDOWS\system32;BackDoor.Tdss.29;;
TDSSosvd.dll;C:\WINDOWS\system32;BackDoor.Tdss.21;;


++++++++++++++++++++++++++++++++++++++++++++++++++++++++

noahdfear told tigerdistr:
Appears only the items in the C:\SPYWARE\backup folder are infected, so remove everything in that folder. If that is Spyware Terminator's quarantine folder, best to remove those items via the Spyware Terminator interface.


++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Martin:
Since I didn’t have Spyware I let Dr.Web CureIt delete it.
And I moved ComboFix.exe to the trash and deleted it.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++




Download ATF Cleaner by Atribune and save it to your Desktop.
• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
o Windows Temp
o Current User Temp
o All Users Temp
o Temporary Internet Files
o Prefetch
o Java Cache
o Recycle bin

• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
Reboot

-+++++++++++++++++++++++++++++++++++++++++
Martin:
I did that too, but when I did the reboot the computer hang up (more than 5min of shutting down ). I had to force it off by pushing the power key for 3 seconds.
That’s seem to happened often and might not related to the virus problem

+++++++++++++++++++++++++++++++++++++++++++++++++++++

Now, lets clear out System Restore, provided everything appears to be working normally.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


That should be all that's necessary. Let me know if there is any other abnormal behavior or further detections.


-+++++++++++++++++++++++++++++++++++++++++
Martin:
Wow "“ it worked for me. I could finally update AVG and I am running Spybot just at this very minute.
Thanks noahdfear (and Dr. Web "“ that program found what Clamwin, Avira, Norman MalwareRemover, RogueRemove and others didn’t)



+++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Hi Martin, and welcome to WindowsBBS

I recommend you run ComboFix to cleanup leftovers and correct some of the other changes that infection affects.

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Thank you very much for your reply.
I ran ComboFix and pasted the log below.

The machine seems to work fine now.
I took AVG off and I am now running the Avira Software instead "“ I disabled it before running ComboFix.
I’ve also installed Spybot but I forgot to disable it (or the tea timer?) before ComboFix did its thing. However I guess the program took care of it, because after ComboFix restarted the computer the Sypbot symbol was gone from tray at the lower right corner at the screen.

I liked the aggressiveness (or thoroughness) of the 2 programs you suggested: DrWeb CureIt and ComboFix.
Do you think it is a good idea to run these programs on my other computers, which is one Dell Laptop Inspiron E1705 and 2 Dell Desktops all running on Windows XP service pack 3. None have a problem and I ran Spybot, Adaware and AVG-complete scan on all machines.
Do you think I can do more harm than good?
Thank you for advice!
Martin

PS. Your instructions form your last post and from the ones I pasted into this threat were great and a joy to follow.





ComboFix 08-12-26.03 - Martin 2008-12-28 11:51:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.207 [GMT -5:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSpaxt.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-27 17:47 . 2008-12-27 17:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-27 17:47 . 2008-12-27 19:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 14:14 . 2008-12-27 14:14 <DIR> d-------- c:\documents and settings\Martin\DoctorWeb
2008-12-26 12:23 . 2008-12-26 12:23 <DIR> d-------- C:\rsit
2008-12-26 12:23 . 2008-12-26 12:23 <DIR> d-------- c:\program files\trend micro
2008-12-26 10:17 . 2008-12-26 10:17 <DIR> d-------- c:\program files\Avira
2008-12-26 10:17 . 2008-12-26 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-23 18:27 . 2008-12-23 18:27 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2008-12-23 18:27 . 2008-12-23 18:27 <DIR> d-------- c:\documents and settings\Martin\Application Data\Sammsoft
2008-12-23 16:52 . 2008-12-26 20:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-23 15:58 . 2008-12-27 09:03 <DIR> d-------- c:\program files\ThreatFire
2008-12-23 15:37 . 2008-12-23 15:37 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-12-23 11:15 . 2008-12-23 11:15 <DIR> d-------- c:\program files\AVG
2008-12-23 11:15 . 2008-12-27 20:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-10 20:09 . 2008-12-27 09:11 2,707 --a------ c:\windows\system32\TDSSriqp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 16:56 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2008-12-28 01:26 --------- d-----w c:\documents and settings\Martin\Application Data\WTablet
2008-12-28 00:47 --------- d-----w c:\program files\TaxCut05
2008-12-27 01:37 --------- d-----w c:\program files\Common Files\Real
2008-12-26 23:12 --------- d-----w c:\program files\DIGStream
2008-12-26 20:43 --------- d-----w c:\program files\Yahoo SiteBuilder
2008-11-29 13:48 171,040 ----a-w c:\documents and settings\Martin\Application Data\GDIPFONTCACHEV1.DAT
2006-01-13 22:48 251 ----a-w c:\program files\wt3d.ini
2000-06-05 21:47 32,768 ----a-w c:\program files\mozilla firefox\plugins\AppSub32.dll
2008-12-19 18:07 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:07 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:07 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:07 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:07 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr "= "c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"AROReminder "= "c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"LSBWatcher "= "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-05-07 98304]
"OpwareSE2 "= "c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"hpWirelessAssistant "= "c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset "= "c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-08 339968]
"Adobe Version Cue CS2 "= "c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 7.0 "= "c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-10-27 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-11 113664]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-11 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-02-24 10872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-04-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

S3 AVC3310F;AVC-3310/AVC-3610 USB Loader;c:\windows\system32\Drivers\avcuwfl2.sys [2005-05-07 17536]
S3 AvcUWil2;Adaptec AVC-3210/3310/3610 USB Device;c:\windows\system32\DRIVERS\avcuwil2.sys [2005-05-07 1433920]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {F0EC6062-6D05-4898-BF29-A5A2951DB09B} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\oau4o0zr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 11:56:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?9?4?2??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\Tablet.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2008-12-28 12:01:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 17:01:16

Pre-Run: 61,726,367,744 bytes free
Post-Run: 61,567,156,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

164 --- E O F --- 2008-12-18 23:56:52

 

I just reread my last post and found a bunch of typos and errors. Sorry about this. English is not my first language , but I think it is all understandable.
I wrote this just in case there are more posts coming from me....
Martin

 

Delete the following file, then empty the recycle bin.

c:\windows\system32\TDSSriqp.dll


Now lets do an online scan to make sure nothing else is hiding. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.


DrWeb would be fine to use regularly to scan. Make sure to always do a scan only and check the results carefully to avoid removing legitimate items. ComboFix is a specialized malware removal tool and should not be used unless recommended and under the supervision of someone trained in it's use. I feel there's a pretty accurate explanation of that recommendation here.

 

Hi Dave,
Thanks for your last reply – and the link to a ComboFix comment – I’m staying clear of that.

RE: Kaspersky Scan: After all the cleaning I did, I’m surprised that the Kaspersky scan found anything. Maybe it is just a harmless leftover?
Looking forward to hearing from you.
Thank you,
Martin




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 29, 2008 12:04:46
Records in database: 1528109
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 78416
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:23:07


File name / Threat name / Threats count
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

 

Hi Dave,
This is a second post and this is NOT the Kaspersky Scan report that you wanted but from a different computer.

I liked that Kaspersky program better than DrWeb and so I ran a scan on our desktops. One was clean and the other had three infections (even after scanning with spybot, adware and AVG free).

Is posting it here ok, since it is not really part of my original problem and concerns a different computer? I’m not sure if this is against the protocol – if so, I'm sorry and maybe you have the authority to delete it and I will start a new threat. Thanks.

If not, could you have a look at it and tell me what to do? Thanks again.

Martin





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 29, 2008 14:29:16
Records in database: 1528525
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 110601
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:54:42


File name / Threat name / Threats count
C:\WINDOWS\system32\.pif Infected: Trojan-Downloader.BAT.Ftp.z 1
C:\WINDOWS\system32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.r 1
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.c 1

The selected area was scanned.

 

The toolbar shown in the first Kaspersky scan is no threat. Lets finish cleaning up that machine.
Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.
Delete RSIT.exe and the C:\rsit folder, then empty the recycle bin.
That should wrap things up there.

Now, this other computer ....... download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment. No need for that though ..... just post it as you would any other log.

 

Hi Dave,
I uninstalled ComboFix as instructed. It finished with a message that Combofix has been successfully uninstalled.
I did a search in the C directory: there were no “Qoobox” file left but I found various ComboFix files:

COMBOFIX.EXE-31D053F6.pf in C:\WINDOWS\Prefetch

and a folder “C:\ComboFix” containing the following files:

badclsid
clsid
ffdefstr.dll

Can I drag them to the trash and empty it?

++++++++++++++++++++++++++++++++

Now to the infected Desktop:
I downloaded the dds.scr file.
I double clicked it.
Windows came up with the typical “Open File – Security Warning”
it read
Name: dds.scr
Publisher: Unkown Publisher
Type: AutoCAD Script

After clicking on “Run”, Notepad started and produced a long document of gibberish.

You told me to “Disable any script blocking protection” – but I’m not sure I did that right. I took it to disable all Spyware and antivirus programs. I disabled Spybot (or the Teatimer – or whatever that Spybot symbol in the Taskbar Notification area is) and I disabled the AVG’s resident shield.

Here are the first few lines that came up in the Notepad txt file that the script produced:

MZP    ÿÿ ¸ @   º ´ Ã!¸
LÃ!This program must be run under Win32
$7 PE L
 pÛÇH à 

 À €
PC
P @     p       ìd  P ì UPX0 €
  € àUPX1 À
¶  @ à.rsrc P  º @ À 3.03 UPX!
 íÆwçW’+ G³ 6 & 'ÿï¾Ã½Ã¨ +pP
6z U‹Ã¬SVW‹}‹]wïþÿ‹u‹Ã“ÿuhÃ¥PA j
‹Ã†‹Ã0H¬Ã®Ã®Ã¾Ã­Ã«
,tKtëW!jfVB9(¸Ã®¿Ã¿Ã¯ ëGfçÿÿfÿÃt#ë0h€“߿îh¬iFe)8˜j
18z¿Ã½µ[3Àë_^[]Â!Ø ’ò½Ã›»%é
~‹E£8j$ÿ53Ù—ìv €£J»Ã½Ã¿gfƒÃ¯p¡+NPðPZ¸{+]{orË
l

It went on and on...

Is AutoCAD scripting the problem?

Again, thanks a lot for your help.
Martin

 

Yes, delete the leftover ComboFix folder. No need to worry about the prefetch file.


scr file handling has been changed from default by autocad. Delete that copy and download this one. It is a different file format.

 

Hi Dave,
This post concerns just the HP-laptop. It contains 3 topics:
1.) Thanks for your help
2.) Antivirus Software
3.) Unaesthetic folder

1.)
I deleted the ComboFix leftovers (and ignored the Prefetch file). The computer is running great: Thanks a lot for all your help!

2.)
I was too lazy or too time pressured to keep up to date with antivirus stuff on this machine…I learned my lesson. As an interim solution I have Antivir Personal von Avira running and Sypbot-SD Resident shield.
Antivir is new for me, and I’m testing it – my 3 other computers run with AVG free. I was looking around in the Forum and I found that NOD32 might be the best program to use.

I found a post of yours from 2004 where you suggested

“ eTrust. Lightweight AND effective. Try it free.”
I only got funny results at : http://myetrust.com/ - it might be discontinued ?

If you know of a good link to a current Antivirus discussion for XP – I much appreciate it – like the links about ComboFix. Thanks.

3.)
While poking in the C:\ directory I found a folder with only one text file in it.
Folder name: 64764561bace3dff0766833aab
Txt File: msxml4-KB927978-enu.log

I don’t know what this file is for: Can I delete them? (It’s only because that they have ugly, long, meaningless names… (I’m not anal – or am I..?)

Content of that text file:

=== Verbose logging started: 12/8/2006 20:01:06 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (80:AC) [20:01:06:633]: Resetting cached policy values
MSI (c) (80:AC) [20:01:06:633]: Machine policy value 'Debug' is 0
MSI (c) (80:AC) [20:01:06:633]: ******* RunEngine:
******* Product: c:\64764561bace3dff0766833aab\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (80:AC) [20:01:06:633]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (80:AC) [20:01:06:633]: Grabbed execution mutex.
MSI (c) (80:AC) [20:01:06:742]: Cloaking enabled.
MSI (c) (80:AC) [20:01:06:742]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (80:AC) [20:01:06:758]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (60:9C) [20:01:06:773]: Grabbed execution mutex.
MSI (s) (60:74) [20:01:06:773]: Resetting cached policy values
MSI (s) (60:74) [20:01:06:773]: Machine policy value 'Debug' is 0
MSI (s) (60:74) [20:01:06:773]: ******* RunEngine:
******* Product: c:\64764561bace3dff0766833aab\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (60:74) [20:01:06:804]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (60:74) [20:01:06:836]: File will have security applied from OpCode.
MSI (s) (60:74) [20:01:06:914]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\64764561bace3dff0766833aab\msxml.msi' against software restriction policy
……
…….
(Martin: and so on )
……
…….
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = c:\64764561bace3dff0766833aab\
Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Property(S): ProductToBeRegistered = 1
MSI (s) (60:74) [20:01:26:724]: Note: 1: 1707
MSI (s) (60:74) [20:01:26:724]: Product: MSXML 4.0 SP2 (KB927978) -- Installation completed successfully.

MSI (s) (60:74) [20:01:26:755]: Cleaning up uninstalled install packages, if any exist
MSI (s) (60:74) [20:01:26:755]: MainEngineThread is returning 0
MSI (s) (60:9C) [20:01:26:864]: Destroying RemoteAPI object.
MSI (s) (60:AC) [20:01:26:864]: Custom Action Manager thread ending.
=== Logging stopped: 12/8/2006 20:01:26 ===
MSI (c) (80:AC) [20:01:26:864]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (80:AC) [20:01:26:864]: MainEngineThread is returning 0
=== Verbose logging stopped: 12/8/2006 20:01:26 ===


(Martin: EOF )

 

Hi Dave,
Regarding the infected DELL desktop:
The new link you gave me worked great. Here are the results:

DDS TEXT

DDS (Version 1.1.0) - NTFSx86
Run by Martin at 10:28:01.68 on 12/31/08
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.51 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [\\LAURA\EPSON Stylus Photo R2400] c:\windows\system32\spool\drivers\w32x86\3\e_fati9sa.exe /fu "c:\docume~1\martin\locals~1\temp\E_SE.tmp" /EF "HKCU "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe "
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe "
mRun: [<NO NAME>]
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~3.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\martin\applic~1\mozilla\firefox\profiles\t93hh5oy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-23 26824]
R2 aawservice;Lavasoft Ad-Aware Service; "c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-23 231704]
R2 Maxtor Sync Service;Maxtor Service; "c:\program files\maxtor\sync\SyncServices.exe" [2008-7-21 193888]

=============== Created Last 30 ================

2008-12-29 13:21 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-29 13:21 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-29 12:45 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-29 12:45 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-29 12:45 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-29 12:45 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-29 12:45 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-29 12:45 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-29 12:45 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-29 12:45 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-29 12:45 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-23 16:34 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-23 16:34 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-23 16:33 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-23 16:33 <DIR> --d----- c:\docume~1\martin\applic~1\AVGTOOLBAR
2008-12-23 16:33 <DIR> --d----- c:\program files\AVG
2008-12-23 16:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

==================== Find3M ====================

2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2007-11-28 14:12 226,160 a------- c:\docume~1\martin\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 10:28:54.85 ===============









+++++++++++++++++++++++++++++++++++
ATTACH TEXT

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04/01/03 12:19:50 PM
System Uptime: 12/31/08 10:02:46 AM (0 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2386/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 84.759 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 M Network Connection
Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_01451028&REV_10\4&19FD8D60&0&60F0
Manufacturer: Intel
Name: Intel(R) PRO/100 M Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_01451028&REV_10\4&19FD8D60&0&60F0
Service: E100B

==== System Restore Points ===================

RP1038: 11/13/08 10:31:19 AM - System Checkpoint
RP1039: 11/13/08 7:56:48 PM - Software Distribution Service 3.0
RP1040: 11/18/08 8:29:26 AM - System Checkpoint
RP1041: 11/19/08 8:43:28 AM - System Checkpoint
RP1042: 11/20/08 9:08:30 AM - System Checkpoint
RP1043: 11/26/08 2:50:37 PM - System Checkpoint
RP1044: 12/01/08 9:59:57 AM - System Checkpoint
RP1045: 12/03/08 10:02:12 AM - System Checkpoint
RP1046: 12/06/08 9:28:14 PM - System Checkpoint
RP1047: 12/08/08 6:39:20 AM - System Checkpoint
RP1048: 12/09/08 7:27:45 AM - System Checkpoint
RP1049: 12/09/08 5:00:59 PM - Software Distribution Service 3.0
RP1050: 12/13/08 1:04:17 PM - Software Distribution Service 3.0
RP1051: 12/16/08 2:22:53 PM - System Checkpoint
RP1052: 12/17/08 3:16:22 PM - System Checkpoint
RP1053: 12/19/08 8:28:22 AM - System Checkpoint
RP1054: 12/19/08 2:08:31 PM - Software Distribution Service 3.0
RP1055: 12/20/08 2:19:17 PM - System Checkpoint
RP1056: 12/22/08 8:55:57 AM - System Checkpoint
RP1057: 12/23/08 9:42:10 AM - System Checkpoint
RP1058: 12/23/08 4:13:55 PM - Removed AVG 7.5
RP1059: 12/23/08 4:33:46 PM - Installed AVG Free 8.0
RP1060: 12/23/08 9:56:16 PM - Spybot-S&D Spyware removal
RP1061: 12/26/08 11:23:17 AM - Avg8 Update
RP1062: 12/28/08 12:34:44 PM - System Checkpoint
RP1063: 12/28/08 5:56:24 PM - Spybot-S&D Spyware removal
RP1064: 12/29/08 12:33:03 PM - Software Distribution Service 3.0
RP1065: 12/29/08 12:38:01 PM - Software Distribution Service 3.0
RP1066: 12/29/08 1:13:37 PM - Software Distribution Service 3.0
RP1067: 12/29/08 1:21:29 PM - Installed Java(TM) 6 Update 11
RP1068: 12/30/08 2:06:57 PM - System Checkpoint
RP1069: 12/30/08 10:16:20 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator 9.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
ArcSoft Software Suite
ATI Control Panel
ATI Display Driver
AutoCAD 2005 - English
AutoCAD 2005 Express Tools Volumes 1-9
Autodesk DWF Viewer
AVG Free 8.0
BCM V.92 56K Modem
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Classic PhoneTools
Dell ResourceCD
Easy-WebPrint
Easy CD Creator 5 Basic
EPSON Copy Utility
EPSON PERF 2400 Guide
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
Hotfix for Windows XP (KB952287)
Index.dat Suite v2.6.5
Intel(R) PRO Ethernet Adapter and Software
IrfanView (remove only)
IsoBuster 1.9
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 11
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash Player 8
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Native Instruments Traktor DJ Studio 3
Nero 6 Ultra Edition
Nikon Message Center
Nikon View 6
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoStitch
PictureProject In Touch Downloader 1.0
PowerDVD
QuickTime
RealPlayer
Retrospect 6.0
Rhapsody Player Engine
SafeCast Shared Components
ScanToWeb
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Suite Specific
Tablet
TaxCut 2002
TaxCut 2003
TaxCut 2004
TaxCut Business 2007 (Remove Only)
TaxCut Ohio 2007
TaxCut Premium + State + Efile 2007
TaxCut Premium 2006
Text-To-Speech-Runtime
TurboTax Premier Home & Business 2002
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
USB Storage Adapter FX (MXO)
USB20 setup program
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

12/29/08 8:43:38 AM, error: Dhcp [1002] - The IP address lease 192.168.1.119 for the Network Card with network address 0012179D9267 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/26/08 11:20:45 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012179D9267. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================

 

Hello Guys,

Im new to this forum, but i have a similar problem. I cannot access any anti-virus websites, i cannot install any of the malware programs that I tried to download, and i cannot updat any anitivirus software. I am lost and have no idea what to do. can anyone help please?

 

Go to this link. You find instruction to run a little program (RSIT.exe) that creates some log that will help someone here to help you.
My computer problem has been resolved and some other issues on the way. (Thanks to Dave - Noadhfear)
Good luck,
Martin

 

Hi Martin,

No sign of any other infections there. Remove the items detected by Kaspersky then empty the recycle bin.

C:\WINDOWS\system32\.pif Infected: Trojan-Downloader.BAT.Ftp.z 1
C:\WINDOWS\system32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.r 1
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.c 1

If you're satified the computer is working properly, clear the system Restore points.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.