Got the same prb in another comp.

hey Geri i got the same dangerous trojan detected in your system and so on .. i got this in my brothers comp. the hosts are entered by the programs itself

heres the main.txt

Deckard's System Scanner v20071014.68
Run by Metro on 2008-06-18 18:58:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 4 Restore Point(s) --
4: 2008-06-18 13:22:39 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-18 13:19:43 UTC - RP3 - Removed iTunes
2: 2008-06-18 13:15:02 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-18 13:10:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.21 GiB (less than 15%) free.


-- HijackThis (run as Metro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:33, on 18.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchosts.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
F:\Ares\Ares.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IEAntiVirus\ANTIVIR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Metro\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Metro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/worldservice/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\oDC\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: BhoApp Class - {5F920865-38C9-40DA-8FCF-D9DC83F84EC5} - C:\WINDOWS\system32\puplsan.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RegPure] C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] E:\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Language\Language.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.icsvoice.net/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E17D54C-54BD-4964-B4DA-18487BDC6C59}: NameServer = 193.226.30.2,193.226.30.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{62C4C42D-90DE-4247-ACEB-3920D453F65D}: NameServer = 193.226.30.2,193.226.30.6
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - F:\Ares\chatServer.exe (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 13953 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>

S3 50bf91e8-583a-41b5-b0a9-36c2e0e5607f - d:\player\cds300.dll (file missing)
S3 BtAudio (Bluetooth Audio) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 BTWDNDIS (Bluetooth LAN Access Server) - c:\windows\system32\drivers\btwdndis.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 lc3pkt_2.1 (LC3 Packet Driver) - e:\kitt\lc3pkt.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Client IP-IPX - "c:\windows\system32\svchosts.exe" -e te-110-12-0000282
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 StarWindService (StarWind iSCSI Service) - f:\alcohol 120\starwind\starwindservice.exe (file missing)
S3 AresChatServer (Ares Chatroom server) - f:\ares\chatserver.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 19:31:05 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 18:56:16 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEE-1033-1107-030204200001}
2008-06-18 16:00:57 0 d------c- C:\Program Files\Trend Micro
2008-06-17 23:16:39 0 d------c- C:\Program Files\Common Files\{64C56C89-0AED-1033-1107-030204200001}
2008-06-16 19:54:57 0 d------c- C:\Program Files\IEAntiVirus
2008-06-16 19:42:28 0 d------c- C:\WINDOWS\Prefetch
2008-06-16 19:09:01 13312 --a----c- C:\WINDOWS\system32\puplsan.dll <Not Verified; ; BhoNew Module>
2008-06-16 19:08:47 13312 --a----c- C:\WINDOWS\system32\bupdfo.dll <Not Verified; ; BhoNew Module>
2008-06-07 19:37:56 0 d------c- C:\Documents and Settings\Metro\Application Data\Search Settings
2008-06-07 19:26:00 0 d------c- C:\Program Files\Search Settings
2008-06-07 19:25:13 0 d------c- C:\Program Files\Dealio
2008-06-07 19:24:42 348160 --a----c- C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-06-07 19:24:42 15360 --a----c- C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-06-07 19:24:42 458752 --a----c- C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-06-07 19:24:42 479232 --a----c- C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-06-07 19:24:42 454656 --a----c- C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-06-07 19:24:42 1212416 --a----c- C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-06-07 19:24:42 1986560 --a----c- C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-07 19:24:42 417792 --a----c- C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-06-07 19:24:42 2084864 --a----c- C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-06-07 19:24:41 101888 --a----c- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-06-07 19:24:41 119568 --a----c- C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-07 19:24:41 21504 --a----c- C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-06-07 19:24:41 141312 --a----c- C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-07 19:24:41 59904 --a----c- C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-07 19:24:41 32768 --a----c- C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-07 19:01:43 0 d------c- C:\Program Files\TallStick
2008-05-31 20:36:07 0 d------c- C:\Program Files\Common Files\Apple
2008-05-28 18:56:16 0 d------c- C:\Program Files\Eyemovies
2008-05-21 22:47:32 0 d--h---c- C:\BJPrinter
2008-05-19 22:21:11 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-06-18 18:56:16 0 d------c- C:\Program Files\Common Files
2008-06-16 19:08:58 0 d------c- C:\Documents and Settings\Metro\Application Data\uTorrent
2008-06-16 16:08:30 0 d------c- C:\Documents and Settings\Metro\Application Data\IM-Names
2008-06-15 15:32:28 0 d------c- C:\Program Files\AviSynth 2.5
2008-06-15 15:19:30 0 d------c- C:\Program Files\QuickTime
2008-05-31 20:36:54 0 d------c- C:\Program Files\Apple Software Update
2008-05-28 18:54:34 0 d------c- C:\Program Files\Common Files\InstallShield
2008-05-19 22:20:26 0 d------c- C:\Program Files\AskTBar
2008-05-16 16:46:38 0 d------c- C:\Program Files\Documents and Settings
2008-05-03 11:45:22 0 d------c- C:\Program Files\VideoLAN
2008-05-03 11:40:49 0 d------c- C:\Program Files\Xvid
2008-05-02 22:58:05 0 d------c- C:\Program Files\Common Files\NSV
2008-05-02 22:30:43 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEF-1033-1107-030204200001}
2008-05-02 22:30:42 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEC-1033-1107-030204200001}
2008-04-30 16:16:33 0 d------c- C:\Program Files\Microsoft ActiveSync
2008-04-30 16:15:56 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-27 10:35:28 180224 --a----c- C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a----c- C:\WINDOWS\system32\xvidcore.dll
2008-04-05 20:28:05 32920 --a----c- C:\Documents and Settings\Metro\Application Data\GDIPFONTCACHEV1.DAT
2008-03-30 01:45:59 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F920865-38C9-40DA-8FCF-D9DC83F84EC5}]
16.06.2008 19:09 13312 --a--c--- C:\WINDOWS\system32\puplsan.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
16.04.2008 17:56 1107296 --a--c--- C:\Program Files\Search Settings\kb127\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [11.03.2003 21:24]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [11.03.2003 21:11]
"WinampAgent "= "C:\Program Files\Winamp\Winampa.exe" [02.04.2003 05:20]
"VSOCheckTask "= "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08.07.2005 18:18]
"VirusScan Online "= "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [10.08.2005 12:49]
"MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [23.09.2005 05:29]
"MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11.01.2006 23:05]
"IMprocess "= "C:\Program Files\IM Names\IM-svr.EXE" [18.12.2005 03:07]
"SemanticInsight "= "C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" [01.12.2005 04:28]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11.08.2005 22:02]
"RegPure "= "C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe" []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
"RemoteControl "= "E:\PDVDServ.exe" []
"LanguageShortcut "= "E:\Language\Language.exe" [18.05.2006 12:29]
"DAEMON Tools-1033 "= "C:\Program Files\D-Tools\daemon.exe" [22.08.2004 18:05]
"My Web Search Bar "= "C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL" [22.01.2008 21:06]
"MyWebSearch Email Plugin "= "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [22.01.2008 21:06]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28.03.2008 22:34]
"SearchSettings "= "C:\Program Files\Search Settings\SearchSettings.exe" [16.04.2008 17:56]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [03.02.2004 08:42]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [19.01.2007 13:49]
"ares "= "F:\Ares\Ares.exe" [20.03.2007 04:21]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 19:24]
"msnmsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:54]
"MyWebSearch Email Plugin "= "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [22.01.2008 21:06]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]
"antispy "= "C:\Program Files\IEAntiVirus\ANTIVIR.exe" [16.06.2008 16:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage "=1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]
AutoRun\command- pwoedbym.exe
explore\Command- pwoedbym.exe
open\Command- pwoedbym.exe




-- Hosts -----------------------------------------------------------------------

1.1.1.1 f-secure.com
1.1.1.1 www.f-secure.com
1.1.1.1 ftp.f-secure.com
1.1.1.1 ftp.sophos.com
1.1.1.1 liveupdate.symantec.com
1.1.1.1 customer.symantec.com
1.1.1.1 dispatch.mcafee.com
1.1.1.1 download.mcafee.com
1.1.1.1 rads.mcafee.com
1.1.1.1 mast.mcafee.com

51 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-18 19:02:29 ------------

 

ran mbam

hey Geri i ran mbam and it fixed the error message but at times when my bros comp. loads up too much i guess it just shuts off

heres the MBAM log after performing a scan wht do ya think??

Malwarebytes' Anti-Malware 1.17
Database version: 867

20:08:17 18.06.2008
mbam-log-6-18-2008 (20-08-17).txt

Scan type: Quick Scan
Objects scanned: 68244
Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 4
Registry Keys Infected: 164
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 28
Files Infected: 135

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe (Adware.RXToolbar) -> Unloaded process successfully.
C:\WINDOWS\system32\svchosts.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Unloaded module successfully.
C:\WINDOWS\system32\puplsan.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Unloaded module successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{85e0b171-04fa-11d1-b7da-00a0c90348d7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{22a6ff82-b3e0-94bb-5fcd-ea067b86810f} (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IMAdvertiser (Adware.SearchTwo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IST (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

ill post the other part of it in another post as it only allows 35000 characters long

 

other part

heres the other part

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SemanticInsight (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispy (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\HTML (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Metro\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Metro\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\WINDOWS\system32\puplsan.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bupdfo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000A245F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FB004 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FB7B4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FB9F7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FBBCB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FBDBF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FCABF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003FCD21.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0096A781.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0096A9A4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0096AC63.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0096ADCA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0096AF12.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00985F43.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00986686.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\009867FD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00FF6B73 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\04124980 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00B383FE.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rx.xml (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rxtoolbar.cfg (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rxwebsearches.xsl (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\additional.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\additional_active.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\background.jpg (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\thumbtack.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\HTML\content.htm (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\HTML\main.htm (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\antivir.exe (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\ieav.db2 (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\ieav.db3 (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\uninst.exe (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Metro\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Metro\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\Program Files\Documents and Settings\Programs\IE AntiVirus 3.3.lnk (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Metro\Desktop\IE AntiVirus 3.3.lnk (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.

 

Hi hashim101

Ok I need to look at a new dss log.

Thanks
Geri

 

sry it took long time (time zone differences) heres the fresh new dss log

here is is

Deckard's System Scanner v20071014.68
Run by Metro on 2008-06-19 13:04:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.14 GiB (less than 15%) free.


-- HijackThis (run as Metro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:12, on 19.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
F:\Ares\Ares.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\Metro\Desktop\dss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Metro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/worldservice/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\oDC\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RegPure] C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] E:\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Language\Language.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.icsvoice.net/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E17D54C-54BD-4964-B4DA-18487BDC6C59}: NameServer = 193.226.30.2,193.226.30.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{62C4C42D-90DE-4247-ACEB-3920D453F65D}: NameServer = 193.226.30.2,193.226.30.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDA1E28C-0949-489E-9886-D33394908F9D}: NameServer = 213.154.124.1 193.231.252.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - F:\Ares\chatServer.exe (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 12853 bytes

-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-18 19:51:18 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEE-1033-1107-030204200001}
2008-06-18 19:20:28 0 d------c- C:\Documents and Settings\Metro\Application Data\Malwarebytes
2008-06-18 19:20:24 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 19:20:23 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 16:00:57 0 d------c- C:\Program Files\Trend Micro
2008-06-17 23:16:39 0 d------c- C:\Program Files\Common Files\{64C56C89-0AED-1033-1107-030204200001}
2008-06-16 19:42:28 0 d------c- C:\WINDOWS\Prefetch
2008-06-07 19:37:56 0 d------c- C:\Documents and Settings\Metro\Application Data\Search Settings
2008-06-07 19:26:00 0 d------c- C:\Program Files\Search Settings
2008-06-07 19:24:42 348160 --a----c- C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-06-07 19:24:42 15360 --a----c- C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-06-07 19:24:42 458752 --a----c- C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-06-07 19:24:42 479232 --a----c- C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-06-07 19:24:42 454656 --a----c- C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-06-07 19:24:42 1212416 --a----c- C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-06-07 19:24:42 1986560 --a----c- C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-07 19:24:42 417792 --a----c- C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-06-07 19:24:42 2084864 --a----c- C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-06-07 19:24:41 101888 --a----c- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-06-07 19:24:41 119568 --a----c- C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-07 19:24:41 21504 --a----c- C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-06-07 19:24:41 141312 --a----c- C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-07 19:24:41 59904 --a----c- C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-07 19:24:41 32768 --a----c- C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-07 19:01:43 0 d------c- C:\Program Files\TallStick
2008-05-31 20:36:07 0 d------c- C:\Program Files\Common Files\Apple
2008-05-21 22:47:32 0 d--h---c- C:\BJPrinter
2008-05-19 22:21:11 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-06-19 13:03:35 0 d------c- C:\Documents and Settings\Metro\Application Data\IM-Names
2008-06-18 20:23:17 0 d------c- C:\Program Files\Common Files
2008-06-18 20:10:17 0 d------c- C:\Program Files\MSN Messenger
2008-06-16 19:08:58 0 d------c- C:\Documents and Settings\Metro\Application Data\uTorrent
2008-06-15 15:32:28 0 d------c- C:\Program Files\AviSynth 2.5
2008-06-15 15:19:30 0 d------c- C:\Program Files\QuickTime
2008-05-28 18:54:34 0 d------c- C:\Program Files\Common Files\InstallShield
2008-05-19 22:20:26 0 d------c- C:\Program Files\AskTBar
2008-05-16 16:46:38 0 d------c- C:\Program Files\Documents and Settings
2008-05-03 11:45:22 0 d------c- C:\Program Files\VideoLAN
2008-05-03 11:40:49 0 d------c- C:\Program Files\Xvid
2008-05-02 22:58:05 0 d------c- C:\Program Files\Common Files\NSV
2008-05-02 22:30:43 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEF-1033-1107-030204200001}
2008-05-02 22:30:42 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEC-1033-1107-030204200001}
2008-04-30 16:16:33 0 d------c- C:\Program Files\Microsoft ActiveSync
2008-04-30 16:15:56 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-27 10:35:28 180224 --a----c- C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a----c- C:\WINDOWS\system32\xvidcore.dll
2008-04-05 20:28:05 32920 --a----c- C:\Documents and Settings\Metro\Application Data\GDIPFONTCACHEV1.DAT
2008-03-30 01:45:59 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
16.04.2008 17:56 1107296 --a--c--- C:\Program Files\Search Settings\kb127\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [11.03.2003 21:24]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [11.03.2003 21:11]
"WinampAgent "= "C:\Program Files\Winamp\Winampa.exe" [02.04.2003 05:20]
"VSOCheckTask "= "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08.07.2005 18:18]
"VirusScan Online "= "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [10.08.2005 12:49]
"MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [23.09.2005 05:29]
"MCUpdateExe "= "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11.01.2006 23:05]
"IMprocess "= "C:\Program Files\IM Names\IM-svr.EXE" [18.12.2005 03:07]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11.08.2005 22:02]
"RegPure "= "C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe" []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
"RemoteControl "= "E:\PDVDServ.exe" []
"LanguageShortcut "= "E:\Language\Language.exe" [18.05.2006 12:29]
"DAEMON Tools-1033 "= "C:\Program Files\D-Tools\daemon.exe" [22.08.2004 18:05]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28.03.2008 22:34]
"SearchSettings "= "C:\Program Files\Search Settings\SearchSettings.exe" [16.04.2008 17:56]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [03.02.2004 08:42]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [19.01.2007 13:49]
"ares "= "F:\Ares\Ares.exe" [20.03.2007 04:21]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 19:24]
"msnmsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:54]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]
AutoRun\command- pwoedbym.exe
explore\Command- pwoedbym.exe
open\Command- pwoedbym.exe




-- End of Deckard's System Scanner: finished at 2008-06-19 13:05:54 ------------

 

just a question

wanted to ask you if i need to post the extra.txt i get with the dss log...because it says in the log post that you should only paste main.txt

 

Hi
Are you in Romania?

Did you add these to your host file?
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com

Plus all the other there?

Geri

 

not me

Well not me its my borthers computer who is in Romania and no he didnt add those the programs he installed made those hosts....so wht is my problem..because when the comp. loads up too much or when the pop up comes where it says your running low on disk space the computer just shuts off ohh im sry i forgot it isnt a computer its a laptop

 

Hi
Do you know anything about this company?
NCT Company Ltd

There a a these plus othere in the HJT log.
AudPlayer
AudioRecord

And will he remove Ares and utorrent, I can give you the P2P warning if you would like to read it.

Thanks
Geri

 

No i dont know anything about those companies.....nope no know nothin about the AuDPlayer and AudioRecord...no no need for the post of removing the P2P Will remove it

 

Hi hashim101
OK, this NCT Company Ltd comes back as Goldwave and is OK.

Please do the following.

Download the HostsXpert 3.7 - Hosts File Manager.

• Unzip HostsXpert - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Backup / Restore then Create Backup
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Open “Notepad” Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

Code:

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}] 

Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):

Search Settings
AskTBar
Ares
uTorrent

Please note any other programs that you dont recognize in that list and post them in your next response


Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.


Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\Program Files\Common Files\{64C56C89-0AED-1033-1107-030204200001}
C:\Program Files\Search Settings
C:\Program Files\AskTBar
C:\Documents and Settings\Metro\Application Data\uTorrent
F:\Ares


Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

If you have any Flash drives (USB thumb drives) plug them in before doing this.

• Double-click Flash_Disinfector.exe to run it.
  Follow any prompts that may appear.
  Your desktop will vanish for a while, and then reappear. This is normal.
  Wait until the program has finished scanning, then please exit the program.

Empty this folder:

C:\WINDOWS\temp

After that, Reboot.

Please post a New dss Log into this Thread.

Thanks
Geri

 

yea did everything there proccessing a new dss log file .. so will post rite after its done

 

heres the brand new dss log

Deckard's System Scanner v20071014.68
Run by Metro on 2008-06-20 00:35:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.29 GiB (less than 15%) free.


-- HijackThis (run as Metro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:15, on 20.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Metro\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Metro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/worldservice/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\oDC\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RegPure] C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] E:\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe "
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.icsvoice.net/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E17D54C-54BD-4964-B4DA-18487BDC6C59}: NameServer = 193.226.30.2,193.226.30.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{62C4C42D-90DE-4247-ACEB-3920D453F65D}: NameServer = 193.226.30.2,193.226.30.6
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - F:\Ares\chatServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 8866 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-19 23:58:37 0 d------c- C:\HostsXpert
2008-06-19 15:44:14 0 d------c- C:\WINDOWS\SHELLNEW
2008-06-19 15:44:12 0 d------c- C:\Program Files\Microsoft.NET
2008-06-19 15:44:12 0 d------c- C:\Program Files\Common Files\ODBC
2008-06-19 14:10:42 0 d------c- C:\Program Files\WhenUSearch
2008-06-19 14:08:27 0 d------c- C:\Program Files\DAEMON Tools
2008-06-18 19:51:18 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEE-1033-1107-030204200001}
2008-06-18 19:20:28 0 d------c- C:\Documents and Settings\Metro\Application Data\Malwarebytes
2008-06-18 19:20:24 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 19:20:23 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 16:00:57 0 d------c- C:\Program Files\Trend Micro
2008-06-17 23:16:39 0 d------c- C:\Program Files\Common Files\{64C56C89-0AED-1033-1107-030204200001}
2008-06-16 19:42:28 0 d------c- C:\WINDOWS\Prefetch
2008-06-07 19:37:56 0 d------c- C:\Documents and Settings\Metro\Application Data\Search Settings
2008-06-07 19:26:00 0 d------c- C:\Program Files\Search Settings
2008-06-07 19:24:42 348160 --a----c- C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-06-07 19:24:42 15360 --a----c- C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-06-07 19:24:42 458752 --a----c- C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-06-07 19:24:42 479232 --a----c- C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-06-07 19:24:42 454656 --a----c- C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-06-07 19:24:42 1212416 --a----c- C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-06-07 19:24:42 1986560 --a----c- C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-07 19:24:42 417792 --a----c- C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-06-07 19:24:42 2084864 --a----c- C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-06-07 19:24:41 101888 --a----c- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-06-07 19:24:41 119568 --a----c- C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-07 19:24:41 21504 --a----c- C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-06-07 19:24:41 141312 --a----c- C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-07 19:24:41 59904 --a----c- C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-07 19:24:41 32768 --a----c- C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-07 19:01:43 0 d------c- C:\Program Files\TallStick
2008-05-21 22:47:32 0 d--h---c- C:\BJPrinter


-- Find3M Report ---------------------------------------------------------------

2008-06-20 00:25:41 0 d------c- C:\Program Files\Documents and Settings
2008-06-19 16:21:17 0 d------c- C:\Program Files\Microsoft Works
2008-06-19 16:14:28 0 d------c- C:\Program Files\VideoLAN
2008-06-19 16:12:37 0 d------c- C:\Program Files\QuickTime
2008-06-19 15:45:21 0 d------c- C:\Program Files\Microsoft ActiveSync
2008-06-19 15:44:33 0 d------c- C:\Program Files\Common Files
2008-06-19 14:10:50 0 d------c- C:\Program Files\Common Files\WhenU
2008-06-19 13:03:35 0 d------c- C:\Documents and Settings\Metro\Application Data\IM-Names
2008-06-18 20:10:17 0 d------c- C:\Program Files\MSN Messenger
2008-06-16 19:08:58 0 d------c- C:\Documents and Settings\Metro\Application Data\uTorrent
2008-06-15 15:32:28 0 d------c- C:\Program Files\AviSynth 2.5
2008-05-28 18:54:34 0 d------c- C:\Program Files\Common Files\InstallShield
2008-05-19 22:20:26 0 d------c- C:\Program Files\AskTBar
2008-05-03 11:40:49 0 d------c- C:\Program Files\Xvid
2008-05-02 22:58:05 0 d------c- C:\Program Files\Common Files\NSV
2008-05-02 22:30:43 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEF-1033-1107-030204200001}
2008-05-02 22:30:42 0 d------c- C:\Program Files\Common Files\{64C56C89-0AEC-1033-1107-030204200001}
2008-04-30 16:15:56 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-27 10:35:28 180224 --a----c- C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a----c- C:\WINDOWS\system32\xvidcore.dll
2008-04-05 20:28:05 32920 --a----c- C:\Documents and Settings\Metro\Application Data\GDIPFONTCACHEV1.DAT
2008-03-30 01:45:59 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [11.03.2003 21:24]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [11.03.2003 21:11]
"WinampAgent "= "C:\Program Files\Winamp\Winampa.exe" [02.04.2003 05:20]
"VSOCheckTask "= "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08.07.2005 18:18]
"VirusScan Online "= "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [10.08.2005 12:49]
"MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [23.09.2005 05:29]
"MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11.01.2006 23:05]
"IMprocess "= "C:\Program Files\IM Names\IM-svr.EXE" [18.12.2005 03:07]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11.08.2005 22:02]
"RegPure "= "C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe" []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
"RemoteControl "= "E:\PDVDServ.exe" []
"LanguageShortcut "= "E:\Language\Language.exe" [18.05.2006 12:29]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28.03.2008 22:34]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [14.09.2006 23:09]
"WhenUSearchWHSE "= "C:\Program Files\WhenUSearch\whse.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [03.02.2004 08:42]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [19.01.2007 13:49]
"ares "= "F:\Ares\Ares.exe" []
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 19:24]
"msnmsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:54]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]
AutoRun\command- pwoedbym.exe
explore\Command- pwoedbym.exe
open\Command- pwoedbym.exe




-- End of Deckard's System Scanner: finished at 2008-06-20 00:36:49 ------------

 

Hi
OK please do this.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  F:\Ares
  C:\Program Files\WhenUSearch
  C:\Program Files\Common Files\{64C56C89-0AEE-1033-1107-030204200001}
  C:\Documents and Settings\Metro\Application Data\Search Settings
  C:\Program Files\Search Settings
  C:\Program Files\Common Files\WhenU
  C:\Program Files\AskTBar
  C:\Program Files\Common Files\{64C56C89-0AEF-1033-1107-030204200001}
  C:\Program Files\Common Files\{64C56C89-0AEC-1033-1107-030204200001}
  

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Open “Notepad” Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}] 

Please post the OTMoveIt2 log and a new dss log.

Thanks
Geri

 

here are the results

Hey geri thanx again for everything uptill now uv been a big help!

here are the results(i had deleted Ares my self as you said eariler)
File/Folder F:\Ares not found.
C:\Program Files\WhenUSearch moved successfully.
C:\Program Files\Common Files\{64C56C89-0AEE-1033-1107-030204200001} moved successfully.
C:\Documents and Settings\Metro\Application Data\Search Settings\kb127\temp moved successfully.
C:\Documents and Settings\Metro\Application Data\Search Settings\kb127\res moved successfully.
C:\Documents and Settings\Metro\Application Data\Search Settings\kb127 moved successfully.
C:\Documents and Settings\Metro\Application Data\Search Settings moved successfully.
C:\Program Files\Search Settings\kb127\temp moved successfully.
C:\Program Files\Search Settings\kb127\res moved successfully.
C:\Program Files\Search Settings\kb127 moved successfully.
C:\Program Files\Search Settings moved successfully.
C:\Program Files\Common Files\WhenU moved successfully.
C:\Program Files\AskTBar\PopSwatr\History moved successfully.
C:\Program Files\AskTBar\PopSwatr moved successfully.
C:\Program Files\AskTBar\bar\Settings moved successfully.
C:\Program Files\AskTBar\bar\History moved successfully.
C:\Program Files\AskTBar\bar moved successfully.
C:\Program Files\AskTBar moved successfully.
C:\Program Files\Common Files\{64C56C89-0AEF-1033-1107-030204200001} moved successfully.
C:\Program Files\Common Files\{64C56C89-0AEC-1033-1107-030204200001} moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_133234

(and the dss log)


Deckard's System Scanner v20071014.68
Run by Metro on 2008-06-20 13:40:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.2 GiB (less than 15%) free.


-- HijackThis (run as Metro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:54, on 20.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Metro\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Metro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/worldservice/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\oDC\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe "
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [RegPure] C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] E:\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe "
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://www.icsvoice.net/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E17D54C-54BD-4964-B4DA-18487BDC6C59}: NameServer = 193.226.30.2,193.226.30.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{62C4C42D-90DE-4247-ACEB-3920D453F65D}: NameServer = 193.226.30.2,193.226.30.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDA1E28C-0949-489E-9886-D33394908F9D}: NameServer = 213.154.124.1 193.231.252.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - F:\Ares\chatServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 9076 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 13:31:12 0 d------c- C:\Program Files\Common Files\Alcohol 120
2008-06-20 13:31:09 0 d------c- C:\Program Files\Common Files\Artwork
2008-06-20 13:31:00 0 d------c- C:\Program Files\Common Files\cache_db
2008-06-20 13:30:51 0 d------c- C:\Program Files\Common Files\FileLists
2008-06-20 13:30:51 0 d------c- C:\Program Files\Common Files\DataCache
2008-06-20 13:30:49 0 d------c- C:\Program Files\Common Files\Logs
2008-06-20 13:30:49 0 d------c- C:\Program Files\Common Files\ILA
2008-06-19 23:58:37 0 d------c- C:\HostsXpert
2008-06-19 15:44:14 0 d------c- C:\WINDOWS\SHELLNEW
2008-06-19 15:44:12 0 d------c- C:\Program Files\Microsoft.NET
2008-06-19 15:44:12 0 d------c- C:\Program Files\Common Files\ODBC
2008-06-19 14:08:27 0 d------c- C:\Program Files\DAEMON Tools
2008-06-18 19:20:28 0 d------c- C:\Documents and Settings\Metro\Application Data\Malwarebytes
2008-06-18 19:20:24 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 19:20:23 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 16:00:57 0 d------c- C:\Program Files\Trend Micro
2008-06-17 23:16:39 0 d------c- C:\Program Files\Common Files\{64C56C89-0AED-1033-1107-030204200001}
2008-06-16 19:42:28 0 d------c- C:\WINDOWS\Prefetch
2008-06-07 19:24:42 348160 --a----c- C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-06-07 19:24:42 15360 --a----c- C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-06-07 19:24:42 458752 --a----c- C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-06-07 19:24:42 479232 --a----c- C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-06-07 19:24:42 454656 --a----c- C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-06-07 19:24:42 1212416 --a----c- C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-06-07 19:24:42 1986560 --a----c- C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-06-07 19:24:42 417792 --a----c- C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-06-07 19:24:42 2084864 --a----c- C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-06-07 19:24:41 101888 --a----c- C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-06-07 19:24:41 119568 --a----c- C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-07 19:24:41 21504 --a----c- C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-06-07 19:24:41 141312 --a----c- C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-07 19:24:41 59904 --a----c- C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-07 19:24:41 32768 --a----c- C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-07 19:01:43 0 d------c- C:\Program Files\TallStick
2008-05-21 22:47:32 0 d--h---c- C:\BJPrinter


-- Find3M Report ---------------------------------------------------------------

2008-06-20 13:32:36 0 d------c- C:\Program Files\Common Files
2008-06-20 00:25:41 0 d------c- C:\Program Files\Documents and Settings
2008-06-19 16:21:17 0 d------c- C:\Program Files\Microsoft Works
2008-06-19 16:14:28 0 d------c- C:\Program Files\VideoLAN
2008-06-19 16:12:37 0 d------c- C:\Program Files\QuickTime
2008-06-19 15:45:21 0 d------c- C:\Program Files\Microsoft ActiveSync
2008-06-19 13:03:35 0 d------c- C:\Documents and Settings\Metro\Application Data\IM-Names
2008-06-18 20:10:17 0 d------c- C:\Program Files\MSN Messenger
2008-06-16 19:08:58 0 d------c- C:\Documents and Settings\Metro\Application Data\uTorrent
2008-06-15 15:32:28 0 d------c- C:\Program Files\AviSynth 2.5
2008-05-28 18:54:34 0 d------c- C:\Program Files\Common Files\InstallShield
2008-05-03 11:40:49 0 d------c- C:\Program Files\Xvid
2008-05-02 22:58:05 0 d------c- C:\Program Files\Common Files\NSV
2008-04-30 16:15:56 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-27 10:35:28 180224 --a----c- C:\WINDOWS\system32\xvidvfw.dll
2008-04-27 10:33:36 765952 --a----c- C:\WINDOWS\system32\xvidcore.dll
2008-04-05 20:28:05 32920 --a----c- C:\Documents and Settings\Metro\Application Data\GDIPFONTCACHEV1.DAT
2008-04-05 16:05:48 8962560 --a----c- C:\Program Files\Common Files\~WRD2416.tmp
2008-04-02 21:31:11 75573 --a----c- C:\Program Files\Common Files\Copy (3) of 29032008027.jpg
2008-03-30 01:45:59 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [11.03.2003 21:24]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [11.03.2003 21:11]
"WinampAgent "= "C:\Program Files\Winamp\Winampa.exe" [02.04.2003 05:20]
"VSOCheckTask "= "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08.07.2005 18:18]
"VirusScan Online "= "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [10.08.2005 12:49]
"MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [23.09.2005 05:29]
"MCUpdateExe "= "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11.01.2006 23:05]
"IMprocess "= "C:\Program Files\IM Names\IM-svr.EXE" [18.12.2005 03:07]
"OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [11.08.2005 22:02]
"RegPure "= "C:\Program Files\RegistryPurifier\bin\Release\RgPurify.exe" []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
"RemoteControl "= "E:\PDVDServ.exe" []
"LanguageShortcut "= "E:\Language\Language.exe" [18.05.2006 12:29]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [28.03.2008 22:34]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [14.09.2006 23:09]
"WhenUSearchWHSE "= "C:\Program Files\WhenUSearch\whse.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [03.02.2004 08:42]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [19.01.2007 13:49]
"ares "= "F:\Ares\Ares.exe" []
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 19:24]
"msnmsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:54]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]
AutoRun\command- pwoedbym.exe
explore\Command- pwoedbym.exe
open\Command- pwoedbym.exe




-- End of Deckard's System Scanner: finished at 2008-06-20 13:41:24 ------------

 

forgot to tell ya

i merged the fix.reg before and did it again just for your info....well then ill be waiting for futhur instauctions

 

Hi hashim101
OK we keep getting new stuff added.

Please do not download or install anything unless asked to do so.

Please give me a uninstall list, here is how.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager "
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Thanks
Geri

 

uninstall list

Hey all i installed new was adobe acrobat reader as i needed it urgently sry!!

Adobe Reader 8.1.2
App
Apple Software Update
Applet Password Wizard
AviSynth 2.5
DivX Content Uploader
DivX Total Pack
DivX Web Player
DivXG400
DP8381x 10/100 PCI Network Adapter Driver
Elecard MPEG2 Decoder Package 2.0
HijackThis 2.0.2
Intel(R) Extreme Graphics Driver
InterActual Player
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
KeyGen RC4
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
My Application
neroxml
NFS[Beta]
OHCM6 (PocketPC and Smartphone) v 8.0.21 by Skyscape
PowerDVD
RealPlayer
Rhapsody Player Engine
Search Settings 1.2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Smart Link 56K Modem
TBS WMP Plug-in
UControl Scan and Remove
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VIA Audio Driver Setup Program
Warfare Incorporated(TM) for Pocket PC
WinAce Archiver 2.0
Winamp (remove only)
Windows Commander (Remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xvid 1.1.3 final uninstall

 

i dono wht this is?

I got this "Keygen RC4" Which i cant remove...
when i want to removeit it says
"The following file does not exist or is not a valid uninstallation log file c:\program Files\wildwest software\Keyen RC4\uninstall.log "

another one ....

The following file does not exist or is not a valid uninstallation log file
c:\Program Files\Handmark\Warefare Incorperated for pocket pc\uninstall.log

 

Hi hashim101

No problem, just makes it harder when new files start showing up.

They are more then likely just empty entries and are not hurting anything.

OK please do this.

Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):

J2SE Runtime Environment 5.0 Update 11

Run MBAM again.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Now do this.

Click on Start > Run Type in cmd in the run box and click OK.

In the command window that opens copy and paste the contents of the code box below into the windows and hit Enter.

Code:

@echo off
cd desktop
reg add [HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]dummy
reg save [HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]dummy dummy2.hiv
reg restore [HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]dummy2.hiv
reg delete [HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}] /f
reg delete [HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]dummy /f
reg query [HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37045e8-4b25-11dc-bca8-00030d0dacd0}]>>dummy.txt
del /q dummy*.hiv
start notepad dummy.txt
exit
cls

Notepad will open on your Desktop copy and paste the contents of it in your next reply.


Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe "
O4 - HKCU\..\Run: [ares] "F:\Ares\Ares.exe" -h
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - F:\Ares\chatServer.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\Program Files\WhenUSearch

Reboot you computer.

Please post a new HJT log and the contents of the dummy.txt file.

Thanks
Geri