Help - Search - Members - Calendar
Full Version: infected
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
qwan
Jun 24 2008, 03:49 AM
can some one help i am new to this site i was sent to here by my brother in law i have this TR/vundo.GJ virus i have tred all my program and can not get rid of it
TheSentinel
Jun 24 2008, 04:54 AM
Hello gwan

and Welcome at GSFs. Hope you'll enjoy our community like many others before. For more details how getting help here, please refer to that link
http://forum.gladiator-antivirus.com/index...showtopic=10517, which can be read at the top in here too. Please follow all instructions our HJT experts will give.

Regards
B. Udo
qwan
Jun 24 2008, 03:18 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:50 PM, on 6/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\SweetIM\Messenger\SweetIM.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\system32\ZuneBusEnum.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "E:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 E:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 E:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxpt211NXUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208755317593
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208755363562
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - E:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 9499 bytes
LoPhatPhuud
Jun 24 2008, 05:22 PM
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
qwan
Jun 25 2008, 03:56 PM
Malwarebytes' Anti-Malware 1.18
Database version: 889

10:08:16 PM 6/24/2008
mbam-log-6-24-2008 (22-08-16).txt

Scan type: Quick Scan
Objects scanned: 39985
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 135
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 85

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
E:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
E:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
E:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
E:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B2DE9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B38F5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B3F4E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B524A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B577A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B5E5F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B6F86.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\029B74D5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\02A1485A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\02A14D0D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\02A24C1E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\02A256BC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
LoPhatPhuud
Jun 25 2008, 09:51 PM
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
qwan
Jun 25 2008, 11:04 PM
here are the logs

ComboFix 08-06-20.4 - Billy 2008-06-25 15:53:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2251 [GMT -7:00]
Running from: E:\Documents and Settings\Billy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Billy\Application Data\inst.exe
E:\Program Files\internet explorer\msimg32.dll
E:\WINDOWS\system32\_003567_.tmp.dll
E:\WINDOWS\system32\_003568_.tmp.dll
E:\WINDOWS\system32\_003569_.tmp.dll
E:\WINDOWS\system32\_003570_.tmp.dll
E:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 15:40 . 2008-06-25 15:40 <DIR> d-------- E:\Program Files\Lavasoft
2008-06-25 09:03 . 2008-06-25 09:03 1,160 --a------ E:\WINDOWS\mozver.dat
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- E:\Documents and Settings\Billy\Application Data\Malwarebytes
2008-06-24 22:01 . 2008-06-24 22:01 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 22:01 . 2008-06-19 17:48 34,296 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-24 22:01 . 2008-06-19 17:47 17,144 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 22:00 . 2008-06-23 22:00 <DIR> d-------- E:\Program Files\Trend Micro
2008-06-23 20:24 . 2008-06-23 20:24 0 --a------ E:\WINDOWS\nsreg.dat
2008-06-23 19:26 . 2008-06-23 20:33 <DIR> d-------- E:\VundoFix Backups
2008-06-23 17:45 . 2008-06-23 17:45 0 --a------ E:\WINDOWS\system32\ope253.tmp
2008-06-23 17:45 . 2008-06-23 17:45 0 --a------ E:\WINDOWS\system32\ope252.tmp
2008-06-23 17:45 . 2008-06-23 17:45 0 --a------ E:\WINDOWS\system32\ope24F.tmp
2008-06-23 17:45 . 2008-06-23 17:45 0 --a------ E:\WINDOWS\system32\ope24E.tmp
2008-06-23 17:45 . 2008-06-23 17:45 0 --a------ E:\WINDOWS\system32\ope24B.tmp
2008-06-23 17:45 . 2008-06-23 17:45 0 --a------ E:\WINDOWS\system32\ope24A.tmp
2008-06-23 17:41 . 2008-06-23 17:41 <DIR> d-------- E:\WINDOWS\system32\xcsDd16
2008-06-23 17:41 . 2008-06-23 17:41 0 --a------ E:\WINDOWS\system32\ope240.tmp
2008-06-23 17:41 . 2008-06-23 17:41 0 --a------ E:\WINDOWS\system32\ope23F.tmp
2008-06-23 17:41 . 2008-06-23 17:41 0 --a------ E:\WINDOWS\system32\ope23B.tmp
2008-06-23 17:41 . 2008-06-23 17:41 0 --a------ E:\WINDOWS\system32\ope23A.tmp
2008-06-23 17:33 . 2008-06-23 17:33 <DIR> d-------- E:\WINDOWS\system32\embedded
2008-06-23 17:33 . 2008-06-23 17:33 <DIR> d-------- E:\Program Files\AnMing
2008-06-23 17:33 . 2004-08-05 04:46 520,192 --a------ E:\WINDOWS\system32\wscma2u.exe
2008-06-23 17:33 . 2005-10-22 04:20 278,528 --a------ E:\WINDOWS\system32\ammpp.dll
2008-06-23 17:33 . 2003-07-18 07:49 193,536 --a------ E:\WINDOWS\system32\atomid.exe
2008-06-23 17:33 . 2005-07-13 23:13 65,536 --a------ E:\WINDOWS\system32\a1.dll
2008-06-23 17:33 . 2005-09-18 21:17 61,440 --a------ E:\WINDOWS\system32\anming.ocx
2008-06-23 17:33 . 2008-06-23 19:26 509 --a------ E:\WINDOWS\MP3trt.ini
2008-06-23 16:12 . 2008-06-23 16:12 244 --ah----- E:\sqmnoopt19.sqm
2008-06-23 16:12 . 2008-06-23 16:12 232 --ah----- E:\sqmdata19.sqm
2008-06-20 21:51 . 2008-06-20 21:51 244 --ah----- E:\sqmnoopt18.sqm
2008-06-20 21:51 . 2008-06-20 21:51 232 --ah----- E:\sqmdata18.sqm
2008-06-20 21:45 . 2008-06-20 21:45 244 --ah----- E:\sqmnoopt17.sqm
2008-06-20 21:45 . 2008-06-20 21:45 232 --ah----- E:\sqmdata17.sqm
2008-06-20 21:37 . 2008-06-25 12:31 268 --ah----- E:\sqmdata16.sqm
2008-06-20 21:37 . 2008-06-25 12:31 244 --ah----- E:\sqmnoopt16.sqm
2008-06-20 17:37 . 2008-06-25 11:39 268 --ah----- E:\sqmdata15.sqm
2008-06-20 17:37 . 2008-06-25 11:39 244 --ah----- E:\sqmnoopt15.sqm
2008-06-20 14:05 . 2008-06-20 14:05 <DIR> d-------- E:\Documents and Settings\LocalService\Application Data\PeerNetworking
2008-06-20 14:05 . 2008-06-25 11:17 172 --ah----- E:\sqmnoopt14.sqm
2008-06-20 14:05 . 2008-06-25 11:17 172 --ah----- E:\sqmdata14.sqm
2008-06-20 02:20 . 2008-06-25 11:14 268 --ah----- E:\sqmdata13.sqm
2008-06-20 02:20 . 2008-06-25 11:14 244 --ah----- E:\sqmnoopt13.sqm
2008-06-20 02:18 . 2001-08-23 05:00 18,944 --a------ E:\WINDOWS\system32\simptcp.dll
2008-06-20 02:18 . 2001-08-23 05:00 18,944 --a--c--- E:\WINDOWS\system32\dllcache\simptcp.dll
2008-06-20 02:15 . 2008-06-24 22:10 172 --ah----- E:\sqmnoopt12.sqm
2008-06-20 02:15 . 2008-06-24 22:10 172 --ah----- E:\sqmdata12.sqm
2008-06-20 00:32 . 2008-06-20 00:35 <DIR> d-------- E:\Program Files\Common Files\Real
2008-06-19 21:14 . 2008-06-24 22:09 268 --ah----- E:\sqmdata11.sqm
2008-06-19 21:14 . 2008-06-24 22:09 244 --ah----- E:\sqmnoopt11.sqm
2008-06-19 20:34 . 2008-06-19 20:40 <DIR> d-------- E:\Program Files\QuickTime Alternative
2008-06-19 20:34 . 2008-06-19 20:34 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-19 20:34 . 2008-05-27 10:50 90,112 --a------ E:\WINDOWS\system32\QuickTimeVR.qtx
2008-06-19 20:34 . 2008-05-27 10:50 57,344 --a------ E:\WINDOWS\system32\QuickTime.qts
2008-06-19 20:28 . 2008-06-21 20:56 <DIR> d-------- E:\Program Files\Real Alternative
2008-06-19 20:04 . 2008-06-24 22:08 172 --ah----- E:\sqmnoopt10.sqm
2008-06-19 20:04 . 2008-06-24 22:08 172 --ah----- E:\sqmdata10.sqm
2008-06-19 18:32 . 2008-06-19 18:32 <DIR> d-------- E:\WINDOWS\WinAVI Video Converter 9.0
2008-06-19 18:32 . 2008-06-20 00:41 <DIR> d-------- E:\Program Files\WinAVI Video Converter 9.0
2008-06-19 16:34 . 2008-06-24 19:52 268 --ah----- E:\sqmdata09.sqm
2008-06-19 16:34 . 2008-06-24 19:52 244 --ah----- E:\sqmnoopt09.sqm
2008-06-19 09:24 . 2008-06-24 19:50 268 --ah----- E:\sqmdata08.sqm
2008-06-19 09:24 . 2008-06-24 19:50 244 --ah----- E:\sqmnoopt08.sqm
2008-06-18 11:22 . 2008-06-18 11:22 <DIR> d-------- E:\Program Files\DVDFab 5
2008-06-18 11:07 . 2008-06-24 08:13 172 --ah----- E:\sqmnoopt07.sqm
2008-06-18 11:07 . 2008-06-24 08:13 172 --ah----- E:\sqmdata07.sqm
2008-06-18 11:03 . 2008-06-23 22:06 268 --ah----- E:\sqmdata06.sqm
2008-06-18 11:03 . 2008-06-23 22:06 244 --ah----- E:\sqmnoopt06.sqm
2008-06-18 09:13 . 2008-06-18 09:13 0 --a------ E:\WINDOWS\iPlayer.INI
2008-06-18 09:12 . 2008-06-18 09:12 <DIR> d-------- E:\Program Files\InterActual
2008-06-17 18:17 . 2008-06-23 20:54 172 --ah----- E:\sqmnoopt05.sqm
2008-06-17 18:17 . 2008-06-23 20:54 172 --ah----- E:\sqmdata05.sqm
2008-06-17 17:01 . 2008-06-17 17:02 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\SweetIM
2008-06-16 21:23 . 2008-06-23 20:54 268 --ah----- E:\sqmdata04.sqm
2008-06-16 21:23 . 2008-06-23 20:54 244 --ah----- E:\sqmnoopt04.sqm
2008-06-15 07:31 . 2008-06-23 20:02 172 --ah----- E:\sqmnoopt03.sqm
2008-06-15 07:31 . 2008-06-23 20:02 172 --ah----- E:\sqmdata03.sqm
2008-06-14 16:58 . 2008-06-23 20:00 268 --ah----- E:\sqmdata02.sqm
2008-06-14 16:58 . 2008-06-23 20:00 244 --ah----- E:\sqmnoopt02.sqm
2008-06-13 15:45 . 2008-06-23 19:59 268 --ah----- E:\sqmdata01.sqm
2008-06-13 15:45 . 2008-06-23 19:59 244 --ah----- E:\sqmnoopt01.sqm
2008-06-12 11:03 . 2008-06-23 19:20 268 --ah----- E:\sqmdata00.sqm
2008-06-12 11:03 . 2008-06-23 19:20 244 --ah----- E:\sqmnoopt00.sqm
2008-06-11 22:33 . 2008-06-13 00:16 <DIR> d-------- E:\Documents and Settings\Billy\Contacts
2008-06-11 22:31 . 2008-06-11 22:32 <DIR> d-------- E:\Program Files\Windows Live
2008-06-11 22:31 . 2008-06-11 22:32 <DIR> d--hsc--- E:\Program Files\Common Files\WindowsLiveInstaller
2008-06-11 22:31 . 2008-06-11 22:31 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-10 13:12 . 2008-06-13 04:05 272,128 -----c--- E:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 13:12 . 2008-05-08 07:02 203,136 -----c--- E:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-07 19:26 . 2008-06-07 19:26 0 --ah----- E:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-06-05 23:14 . 2008-06-05 23:53 <DIR> d-------- E:\Program Files\EA SPORTS
2008-06-05 22:56 . 2008-06-05 22:56 <DIR> d-------- E:\Documents and Settings\Billy\Application Data\DAEMON Tools
2008-06-05 22:56 . 2008-06-05 22:56 717,296 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2008-06-05 12:06 . 1998-06-25 22:00 1,062,704 --------- E:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-05 12:06 . 1998-06-25 23:00 644,400 --------- E:\WINDOWS\system32\MSCOMCT2.OCX
2008-06-05 12:06 . 1998-08-18 22:00 168,960 --------- E:\WINDOWS\system32\XCDZIP35.OCX
2008-06-05 12:06 . 1998-06-23 22:00 140,096 --------- E:\WINDOWS\system32\comdlg32.ocx
2008-06-05 10:44 . 2008-06-05 10:44 <DIR> dr-h----- E:\Documents and Settings\Billy\Application Data\SecuROM
2008-06-05 10:44 . 2008-06-05 10:44 107,888 --a------ E:\WINDOWS\system32\CmdLineExt.dll
2008-06-05 10:43 . 2004-08-30 14:25 438,272 --a------ E:\WINDOWS\system32\vp6vfw.dll
2008-06-05 10:43 . 2004-12-10 10:06 327,680 --a------ E:\WINDOWS\system32\vp6dec.ax
2008-06-05 10:43 . 2007-04-12 15:01 118,832 --a------ E:\WINDOWS\system32\SHW32.DLL
2008-06-05 10:39 . 2005-05-26 15:34 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2008-06-04 18:43 . 2008-06-04 18:43 <DIR> d-------- E:\Documents and Settings\Billy\WINDOWS
2008-06-04 14:17 . 2008-06-04 14:17 <DIR> d-------- E:\Documents and Settings\Billy\Application Data\Yahoo!
2008-06-04 14:17 . 2008-06-04 14:17 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-04 14:15 . 2008-06-04 14:15 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-04 14:06 . 2008-06-04 14:07 <DIR> d-------- E:\Program Files\Yahoo!
2008-06-04 08:16 . 2008-06-04 08:16 <DIR> d-------- E:\Program Files\MySpace
2008-06-04 08:16 . 2008-06-04 08:16 <DIR> d-------- E:\Documents and Settings\Billy\Application Data\MySpace
2008-05-27 21:24 . 2008-05-28 07:55 <DIR> d-------- E:\Program Files\Softick
2008-05-26 17:10 . 2007-11-14 15:18 553 --a------ E:\WINDOWS\USetup.iss
2008-05-26 17:09 . 2008-05-26 17:09 <DIR> d-------- E:\Program Files\Realtek
2008-05-26 17:09 . 2007-11-20 18:15 1,826,816 --a------ E:\WINDOWS\SkyTel.exe
2008-05-26 17:09 . 2008-03-05 18:07 520,192 --a------ E:\WINDOWS\RtlExUpd.dll
2008-05-26 17:09 . 2008-05-26 17:09 315,392 --a------ E:\WINDOWS\HideWin.exe
2008-05-26 17:09 . 2006-08-01 15:02 49,152 --a------ E:\WINDOWS\system32\ChCfg.exe
2008-05-25 21:52 . 2008-05-25 21:52 <DIR> d-------- E:\Program Files\ZIO Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 22:50 --------- d-----w E:\Documents and Settings\Billy\Application Data\uTorrent
2008-06-25 22:38 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 21:45 --------- d-----w E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 00:31 --------- d-----w E:\Program Files\SUPERAntiSpyware
2008-06-24 00:29 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-06-20 07:32 499,712 ----a-w E:\WINDOWS\system32\msvcp71.dll
2008-06-20 07:32 348,160 ----a-w E:\WINDOWS\system32\msvcr71.dll
2008-06-20 01:16 --------- d-----w E:\Documents and Settings\Billy\Application Data\Vso
2008-06-13 11:05 272,128 ------w E:\WINDOWS\system32\drivers\bthport.sys
2008-05-21 21:35 --------- d-----w E:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-21 21:30 --------- d-----w E:\Program Files\NVIDIA Corporation
2008-05-21 00:53 4,800,000 ----a-w E:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-20 21:16 --------- d-----w E:\Program Files\Microsoft Silverlight
2008-05-17 03:34 --------- d-----w E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 03:33 --------- d-----w E:\Documents and Settings\Billy\Application Data\SUPERAntiSpyware.com
2008-05-16 21:39 16,862,720 ----a-w E:\WINDOWS\RTHDCPL.exe
2008-05-15 17:09 --------- d-----w E:\Program Files\Turtle Beach
2008-05-15 17:09 --------- d-----w E:\Program Files\Common Files\Voyetra
2008-05-15 10:08 --------- d-----w E:\Program Files\Ventrilo
2008-05-15 09:58 --------- d-----w E:\Program Files\Common Files\Blizzard Entertainment
2008-05-15 09:58 --------- d-----w E:\Documents and Settings\Billy\Application Data\Ventrilo
2008-05-15 09:57 --------- d-----w E:\Program Files\Zune
2008-05-15 09:57 --------- d-----w E:\Program Files\DVDFab Platinum 4
2008-05-15 09:56 --------- d-----w E:\Documents and Settings\Billy\Application Data\dvdcss
2008-05-08 19:31 --------- d-----w E:\Documents and Settings\All Users\Application Data\vsosdk
2008-05-08 18:22 47,360 ----a-w E:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-08 18:22 47,360 ----a-w E:\Documents and Settings\Billy\Application Data\pcouffin.sys
2008-05-08 14:02 203,136 ----a-w E:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w E:\WINDOWS\system32\quartz.dll
2008-05-06 14:54 0 ---ha-w E:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-05-06 14:54 0 ---ha-w E:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-05-03 05:46 768,544 ----a-w E:\WINDOWS\system32\nvcplui.exe
2008-05-03 05:46 313,888 ----a-w E:\WINDOWS\system32\nvexpbar.dll
2008-04-30 02:56 61,856 ----a-w E:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-30 02:56 245,664 ----a-w E:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-30 02:39 70,144 ----a-w E:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-30 02:39 62,464 ----a-w E:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-30 02:39 40,704 ----a-w E:\WINDOWS\system32\drivers\zumbus.sys
2008-04-30 02:39 35,328 ----a-w E:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-30 02:39 145,408 ----a-w E:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-29 22:18 --------- d-----w E:\Program Files\Common Files\Nero
2008-04-29 22:18 --------- d-----w E:\Documents and Settings\All Users\Application Data\Nero
2008-04-29 22:04 --------- d-----w E:\Program Files\Common Files\Ahead
2008-04-29 22:04 --------- d-----w E:\Program Files\Ahead
2008-04-28 00:03 --------- d-----w E:\Documents and Settings\Billy\Application Data\NeroDigital™
2008-04-26 14:47 --------- d-----w E:\Program Files\Common Files\Adobe
2008-04-26 14:46 --------- d-----w E:\Program Files\Common Files\Adobe AIR
2008-04-26 14:46 --------- d-----w E:\Program Files\Adobe Media Player
2008-04-21 06:44 666,112 ----a-w E:\WINDOWS\system32\wininet.dll
2008-04-18 02:11 1,112,288 ----a-w E:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-14 12:42 985,088 ----a-w E:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ------w E:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w E:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w E:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w E:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w E:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w E:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w E:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w E:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w E:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w E:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w E:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w E:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w E:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w E:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w E:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w E:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w E:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w E:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w E:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w E:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w E:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ------w E:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ------w E:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ------w E:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w E:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w E:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w E:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w E:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w E:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w E:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w E:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w E:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ------w E:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w E:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w E:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ------w E:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w E:\WINDOWS\system32\moricons.dll
2008-04-13 16:26 56,832 ----a-w E:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:23 48,128 ----a-w E:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w E:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w E:\WINDOWS\system32\msimsg.dll
2008-04-02 16:27 1,196,032 ----a-w E:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 01:53 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"MySpaceIM"="E:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]
"Messenger (Yahoo!)"="~E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"Zune Launcher"="E:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 14:39 16862720 E:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="E:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe"= E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe"= E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 zumbus;Zune Bus Enumerator Driver;E:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;E:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 tbcspud;Santa Cruz Driver;E:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 14:51]
R3 tbcwdm;Santa Cruz WDM Driver;E:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 14:51]
S2 NVR0FLASHDev;NVR0FLASHDev;E:\WINDOWS\nvflash.sys []
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;E:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 09:56]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;E:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 11:49]
S3 p2pgasvc;Peer Networking Group Authentication;E:\WINDOWS\system32\svchost.exe [2008-04-13 17:12]
S3 p2pimsvc;Peer Networking Identity Manager;E:\WINDOWS\system32\svchost.exe [2008-04-13 17:12]
S3 p2psvc;Peer Networking;E:\WINDOWS\system32\svchost.exe [2008-04-13 17:12]
S3 PNRPSvc;Peer Name Resolution Protocol;E:\WINDOWS\system32\svchost.exe [2008-04-13 17:12]
S3 vtdg46xx;vtdg46xx;E:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2002-03-21 19:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;E:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc72692-338d-11dd-9f39-001a92440ea7}]
\Shell\AutoRun\command - I:\Autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 15:56:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\tcpsvcs.exe
E:\Program Files\Zune\ZuneNss.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\Windows Media Player\wmpnetwk.exe
E:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-25 16:00:30 - machine was rebooted [Billy]
ComboFix-quarantined-files.txt 2008-06-25 23:00:07

Pre-Run: 15,095,549,952 bytes free
Post-Run: 15,080,128,512 bytes free

341 --- E O F --- 2008-06-11 01:09:53





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:38 PM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\system32\ZuneBusEnum.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "E:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208755317593
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208755363562
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 8244 bytes
LoPhatPhuud
Jun 26 2008, 01:47 AM
Looks good. Do the following and advise of any outstanding issues.

First;
Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.



Second:
Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Third:
Run HiJackThis and press the Scan' button

When the scan is finished:
Check the following items in HijackThis.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Close all windows except HijackThis and click Fix checked.



Run HiJackThis again and post a new log in this thread.
qwan
Jun 26 2008, 03:18 AM
latest scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:35 PM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\system32\ZuneBusEnum.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "E:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] E:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208755317593
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208755363562
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7980 bytes
LoPhatPhuud
Jun 26 2008, 05:43 PM
All clean
qwan
Jun 26 2008, 06:06 PM
thanks
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.