Solved: HELP ME: Desktop programs, My computer, control panel, all programs gone!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

helpme08

Thread Starter
Joined
Jun 29, 2008
Messages
3
I need help!
Two days ago i got a small red shield with a cross on it next to the time, saying that the automatic updates is turned off. i try to turn it on through system in control panel(which i had back then) by choosing the recommended one-this was already selected when i got there. i turn it off and on and applied the changes, but the shield is still there!

Today I got the words VIRUS ALERT! next to the time, and my c:\ drive was gone from my computer, and some programs disappeared from my desktop.
I also got a whole bunch of pop ups saying that there were attempts of hijack on my computer through spyware.
I don't have the exact message because it has stopped after i went through 3 failed attempts of system recovery through my checkpoints, and in the 4th one i rebooted through safe mode. a black screen just came up, no programs on the desktop.

i rebooted again through normal mode and NOW there is a new theme, desktop background, but my computer was gone from the desktop, task manager was disabled through restricted access, my folders are gone from dsktp, all programs on start, control panel and run. But the VIRUS ALERT! & pop ups are gone.

I got the Remove Restricted Tools program from here: http://www.ghiath.com/?p=30
this enables me to access task manager.

I am now running a full scan using Malwarebytes' Anti-Malware (still running...system really slow) I really don't want to resort to a full system restore...but i really want to get this fixed.

I also ran a full scan through symantec antivirus using 27/06/08 definitions, but no threats were found...weired!

These are the results of the HijackThis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:06 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\slserv.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: gxvpsafm - {A497D131-ABE9-4267-8C94-8D7FDBCF99AC} - C:\Windows\gxvpsafm.dll
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [942e3dd7] rundll32.exe "C:\Windows\system32\ywrhseey.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Orbit.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rona\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c401.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138156873046
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{15251F9C-023A-47F5-9FA2-747B76FB0D14}: NameServer = 85.255.115.66,85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{42FCD1BA-BBB4-44A9-AFDF-BA54045BE09A}: NameServer = 85.255.115.66,85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{773714B5-CBE5-44BE-8FD9-53EB0268C9E6}: NameServer = 85.255.115.66,85.255.112.128
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS16\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS17\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS18\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS19\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS20\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS21\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS22\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS23\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS24\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS25\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS26\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS27\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS28\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS29\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS30\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS31\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS32\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS33\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS34\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS35\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS36\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS37\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS38\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS39\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS44\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS45\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS46\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS47\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS48\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS49\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS50\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS51\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS52\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS53\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: javaw.dll
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 15444 bytes
 

helpme08

Thread Starter
Joined
Jun 29, 2008
Messages
3
after the mbam full system scan i removed all the threats found. i rebooted normally.

NOW i am back though to where i was before the system restore through recovery checkpoints (same theme & background). I have the VIRUS ALERT! on the taskbar, but my computer and my folders are back on the deskstop. The c:\ drive is still missing in my computer, and All programs is also missing from the start menu. The red sheild (mentioned above) has gone too!

i did another scan, this time a quick one using mbam, and it found some more threats. I will delete this like before. but i still have the feeling that it will not fix the problem
the mbam quick scan log is below also.

please help me with this!


This is hijackthis log now:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20: VIRUS ALERT!, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\slserv.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {4C479F6A-2AA0-4FEF-AEE8-32F2CAD13EC4} - C:\Windows\system32\ATHPRX.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B6F39808-50FE-4843-8B36-E86F3F3750F8} - C:\Windows\system32\ATHPRX.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Updater] C:\Windows\system32\updater\explorer.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [Pldo] "C:\DOCUME~1\Rona\MYDOCU~1\SKS~1\dllhost.exe" -vt ndrv
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Orbit.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm025LEAU
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rona\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.moove.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c401.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138156873046
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{15251F9C-023A-47F5-9FA2-747B76FB0D14}: NameServer = 85.255.115.66,85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{42FCD1BA-BBB4-44A9-AFDF-BA54045BE09A}: NameServer = 85.255.115.66,85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{773714B5-CBE5-44BE-8FD9-53EB0268C9E6}: NameServer = 85.255.115.66,85.255.112.128
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS16\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS17\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS18\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS19\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS20\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS21\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS22\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS23\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS24\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS25\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS26\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS27\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS28\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS29\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS30\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS31\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS32\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS33\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS34\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS35\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS36\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS37\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS38\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS39\Services\Tcpip\Parameters: NameServer = 85.255.113.122 85.255.112.62
O17 - HKLM\System\CS44\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS45\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS46\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS47\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS48\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS49\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS50\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS51\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS52\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CS53\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.66 85.255.112.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: javaw.dll
O22 - SharedTaskScheduler: USB Ware - {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\Windows\SYSTEM32\slserv.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 17638 bytes


Mbam log


Malwarebytes' Anti-Malware 1.19
Database version: 907
Windows 5.1.2600 Service Pack 2

6:47:51 p.m. 30/06/2008
mbam-log-6-30-2008 (18-47-29).txt

Scan type: Quick Scan
Objects scanned: 49287
Time elapsed: 50 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 7
Registry Data Items Infected: 12
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CURRENT_USER\Software\Adsl Software Ltd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSpywareProtect (Rogue.WinSpywareProtect) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

Files Infected:
C:\WINDOWS\system32\xXppMGwX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\XwGMppXx.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\XwGMppXx.ini2 (Trojan.Vundo) -> No action taken.
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\fccywXRi.dll (Trojan.Vundo) -> No action taken.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top