Firefox URL redirects (virus?)

January 2, 2010 at 12:35:47
Specs: Windows XP
I accidentally downloaded the Win32.netsky virus yesterday. I was trying to download a game. I think I have that fixed, I had to uninstall AVG, run Hijack this and Malware Bytes, then I did a boot scan using Avast.Avast is still checking for anymore issues. But the splash screen (about the virus being on here) is now gone and so is the little red x in my lower tray (gone, too) but I am still being redirected to random URL's when I try to click on a link. It doesn't matter which browser I use. I have tried IE, FF and Google Chrome. It does this on all three. I can start out on my homepage, type in something I want to research (eg. volcanoes) and then see the links to go to a web page, but as soon as I click on it, I will be redirected to something as random as fishing vacations, home repair or another search site. My system is old (2003 model), but it is running XP with SP3. I am not very technical so please keep it simple in your replies. If you can help me figure out what to do next, I would be most appreciative. Thank you,
Lisa

See More: Firefox URL redirects (virus?)

Report •


#1
January 2, 2010 at 12:41:21
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 2, 2010 at 14:05:35
ok, this is what i get...

info.txt logfile of random's system information tool 1.06 2010-
01-02 15:12:45

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall
132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin--
>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.
exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-
1033-7B44-A81300000003}
avast! Antivirus-->C:\Program Files\Alwil
Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil
Software\Avast4\Setup\setiface.dll",RunSetup
Big City Adventure: San Francisco-->MsiExec.exe
/X{D92980F6-3405-4524-B4B8-A6874AA730A4}
Big City Adventure: Sydney Australia-->MsiExec.exe
/X{503C539A-8572-4D92-A406-2EE67EBD2D26}
Big Fish Games Client-->C:\Program
Files\bfgclient\Uninstall.exe
Cake Mania 2-->MsiExec.exe /X{E10B5F06-E9BD-47B3-
B93D-95507E991BBD}
Cake Mania 3-->MsiExec.exe /X{2F45E3D3-8487-459B-
ADB6-CB839B50266E}
CAKE MANIA-->MsiExec.exe /X{20646A89-D59E-499D-
A54A-4B543BD066A8}
Civilization III-->C:\Program Files\Common
Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-
0507-44A8-BCF2-1EE2D439E8DF}
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-
4626-915D-3D5FA095CC1B}
Critical Update for Windows Media Player 11 (KB959772)--
>"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\sp
uninst.exe"
DQ Tycoon-->MsiExec.exe /I{AB5148C2-7E8E-4994-9BFD-
6A577E69D59E}
Dream Chronicles-->MsiExec.exe /X{B9DD470D-F582-49A0-
BDF3-D98AED37F0C0}
Dream Day Honeymoon-->"C:\Program Files\Games A Go-
Go\Dream Day Honeymoon\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop
Search\GoogleDesktopSetup.exe -uninstall
Great Secrets: Da Vinci-->MsiExec.exe /X{82CC4D01-C702-
4701-9FD6-1769C3E3C62F}
HijackThis 2.0.2-->"C:\Documents and
Settings\Lisa\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--
>"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.e
xe"
Hotfix for Windows Media Player 11 (KB939683)--
>"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.e
xe"
Hotfix for Windows XP (KB952287)--
>"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.e
xe"
Hotfix for Windows XP (KB970653-v3)--
>"C:\WINDOWS\$NtUninstallKB970653-
v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)--
>"C:\WINDOWS\$NtUninstallKB976098-
v2$\spuninst\spuninst.exe"
iWin Games (remove only)-->"C:\Program Files\iWin
Games\Uninstall.exe"
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-
4F34-9C08-7724E7705D52}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-
4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-
A77B-00B0D0160070}
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog
Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{7E7D778E-121D-
4BBD-BA29-FAA81B9FBD8C}
LeapFrog My Pals Plugin-->MsiExec.exe /I{CC33E708-A795-
4AB3-908A-8F45919BC097}
Malwarebytes' Anti-Malware-->"C:\Program
Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP--
>"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp
uninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs--
>"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs--
>"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMap
ping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe
/X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-
->MsiExec.exe /X{90120000-0117-0409-0000-
0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe
/X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe
/X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007--
>MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe
/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe
/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe
/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe
/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe
/X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe
/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007--
>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe
/X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0--
>"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.
exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe
/X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe
/X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MostFun.com Games - Big City Adventure: San Francisco
(remove only)-->C:\Program
Files\MostFun\BigCityAdventureSanF\Uninstall.exe
{D92980F6-3405-4524-B4B8-A6874AA730A4}
MostFun.com Games - Big City Adventure: Sydney Australia
(remove only)-->C:\Program
Files\MostFun\BigCityAdventureSydn\Uninstall.exe
{503C539A-8572-4D92-A406-2EE67EBD2D26}
MostFun.com Games - Cake Mania (remove only)--
>C:\Program Files\MostFun\Cake Mania\Uninstall.exe
{20646A89-D59E-499D-A54A-4B543BD066A8}
MostFun.com Games - Cake Mania 2 (remove only)--
>C:\Program Files\MostFun\CakeMania2\Uninstall.exe
{E10B5F06-E9BD-47B3-B93D-95507E991BBD}
MostFun.com Games - Cake Mania 3 (remove only)--
>C:\Program Files\MostFun\CakeMania3\Uninstall.exe
{2F45E3D3-8487-459B-ADB6-CB839B50266E}
MostFun.com Games - Dream Chronicles (remove only)--
>C:\Program Files\MostFun\DreamChronicles\Uninstall.exe
{B9DD470D-F582-49A0-BDF3-D98AED37F0C0}
MostFun.com Games - National Geographic Games Herod's
Lost Tomb (remove only)-->C:\Program
Files\MostFun\HerodsLostTomb\Uninstall.exe {3656CD88-
713B-43EE-B955-EFB230F08CB2}
MostFun.com Games - Neverland (remove only)--
>C:\Program Files\MostFun\Neverland\Uninstall.exe
{8B8ECEEB-8EDE-40A7-8FB9-E01D822A0573}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla
Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe
/Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-
824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-
F4DC-41A2-901E-8C11F044BDEC}
Murder She Wrote-->"C:\Program Files\Murder She
Wrote\ReflexiveArcade\unins000.exe"
Mystery Case Files: Ravenhearstâ„¢-->"C:\Program
Files\Mystery Case Files - Ravenhearst\Uninstall.exe"
Mystery Case Files: Return to Ravenhearst â„¢-->"C:\Program
Files\Mystery Case Files - Return to
Ravenhearst\Uninstall.exe"
Mystery Of Unicorn Castle-->"C:\Program
Files\FreeGamePick.com\Mystery Of Unicorn
Castle\unins000.exe"
Mysteryville 2 (remove only)-->"C:\Program Files\iWin.com
Games\Mysteryville 2\Uninstall.exe"
National Geographic Games Herod's Lost Tomb--
>MsiExec.exe /X{3656CD88-713B-43EE-B955-
EFB230F08CB2}
Neverland-->MsiExec.exe /X{8B8ECEEB-8EDE-40A7-8FB9-
E01D822A0573}
Pirateville (remove only)-->"C:\Program Files\iWin.com
Games\Pirateville\Uninstall.exe"
Security Update for Windows Internet Explorer 7 (KB938127-
v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-
->"C:\WINDOWS\ie7updates\KB950759-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-
->"C:\WINDOWS\ie7updates\KB958215-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-
->"C:\WINDOWS\ie7updates\KB960714-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-
->"C:\WINDOWS\ie7updates\KB961260-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-
->"C:\WINDOWS\ie7updates\KB963027-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-
->"C:\WINDOWS\ie7updates\KB972260-
IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-
->"C:\WINDOWS\ie8updates\KB971961-
IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-
->"C:\WINDOWS\ie8updates\KB972260-
IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-
->"C:\WINDOWS\ie8updates\KB974455-
IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-
->"C:\WINDOWS\ie8updates\KB976325-
IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)--
>"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player (KB954155)--
>"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player (KB968816)--
>"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player (KB973540)--
>"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player 11 (KB936782)--
>"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\
spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)--
>"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\sp
uninst.exe"
Security Update for Windows XP (KB923561)--
>"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB923789)--
>C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe
C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)--
>"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB941569)--
>"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB946648)--
>"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB950759)--
>"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB950760)--
>"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB950762)--
>"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB950974)--
>"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB951066)--
>"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB951376-v2)--
>"C:\WINDOWS\$NtUninstallKB951376-
v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)--
>"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB951748)--
>"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB952004)--
>"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB952954)--
>"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB954211)--
>"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB954459)--
>"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB954600)--
>"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB955069)--
>"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956391)--
>"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956572)--
>"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956744)--
>"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956802)--
>"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956803)--
>"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956841)--
>"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956844)--
>"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB957097)--
>"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958644)--
>"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958687)--
>"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958690)--
>"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958869)--
>"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB959426)--
>"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960225)--
>"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960715)--
>"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960803)--
>"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960859)--
>"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB961371-v2)--
>"C:\WINDOWS\$NtUninstallKB961371-
v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)--
>"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB961501)--
>"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB968537)--
>"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB969059)--
>"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB969947)--
>"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB970238)--
>"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB970430)--
>"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971486)--
>"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971557)--
>"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971633)--
>"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971657)--
>"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973346)--
>"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973354)--
>"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973507)--
>"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973525)--
>"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973869)--
>"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973904)--
>"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974112)--
>"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974318)--
>"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974392)--
>"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974571)--
>"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB975025)--
>"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB975467)--
>"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.e
xe"
Super Solitaire 2!-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\
Ctor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{ECF90044-1EC8-4A6E-8A14-
C212E5E398C7}\setup.exe" -l0x9
Super Solitaire!-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\
Ctor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{F2B8F36F-2014-42E0-9AF2-
882BAA110F21}\setup.exe" -l0x9
The Weather Channel Desktop 6-->C:\Program Files\The
Weather Channel
FW\Desktop\TheWeatherChannelCustomUninstall.exe
Update for Windows Internet Explorer 8 (KB973874)--
>"C:\WINDOWS\ie8updates\KB973874-
IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)--
>"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.e
xe"
Update for Windows XP (KB942763)--
>"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.e
xe"
Update for Windows XP (KB951978)--
>"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.e
xe"
Update for Windows XP (KB955839)--
>"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.e
xe"
Update for Windows XP (KB967715)--
>"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.e
xe"
Update for Windows XP (KB968389)--
>"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.e
xe"
Update for Windows XP (KB971737)--
>"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.e
xe"
Update for Windows XP (KB973687)--
>"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.e
xe"
Update for Windows XP (KB973815)--
>"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.e
xe"
Use the entry named LeapFrog Connect to uninstall
(LeapFrog My Pals Plugin)-->MsiExec.exe /X{CC33E708-
A795-4AB3-908A-8F45919BC097}
W Photo Studio-->MsiExec.exe /X{CBF3C503-946E-45EA-
B347-EACC41781989}
Watson-->MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-
2D8737D5E9E2}
WebEx Support Manager for Internet Explorer--
>MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-
85F2667A7B90}
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-
2581-46EC-926A-823BD1C670F6}
Windows Internet Explorer 8--
>"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe
"C:\Program Files\Windows Live Safety
Center\wlscCore.dll",UninstallFunction
WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program
Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--
>"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst
.exe"
Windows Media Player 11-->"C:\Program Files\Windows
Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--
>"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-
ECDD91C240B7}
Womens Murder Club - Death in Scarlet-->"C:\Program
Files\Games Of The Month\Womens Murder Club - Death in
Scarlet\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32
/u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Software Update--
>C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\winlogon86.exe [2010-01-
02]
O4 - HKLM\..\Run: [winupdate86.exe]
C:\WINDOWS\system32\winupdate86.exe [2010-01-02]

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100102-0]

======System event log======

Computer Name: OURS
Event Code: 29
Message: The time provider NtpClient is configured to acquire
time from one or more
time sources, however none of the sources are currently
accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Record Number: 9811
Source Name: W32Time
Time Written: 20091027221418.000000-300
Event Type: error
User:

Computer Name: OURS
Event Code: 17
Message: Time Provider NtpClient: An error occurred during
DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the
DNS lookup again in 240
minutes.
The error was: A socket operation was attempted to an
unreachable host. (0x80072751)

Record Number: 9810
Source Name: W32Time
Time Written: 20091027221418.000000-300
Event Type: error
User:

Computer Name: OURS
Event Code: 29
Message: The time provider NtpClient is configured to acquire
time from one or more
time sources, however none of the sources are currently
accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Record Number: 9806
Source Name: W32Time
Time Written: 20091027201418.000000-300
Event Type: error
User:

Computer Name: OURS
Event Code: 17
Message: Time Provider NtpClient: An error occurred during
DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the
DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an
unreachable host. (0x80072751)

Record Number: 9805
Source Name: W32Time
Time Written: 20091027201418.000000-300
Event Type: error
User:

Computer Name: OURS
Event Code: 29
Message: The time provider NtpClient is configured to acquire
time from one or more
time sources, however none of the sources are currently
accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Record Number: 9804
Source Name: W32Time
Time Written: 20091027191416.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: OURS
Event Code: 20
Message:
Record Number: 6216
Source Name: Google Update
Time Written: 20091205132905.000000-360
Event Type: error
User: OURS\Lisa

Computer Name: OURS
Event Code: 20
Message:
Record Number: 6213
Source Name: Google Update
Time Written: 20091205124217.000000-360
Event Type: error
User: OURS\Lisa

Computer Name: OURS
Event Code: 20
Message:
Record Number: 6212
Source Name: Google Update
Time Written: 20091205122907.000000-360
Event Type: error
User: OURS\Lisa

Computer Name: OURS
Event Code: 20
Message:
Record Number: 6211
Source Name: Google Update
Time Written: 20091205114222.000000-360
Event Type: error
User: OURS\Lisa

Computer Name: OURS
Event Code: 20
Message:
Record Number: 6210
Source Name: Google Update
Time Written: 20091205112913.000000-360
Event Type: error
User: OURS\Lisa

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%Syste
mRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1
Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.
WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Report •

#3
January 2, 2010 at 14:07:08
That was first log file, here is second...

Logfile of random's system information tool 1.06 (written by
random/random)
Run by Lisa at 2010-01-02 15:11:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (59%) free of 76 GB
Total RAM: 255 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:26 PM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel
FW\Desktop\DesktopWeather.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Lisa\Local Settings\Application
Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\LeapFrog\LeapFrog
Connect\CommandService.exe
C:\Program
Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common
Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lisa\Desktop\RSIT.exe
C:\Documents and Settings\Lisa\Desktop\Lisa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-
11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-
8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-
9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-
2E3491156990} - C:\Program Files\iWin
Games\iWinGamesHookIE.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-
4ba6-81D4-E427DEE012AD} -
C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: TBSB07286 - {C23D0D6A-8CBA-4B33-9735-
47D81F5B2B85} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-
A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-
BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-
9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-
6AC0-411E-940A-369530A35E43} -
C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program
Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe"
/startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather
Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Lisa\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program
Files\Free Ride Games\GPlayer.exe /runonstartup" (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program
Files\Free Ride Games\GPlayer.exe /runonstartup" (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program
Files\Free Ride Games\GPlayer.exe /runonstartup" (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program
Files\Free Ride Games\GPlayer.exe /runonstartup" (User
'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send to &Bluetooth Device...
- C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth -
C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-
9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
(Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls...
bookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
(Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/re...
wlscbase8942.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://fpdownload2.macromedia.com/g...
h/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O23 - Service: ASP.NET State Service (aspnet_state) -
Unknown owner -
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_
state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -
ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom
Corporation. - C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.911.3589
(GoogleDesktopManager-110309-193829) - Google -
C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program
Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) -
Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog
Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog
Connect\CommandService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo!
Inc. - C:\Program
Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8598 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-
1085031214-115176313-515967899-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-
1085031214-115176313-515967899-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-
1085031214-115176313-515967899-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-
1085031214-115176313-515967899-1009UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-
{37D52906-A457-4AA5-87BD-E7FDE7F23855}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{02478D38-
C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19
817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22
62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper
Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
IEHlprObj Class - C:\Program Files\iWin
Games\iWinGamesHookIE.dll [2009-11-24 141312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper
Objects\{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD}]
TwcToolbarBhoApp Class -
C:\WINDOWS\system32\TwcToolbarBho.dll [2008-07-22
98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper
Objects\{C23D0D6A-8CBA-4B33-9735-47D81F5B2B85}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-
A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program
Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-
17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11
73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!
Toolbar - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19
817936]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather
Channel Toolbar - C:\WINDOWS\system32\TwcToolbarIe7.dll
[2009-06-23 331776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15
39792]
"Monitor"=C:\Program Files\LeapFrog\LeapFrog
Connect\Monitor.exe [2009-11-10 443728]
"Google Desktop Search"=C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe [2009-12-26 30192]
"SunJavaUpdateSched"=C:\Program
Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[2009-11-24 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-
14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe
[2008-04-14 1695232]
"DW6"=C:\Program Files\The Weather Channel
FW\Desktop\DesktopWeather.exe [2009-10-08 818288]
"Google Update"=C:\Documents and Settings\Lisa\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009-03-04 133104]

C:\Documents and Settings\All Users\Start
Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth
Software\BTTray.exe
WinZip Quick Pick.lnk - C:\Program
Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kbdsock.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-
94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18
133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Cont
rol\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Cont
rol\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services
\sharedaccess\parameters\firewallpolicy\standardprofile\auth
orizedapplications\list]
"%windir%\Network
Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\s
essmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\syst
em32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Common
Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program
Files\Common
Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL
TopSpeed"
"C:\Program Files\Common
Files\AOL\Loader\aolload.exe"="C:\Program Files\Common
Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common
Files\AOL\1233426573\ee\aolsoftware.exe"="C:\Program
Files\Common
Files\AOL\1233426573\ee\aolsoftware.exe:*:Enabled:AOL
Services"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program
Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program
Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program
Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program
Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program
Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program
Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program
Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Ya
hoo! Messenger"
"C:\Program Files\Google\Google
Talk\googletalk.exe"="C:\Program Files\Google\Google
Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe"="C:\Program
Files\Google\Google Desktop
Search\GoogleDesktop.exe:*:Enabled:Google Desktop"
"C:\Program Files\iWin
Games\iWinGames.exe"="C:\Program Files\iWin
Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin
Games\WebUpdater.exe"="C:\Program Files\iWin
Games\WebUpdater.exe:*:Enabled:iWin Games updater."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services
\sharedaccess\parameters\firewallpolicy\domainprofile\authori
zedapplications\list]
"%windir%\Network
Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\s
essmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\curren
tversion\explorer\mountpoints2\{5cdba254-528b-11dd-93f6-
0002a5e575b1}]
shell\AutoRun\command -
C:\WINDOWS\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL autorun.exe


======List of files/folders created in the last 1
months======

2010-01-02 15:11:43 ----D---- C:\rsit
2010-01-02 11:36:06 ----A----
C:\WINDOWS\system32\aswBoot.exe
2010-01-02 11:36:02 ----D---- C:\Program Files\Alwil Software
2010-01-02 11:33:23 ----A---- C:\Program
Files\avast_home_setup.exe
2010-01-02 10:51:10 ----D---- C:\Documents and
Settings\Lisa\Application Data\Malwarebytes
2010-01-02 10:51:00 ----D---- C:\Documents and Settings\All
Users\Application Data\Malwarebytes
2010-01-02 10:50:59 ----D---- C:\Program Files\Malwarebytes'
Anti-Malware
2010-01-01 15:30:19 ----D---- C:\Program Files\Windows Live
Safety Center
2010-01-01 10:18:39 ----A----
C:\WINDOWS\system32\d3d9caps.tmp
2010-01-01 10:12:39 ----SHD---- C:\Config.Msi
2009-12-30 14:35:49 ----D---- C:\Program Files\Murder She
Wrote
2009-12-30 14:34:06 ----D---- C:\Program
Files\ReflexiveArcade
2009-12-29 22:27:36 ----A----
C:\WINDOWS\system32\javaws.exe
2009-12-29 22:27:36 ----A----
C:\WINDOWS\system32\javaw.exe
2009-12-29 22:27:36 ----A----
C:\WINDOWS\system32\java.exe
2009-12-29 20:56:35 ----D---- C:\Program Files\iWin.com
2009-12-29 20:44:07 ----D---- C:\Program Files\Conduit
2009-12-29 20:41:28 ----D---- C:\Program Files\iWin Games
2009-12-26 13:55:16 ----D----
C:\WINDOWS\system32\IOSUBSYS
2009-12-26 00:34:51 ----D---- C:\Documents and
Settings\Lisa\Application Data\Anabel
2009-12-26 00:00:23 ----D---- C:\Documents and
Settings\Lisa\Application Data\Playrix Entertainment
2009-12-25 17:07:57 ----D---- C:\Remote Programs
2009-12-25 17:05:32 ----D---- C:\Documents and Settings\All
Users\Application Data\Free Ride Games
2009-12-25 01:42:32 ----D----
C:\WINDOWS\CC33E708A7954AB3908A8F45919BC097.TM
P
2009-12-25 01:40:42 ----A---- C:\WINDOWS\{7E7D778E-
121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
2009-12-25 01:39:54 ----D---- C:\Program Files\Common
Files\Wise Installation Wizard
2009-12-25 01:38:19 ----D---- C:\Program Files\LeapFrog
2009-12-25 01:38:19 ----D---- C:\Documents and Settings\All
Users\Application Data\Leapfrog
2009-12-23 05:28:03 ----D---- C:\Documents and
Settings\Lisa\Application Data\Meridian93
2009-12-22 22:19:00 ----D---- C:\Program
Files\FreeGamePick.com
2009-12-22 22:18:15 ----A---- C:\Program Files\mystery-of-
unicorn-castle.exe
2009-12-20 19:42:32 ----A----
C:\WINDOWS\system32\btw_ci.dll
2009-12-20 19:41:39 ----D---- C:\Program Files\WIDCOMM
2009-12-14 23:39:06 ----D---- C:\Documents and
Settings\Lisa\Application Data\panoramik
2009-12-11 23:25:00 ----D---- C:\Documents and Settings\All
Users\Application Data\Christmasville
2009-12-10 03:11:27 ----HDC----
C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 03:11:09 ----HDC----
C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-10 03:11:00 ----HDC----
C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 03:09:56 ----HDC----
C:\WINDOWS\$NtUninstallKB973687$
2009-12-10 03:09:43 ----HDC----
C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 03:09:31 ----HDC----
C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 03:09:17 ----HDC----
C:\WINDOWS\$NtUninstallKB971737$
2009-12-10 03:01:55 ----HDC----
C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1
months======

2010-01-02 14:43:43 ----D---- C:\WINDOWS\Temp
2010-01-02 12:50:10 ----D---- C:\Program Files\Mozilla Firefox
2010-01-02 11:38:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 11:36:45 ----D---- C:\WINDOWS\system32\drivers
2010-01-02 11:36:41 ----D---- C:\WINDOWS\system32\config
2010-01-02 11:36:41 ----D---- C:\WINDOWS\system32
2010-01-02 11:36:02 ----RD---- C:\Program Files
2010-01-02 11:01:57 ----HDC----
C:\WINDOWS\$NtUninstallKB960803$
2010-01-02 11:00:23 ----SD---- C:\WINDOWS\Tasks
2010-01-02 10:02:54 ----D---- C:\Program Files\Google
2010-01-02 10:02:33 ----SHD---- C:\WINDOWS\Installer
2010-01-02 09:40:51 ----D---- C:\WINDOWS\Prefetch
2010-01-02 09:34:53 ----SD---- C:\Documents and
Settings\Lisa\Application Data\Microsoft
2010-01-02 09:34:53 ----D---- C:\WINDOWS
2010-01-02 09:24:45 ----SD---- C:\Documents and
Settings\All Users\Application Data\Microsoft
2010-01-01 20:25:07 ----HD---- C:\WINDOWS\inf
2010-01-01 15:30:21 ----SD---- C:\WINDOWS\Downloaded
Program Files
2010-01-01 15:30:17 ----D----
C:\WINDOWS\system32\CatRoot2
2010-01-01 10:43:20 ----SHD---- C:\System Volume
Information
2010-01-01 10:43:20 ----D----
C:\WINDOWS\system32\Restore
2010-01-01 10:33:15 ----D---- C:\Documents and
Settings\Lisa\Application Data\FrostWire
2009-12-31 23:16:53 ----D---- C:\Program Files\MostFun
2009-12-31 08:49:22 ----D---- C:\Documents and
Settings\Lisa\Application Data\PlayFirst
2009-12-31 08:49:22 ----D---- C:\Documents and Settings\All
Users\Application Data\PlayFirst
2009-12-31 08:40:44 ----D---- C:\Documents and Settings\All
Users\Application Data\NeoEdge Networks
2009-12-29 22:27:26 ----D---- C:\Program Files\Java
2009-12-29 21:10:16 ----AD---- C:\Documents and
Settings\All Users\Application Data\TEMP
2009-12-26 16:37:00 ----D---- C:\Documents and Settings
2009-12-26 13:26:08 ----D---- C:\Documents and Settings\All
Users\Application Data\Google
2009-12-26 08:46:29 ----D---- C:\Program Files\Common Files
2009-12-25 17:04:52 ----HD---- C:\Program Files\InstallShield
Installation Information
2009-12-20 19:49:17 ----D----
C:\WINDOWS\system32\ReinstallBackups
2009-12-20 09:54:50 ----D---- C:\Program Files\Games A Go-
Go
2009-12-19 01:05:53 ----D---- C:\Documents and
Settings\Lisa\Application Data\Friday's games
2009-12-15 19:41:04 ----D---- C:\Documents and
Settings\Lisa\Application Data\Identities
2009-12-14 20:21:15 ----D---- C:\Documents and Settings\All
Users\Application Data\JollyBear
2009-12-13 15:15:39 ----A---- C:\WINDOWS\WORDPAD.INI
2009-12-13 03:20:30 ----D---- C:\WINDOWS\system32\wbem
2009-12-13 03:20:29 ----D---- C:\WINDOWS\Registration
2009-12-10 03:32:16 ----A----
C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 03:11:33 ----RSHDC----
C:\WINDOWS\system32\dllcache
2009-12-10 03:11:18 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 03:10:35 ----D---- C:\Program Files\Internet
Explorer
2009-12-10 03:10:22 ----D---- C:\WINDOWS\ie8updates
2009-12-10 03:10:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 03:02:40 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot,
1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor;
C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24
27408]
R1 aswSP;avast! Self Protection;
C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24
114768]
R1 aswTdi;avast! Network Shield Support;
C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24
48560]
R1 kbdhid;Keyboard HID Driver;
C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13
14592]
R1 Tcpip6;Microsoft IPv6 Protocol Driver;
C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20
225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0;
C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-29
21361]
R2 aswFsBlk;aswFsBlk;
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-
24 20560]
R2 aswMon2;avast! Standard Shield Support;
C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24
94160]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible
Transport Protocol;
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-
14 88320]
R2 NwlnkNb;NWLink NetBIOS;
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14
63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol;
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-
14 55936]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM);
C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17
96256]
R3 aswRdr;aswRdr;
C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24
23120]
R3 btaudio;Bluetooth Audio Device;
C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30
534568]
R3 BTDriver;Bluetooth Virtual Communications Driver;
C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04
37160]
R3 BTKRNL;Bluetooth Bus Enumerator;
C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19
991656]
R3 BTWDNDIS;Bluetooth LAN Access Server;
C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-
24 156816]
R3 btwhid;btwhid;
C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10
57384]
R3 btwmodem;Bluetooth Modem;
C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-
02-04 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver;
C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19
47272]
R3 E100B;Intel(R) PRO Adapter Driver;
C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-
17 117760]
R3 HidUsb;Microsoft HID Class Driver;
C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13
10368]
R3 mouhid;Mouse HID Driver;
C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17
12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
[2008-04-13 1897408]
R3 ROOTMODEM;Microsoft Legacy Modem Driver;
C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14
5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver;
C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14
12288]
R3 usbccgp;Microsoft USB Generic Parent Driver;
C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-
13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller
Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13
30208]
R3 usbhub;Microsoft USB Standard Hub Driver;
C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14
59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport
Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys
[2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport
Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[2008-04-14 20608]
S2 X4HS32Ex;X4HS32Ex; \??\C:\Program Files\Free Ride
Games\X4HS32Ex.Sys []
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;
C:\WINDOWS\system32\DRIVERS\netr28u.sys [2007-08-15
552448]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;
C:\WINDOWS\system32\DRIVERS\rt2870.sys []
S3 usbprint;Microsoft USB PRINTER Class;
C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13
25856]
S3 USBSTOR;USB Mass Storage Driver;
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-
04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver
Framework Platform Driver;
C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28
77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver
Framework Reflector;
C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28
82944]
S4 spcstb;spcstb;
C:\WINDOWS\System32\DRIVERS\spcstb.sys []

======List of services (R=Running, S=Stopped, 0=Boot,
1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service;
C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24
18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil
Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 btwdins;Bluetooth Service; C:\Program
Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-
09-02 346720]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin
Games\iWinTrusted.exe [2009-11-24 78104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program
Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LeapFrog Connect Device Service;LeapFrog Connect
Device Service; C:\Program Files\LeapFrog\LeapFrog
Connect\CommandService.exe [2009-11-10 1131808]
R2 NwSapAgent;SAP Agent;
C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program
Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-
09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24
254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24
352920]
S3 aspnet_state;ASP.NET State Service;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_
state.exe []
S3 GoogleDesktopManager-110309-193829;Google Desktop
Manager 5.9.911.3589; C:\Program Files\Google\Google
Desktop Search\GoogleDesktop.exe [2009-12-26 30192]
S3 ose;Office Source Engine; C:\Program Files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26
145184]
S3 WMPNetworkSvc;Windows Media Player Network
Sharing Service; C:\Program Files\Windows Media
Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver
Framework; C:\WINDOWS\system32\svchost.exe [2008-04-
14 14336]


Report •

Related Solutions

#4
January 2, 2010 at 14:08:29
let me know what you think. I wish i could afford to just go buy a
new hard drive! lol

Report •

#5
January 2, 2010 at 14:43:32
Please download Combofix from internet explorer instead of FireFox.

Remember..your Avast antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
January 2, 2010 at 16:33:37
ComboFix 10-01-02.01 - Lisa 01/02/2010 17:51:41.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.58 [GMT -6:00]
Running from: c:\documents and settings\Lisa\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1368 [VPS 100102-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\Lisa\Templates\info.tmp
c:\program files\iWin Games\iWinGamesHookIE.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-02 21:11 . 2010-01-02 21:12 -------- d-----w- C:\rsit
2010-01-02 17:36 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-02 17:36 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-02 17:36 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-02 17:36 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-02 17:36 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-02 17:36 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-02 17:36 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-02 17:36 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-02 17:36 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-02 17:36 . 2010-01-02 17:36 -------- d-----w- c:\program files\Alwil Software
2010-01-02 17:33 . 2010-01-02 17:33 308160 ----a-w- c:\program files\avast_home_setup.exe
2010-01-02 16:51 . 2010-01-02 16:51 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes
2010-01-02 16:51 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 16:51 . 2010-01-02 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-02 16:51 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 16:50 . 2010-01-02 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 21:30 . 2010-01-02 02:25 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-01 16:40 . 2010-01-01 16:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-01 16:32 . 2010-01-01 16:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-30 20:35 . 2009-12-30 20:37 -------- d-----w- c:\program files\Murder She Wrote
2009-12-30 20:34 . 2009-12-30 20:34 -------- d-----w- c:\program files\ReflexiveArcade
2009-12-30 02:56 . 2010-01-02 18:06 -------- d-----w- c:\program files\iWin.com
2009-12-30 02:44 . 2009-12-30 02:44 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Conduit
2009-12-30 02:44 . 2009-12-30 02:44 -------- d-----w- c:\program files\Conduit
2009-12-30 02:41 . 2010-01-03 00:00 -------- d-----w- c:\program files\iWin Games
2009-12-27 02:10 . 2009-12-27 02:10 -------- d-sh--w- c:\documents and settings\Jesse\IECompatCache
2009-12-26 23:07 . 2009-12-26 23:23 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\Temp
2009-12-26 22:46 . 2009-12-26 22:46 -------- d-----w- c:\documents and settings\Jesse\Application Data\Yahoo!
2009-12-26 22:46 . 2009-12-26 23:06 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\AskToolbar
2009-12-26 22:43 . 2009-12-26 22:44 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\The Weather Channel
2009-12-26 22:41 . 2009-12-26 22:41 -------- d-----w- c:\documents and settings\Jesse\Bluetooth Software
2009-12-26 22:40 . 2009-12-26 22:40 22192 ----a-w- c:\documents and settings\Jesse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 22:39 . 2009-12-26 23:09 -------- d-----w- c:\documents and settings\Jesse\Local Settings\Application Data\Google
2009-12-26 22:38 . 2009-12-26 22:38 -------- d-sh--w- c:\documents and settings\Jesse\IETldCache
2009-12-26 20:02 . 2009-12-26 20:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-26 19:55 . 2009-12-26 19:55 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-12-26 06:34 . 2009-12-26 06:34 -------- d-----w- c:\documents and settings\Lisa\Application Data\Anabel
2009-12-26 06:00 . 2009-12-26 06:00 -------- d-----w- c:\documents and settings\Lisa\Application Data\Playrix Entertainment
2009-12-26 01:11 . 2009-12-26 01:11 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\SpookyManor
2009-12-25 23:08 . 2009-12-25 23:08 64 ----a-w- c:\windows\GPlrLanc.dat
2009-12-25 23:07 . 2009-12-26 01:48 -------- d-----w- C:\Remote Programs
2009-12-25 23:05 . 2009-12-25 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2009-12-25 07:42 . 2009-12-25 07:42 -------- d-----w- c:\windows\CC33E708A7954AB3908A8F45919BC097.TMP
2009-12-25 07:39 . 2009-12-25 07:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-25 07:38 . 2009-12-25 07:41 -------- d-----w- c:\program files\LeapFrog
2009-12-25 07:38 . 2009-12-25 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2009-12-23 11:28 . 2009-12-23 11:28 -------- d-----w- c:\documents and settings\Lisa\Application Data\Meridian93
2009-12-23 04:19 . 2009-12-23 04:19 -------- d-----w- c:\program files\FreeGamePick.com
2009-12-23 04:18 . 2009-12-23 04:18 45370990 ----a-w- c:\program files\mystery-of-unicorn-castle.exe
2009-12-21 01:51 . 2009-12-21 01:51 -------- d-----w- c:\documents and settings\Lisa\Bluetooth Software
2009-12-21 01:42 . 2008-08-20 04:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2009-12-21 01:42 . 2007-09-20 17:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-12-21 01:42 . 2008-06-11 20:14 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2009-12-21 01:42 . 2008-02-04 23:57 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2009-12-21 01:42 . 2008-07-24 23:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2009-12-21 01:42 . 2008-03-11 00:18 57384 ----a-w- c:\windows\system32\drivers\btwhid.sys
2009-12-21 01:42 . 2008-02-04 23:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2009-12-21 01:42 . 2008-08-20 04:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2009-12-21 01:42 . 2008-05-30 17:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2009-12-21 01:41 . 2009-12-21 01:41 -------- d-----w- c:\program files\WIDCOMM
2009-12-15 05:39 . 2009-12-15 05:39 -------- d-----w- c:\documents and settings\Lisa\Application Data\panoramik
2009-12-13 09:20 . 2009-12-13 09:20 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-12 05:25 . 2009-12-12 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Christmasville

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 16:02 . 2009-04-24 17:39 -------- d-----w- c:\program files\Google
2010-01-01 16:33 . 2009-02-01 20:01 -------- d-----w- c:\documents and settings\Lisa\Application Data\FrostWire
2010-01-01 16:18 . 2008-07-17 05:56 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 16:18 . 2010-01-01 16:18 1744 ----a-w- c:\windows\system32\d3d9caps.tmp
2010-01-01 05:54 . 2008-07-17 06:37 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-01 05:16 . 2009-05-06 06:18 -------- d-----w- c:\program files\MostFun
2009-12-31 14:49 . 2009-10-02 03:20 -------- d-----w- c:\documents and settings\Lisa\Application Data\PlayFirst
2009-12-31 14:49 . 2009-10-02 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-12-31 14:41 . 2008-09-17 23:18 1892489 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\MostFun_DreamChronicles\IAF.dll
2009-12-31 14:40 . 2009-05-06 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-12-30 04:27 . 2009-02-01 19:56 -------- d-----w- c:\program files\Java
2009-12-30 04:23 . 2009-12-10 13:11 152576 ----a-w- c:\documents and settings\Lisa\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-30 04:23 . 2009-12-10 13:10 79488 ----a-w- c:\documents and settings\Lisa\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-30 03:10 . 2009-05-05 03:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-25 23:04 . 2008-07-17 05:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 07:39 . 2009-12-25 07:39 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-25 07:38 . 2009-12-25 07:38 3106632 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\MyPalsPlugin.exe
2009-12-20 16:44 . 2009-03-09 00:49 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-20 15:54 . 2009-08-26 19:17 -------- d-----w- c:\program files\Games A Go-Go
2009-12-19 07:05 . 2009-10-24 05:02 -------- d-----w- c:\documents and settings\Lisa\Application Data\Friday's games
2009-12-15 02:21 . 2009-07-27 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-11-28 03:03 . 2009-10-27 00:09 -------- d-----w- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-11-23 06:43 . 2009-11-23 06:12 -------- d-----w- c:\documents and settings\Lisa\Application Data\Pirateville
2009-11-23 06:11 . 2009-11-21 05:42 -------- d-----w- c:\program files\iWin.com Games
2009-11-21 05:57 . 2009-11-21 05:44 -------- d-----w- c:\documents and settings\Lisa\Application Data\Mysteryville2
2009-11-21 05:44 . 2009-11-21 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 10:17 . 2009-02-03 22:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-03-10 00:04 . 2009-03-10 00:03 11098032 ----a-w- c:\program files\English_AnimationShop311_Jasc_PREMIUMESD.exe
2009-12-26 19:48 . 2009-12-26 19:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"Google Update"="c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-04 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-26 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/2/2010 11:36 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/2/2010 11:36 AM 20560]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [11/24/2009 1:43 PM 78104]
S2 X4HS32Ex;X4HS32Ex;\??\c:\program files\Free Ride Games\X4HS32Ex.Sys --> c:\program files\Free Ride Games\X4HS32Ex.Sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/26/2009 1:47 PM 30192]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [7/29/2008 11:10 PM 552448]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys --> c:\windows\system32\DRIVERS\rt2870.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-115176313-515967899-1004Core.job
- c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-04 22:57]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-115176313-515967899-1004UA.job
- c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-04 22:57]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-115176313-515967899-1009Core.job
- c:\documents and settings\Jesse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 19:56]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-115176313-515967899-1009UA.job
- c:\documents and settings\Jesse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 19:56]

2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{37D52906-A457-4AA5-87BD-E7FDE7F23855}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Lisa\Application Data\Mozilla\Firefox\Profiles\9blron3r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.aol.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 18:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-115176313-515967899-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4c,21,4e,ca,9c,7c,5b,68,0e,de,89,b9,cd,ce,9c,73,00,20,29,6a,0f,91,e8,
e1,31,b5,c3,b9,c8,c4,50,c5,98,9e,2b,8e,2b,18,75,9a,b2,42,82,f0,67,9b,51,fb,\
"??"=hex:29,7c,21,c3,d9,98,87,a6,37,ac,03,4f,27,5b,b7,27
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-02 18:24:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-03 00:24

Pre-Run: 47,117,475,840 bytes free
Post-Run: 48,107,921,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CF9A520B0112E84CF773CE0BB4BE70E8


Report •

#7
January 2, 2010 at 16:40:16
Are you still being redirected? If not do the following:

Delete RSIT from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#8
January 2, 2010 at 18:36:48
no, the combo fix cured it. thank you so very much.
Happy New Year!!
Lisa

Report •

#9
January 2, 2010 at 18:44:08
Glad we could help.

Report •


Ask Question