[masterb7]

Reg- Bot check, Reg mountpoints2 and file additional folder scans were not on the list.

the drivers list contained: none, safe list and all, no non-microsoft
under files created within says: none, whitelist/file age and all, no 90 days, there was a balk on top which had this option.

and after posting this i ran a scan: it didnt work. retried, didnt work either. And if froze up at exactly the same folder:
C:\WINDOWS\system32\svchost.exe

also: there was an catchme.exe in the same folder, just saying.



and what i meant with that, is that you might have said those instructions from experience with windows xp pro, which might not be exactly the same as normal windows xp. i could be wrong off course.

[Advertisements]

retried, didnt work either. And if froze up at exactly the same folder:

Have you got Avast disabled?

I think it might be stopping the scan.

[emeraldnzl]

retried, didnt work either. And if froze up at exactly the same folder:

Have you got Avast disabled?

I think it might be stopping the scan.

[masterb7]

with avast i guess you mean the other program as avast is the one i deinstalled?

i just tried to disable it, it had no disable function but a snooze function so i used that. Scanning went further then svchost, but froze at Dnscache...
And a little black screen just popped up, its the catchme.exe, not sure to let it run or not so i let it run. what do you think about this?

ok forget what i said. for some reason i suddenly got myself a log, im posting it through

[code=auto:0]OTScanIt2 logfile created on: 5/12/2008 22:57:57 - Run 3
OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\XP\Bureaublad\OTScanIt2
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

319,48 Mb Total Physical Memory | 92,11 Mb Available Physical Memory | 28,83% Memory free
773,63 Mb Paging File | 381,13 Mb Available in Paging File | 49,26% Paging File free
Paging file location(s): C:\pagefile.sys 480 960;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,17 Gb Total Space | 21,12 Gb Free Space | 55,34% Space Free | Partition Type: NTFS
Drive D: | 38,16 Gb Total Space | 37,83 Gb Free Space | 99,14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THUIS-6BAA17DAD
Current User Name: XP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
adeck.exe -> %ProgramFiles%\VIA\VIAudioi\SBADeck\ADeck.exe -> [2007/06/27 10:52:00 | 00,540,672 | R--- | M] (VIA Technologies, Inc.)
cavrid.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe -> [2007/07/19 17:46:40 | 00,185,456 | ---- | M] (Computer Associates International, Inc.)
cavtray.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe -> [2007/07/19 17:46:40 | 00,230,512 | ---- | M] (Computer Associates International, Inc.)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/14 20:50:47 | 00,307,712 | ---- | M] (Mozilla Corporation)
hpi_monitor.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe -> [2000/08/14 15:48:06 | 00,032,768 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
isafe.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe -> [2007/07/19 17:46:40 | 00,259,184 | ---- | M] (Computer Associates International, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe -> [2007/01/19 12:54:42 | 05,674,352 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2005/10/10 20:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation)
otscanit2.exe -> %UserProfile%\Bureaublad\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> [2003/11/30 01:04:56 | 00,032,768 | ---- | M] (Cyberlink Corp.)
vetmsg.exe -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -> [2007/07/19 17:46:40 | 00,201,840 | ---- | M] (Computer Associates International, Inc.)

[Win32 Services - Safe List]
(aspnet_state) ASP.NET-statusservice [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation)
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe -> [2007/07/19 17:46:40 | 00,259,184 | ---- | M] (Computer Associates International, Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(helpsvc) Help en ondersteuning [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/04 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2005/10/10 20:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger USN Journal Reader service voor Gedeelde mappen [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe -> [2007/07/19 17:46:40 | 00,201,840 | ---- | M] (Computer Associates International, Inc.)
(WMPNetworkSvc) Windows Media Player Network Sharing-service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/11/02 21:53:32 | 00,917,504 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Dot4) IEEE-1284.4 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hphid407.sys -> [2000/08/04 17:40:08 | 00,050,320 | R--- | M] (HP)
(Dot4Print) Print Class Driver for IEEE-1284.4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hphipr07.sys -> [2000/08/04 17:40:10 | 00,015,824 | R--- | M] (HP)
(Dot4Usb) USB to IEEE-1284.4 Translation Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hphius07.sys -> [2000/08/04 17:40:10 | 00,017,904 | R--- | M] (HP)
(FET5X86V) VIA Rhine-Family Fast-Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> [2007/04/17 02:58:56 | 00,042,496 | ---- | M] (VIA Technologies, Inc. )
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> [2001/08/17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. )
(gameenum) Spelpoort-enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2004/08/04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation)
(ms_mpu401) Microsoft MPU-401 MIDI UART-stuurprogramma [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2005/10/10 20:49:00 | 03,530,432 | ---- | M] (NVIDIA Corporation)
(Ptilink) Stuurprogramma voor Directe parallelle verbinding [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Vet-Filt.sys -> [2007/07/19 17:46:39 | 00,021,031 | ---- | M] (Computer Associates International, Inc.)
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Vet-Rec.sys -> [2007/07/19 17:46:39 | 00,015,478 | ---- | M] (Computer Associates International, Inc.)
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\VetEBoot.sys -> [2007/07/23 17:03:45 | 00,108,360 | ---- | M] (Computer Associates International, Inc.)
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %SystemRoot%\System32\drivers\VetEFile.sys -> [2007/07/23 17:03:45 | 00,879,832 | ---- | M] (Computer Associates International, Inc.)
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\VetFDDNT.sys -> [2007/07/19 17:46:39 | 00,015,735 | ---- | M] (Computer Associates International, Inc.)
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vetmonnt.sys -> [2007/07/19 17:47:00 | 00,026,787 | ---- | M] (Computer Associates International, Inc.)
(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vinyl97.sys -> [2006/10/10 03:58:48 | 00,203,648 | R--- | M] (VIA Technologies, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?linkid=677 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?linkid=677 ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\XP\Application Data\Mozilla\FireFox\Profiles\aua4qmfv.default\prefs.js ->
browser.search.defaultenginename -> "Ask" ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3 ->
extensions.enabledItems -> {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.4 ->
extensions.enabledItems -> {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111 ->
extensions.enabledItems -> {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.3 ->
extensions.enabledItems -> {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (776 bytes and 18 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Help bij koppelingen] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006/08/31 19:33:06 | 00,322,368 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2007/05/11 02:06:32 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
"AudioDeck" -> %ProgramFiles%\VIA\VIAudioi\SBADeck\ADeck.exe [C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1] -> [2007/06/27 10:52:00 | 00,540,672 | R--- | M] (VIA Technologies, Inc.)
"CaAvTray" -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe ["C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"] -> [2007/07/19 17:46:40 | 00,230,512 | ---- | M] (Computer Associates International, Inc.)
"CAVRID" -> %ProgramFiles%\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe ["C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"] -> [2007/07/19 17:46:40 | 00,185,456 | ---- | M] (Computer Associates International, Inc.)
"CXMon" -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe ["C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"] -> [2000/08/14 15:48:06 | 00,032,768 | ---- | M] (Hewlett-Packard Company)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"MalwareDestructor" -> [C:\Program Files\MalwareDestructor\MalwareDestructor.exe /s] -> File not found
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 10:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2005/10/10 20:49:00 | 07,286,784 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2005/10/10 20:49:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2005/10/10 20:49:00 | 01,519,616 | ---- | M] ()
"RemoteControl" -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe [C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe] -> [2003/11/30 01:04:56 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"] -> File not found
"Windows SysNotify" -> %SystemRoot%\system32\mssecc.exe [C:\WINDOWS\system32\mssecc.exe] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AWMON" -> %ProgramFiles%\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe ["C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"] -> [2005/05/25 11:12:36 | 00,517,632 | ---- | M] (Lavasoft Sweden)
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"MsnMsgr" -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> [2007/01/19 12:54:42 | 05,674,352 | ---- | M] (Microsoft Corporation)
"Nick LaunchPad" -> %ProgramFiles%\Nick LaunchPad\Nick LaunchPad.exe ["C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r] -> File not found
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> %SystemRoot%\system32\Macromed\Shockwave 10\SwHelper_1020022.exe [C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0] -> [2007/05/02 11:31:46 | 00,383,216 | ---- | M] (Adobe Systems, Inc.)
< Run [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AWMON" -> %ProgramFiles%\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe ["C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"] -> [2005/05/25 11:12:36 | 00,517,632 | ---- | M] (Lavasoft Sweden)
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"MsnMsgr" -> %ProgramFiles%\MSN Messenger\msnmsgr.exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> [2007/01/19 12:54:42 | 05,674,352 | ---- | M] (Microsoft Corporation)
"Nick LaunchPad" -> %ProgramFiles%\Nick LaunchPad\Nick LaunchPad.exe ["C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r] -> File not found
< RunOnce [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> %SystemRoot%\system32\Macromed\Shockwave 10\SwHelper_1020022.exe [C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0] -> [2007/05/02 11:31:46 | 00,383,216 | ---- | M] (Adobe Systems, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten ->
< toni Startup Folder > -> C:\Documents and Settings\toni\Menu Start\Programma's\Opstarten ->
< XP Startup Folder > -> C:\Documents and Settings\XP\Menu Start\Programma's\Opstarten ->
%UserProfile%\Menu Start\Programma's\Opstarten\IMVU.lnk -> %ProgramFiles%\IMVU\IMVUClient.exe -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xporteren naar Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2005/05/27 00:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xporteren naar Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2005/05/27 00:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Onderzoek] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> %UserProfile%\Menu Start\Programma's\IMVU\Run IMVU.lnk [Button: Run IMVU] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{F4430FE8-2638-42e5-B849-800749B94EED}:Exec [HKLM] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [Button: PartyPoker.net] -> File not found
{F4430FE8-2638-42e5-B849-800749B94EED}:Exec [HKLM] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [Menu: PartyPoker.net] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Onderzoek] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Onderzoek] -> [2003/07/15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\] > -> HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1801674531-764733703-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] ->
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} [HKLM] -> http://www.acclaim.com/cabs/acclaim_v4.cab[GameLauncher Control] ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6} [HKLM] -> http://www.nick.com/common/groove/gx/GrooveAX27.cab[Groove Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} [HKLM] -> http://game14.zylom.com/activex/zylomgamesplayer.cab[Zylom Games Player] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{22C1F736-9026-4CD1-B86F-A82A782210A2} -> (VIA Rhine II Fast Ethernet Adapter) ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 13:00:00 | 00,142,336 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:42 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 13:00:00 | 00,142,336 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\XP\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" -> C:\Documents and Settings\XP\Local Settings\Temp\WZSE0.TMP\SymNRT.exe [C:\Documents and Settings\XP\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> [2007/12/06 12:04:44 | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire Plus\LimeWire.exe" -> C:\Program Files\LimeWire Plus\LimeWire.exe [C:\Program Files\LimeWire Plus\LimeWire.exe:*:Enabled:LimeWire] -> [2007/09/17 15:19:14 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" -> C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD [C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion] -> [2000/06/27 22:09:58 | 02,695,213 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:42 | 05,674,352 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Cd-rom-stuurprogramma ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/04 13:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/07/19 17:31:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->
7zFM.exe -> %ProgramFiles%\7-Zip\7zFM.exe [C:\Program Files\7-Zip\7zFM.exe] -> [2007/09/05 10:02:08 | 00,378,368 | ---- | M] (Igor Pavlov)
ACDSee(HP).exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\ACD\ACDSee\ACDSee(HP).exe [C:\Program Files\Hewlett-Packard\PhotoSmart\ACD\ACDSee\ACDSee(HP).exe] -> [2000/07/24 10:08:36 | 00,661,504 | ---- | M] (ACD Systems, Ltd.)
AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2007/05/11 02:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated)
BackItUp.EXE -> %ProgramFiles%\Ahead\Nero BackItUp\BackItUp.exe [C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe] -> [2005/07/14 20:34:34 | 05,758,976 | ---- | M] (Ahead Software AG)
bckgzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\bckgzm.exe [C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe] -> [2004/08/04 13:00:00 | 00,042,577 | ---- | M] (Microsoft Corporation)
Cam_Gallery.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\cam_gallery.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Cam_Gallery.exe] -> [2000/08/14 15:46:24 | 00,180,224 | ---- | M] ()
chkrzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\chkrzm.exe [C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe] -> [2004/08/04 13:00:00 | 00,042,575 | ---- | M] (Microsoft Corporation)
CONF.EXE -> %ProgramFiles%\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe] -> [2004/08/04 13:00:00 | 01,040,384 | ---- | M] (Microsoft Corporation)
dialer.exe -> %ProgramFiles%\Windows NT\dialer.exe [C:\Program Files\Windows NT\dialer.exe] -> [2004/08/04 13:00:00 | 00,545,792 | ---- | M] (Microsoft Corporation)
excel.exe -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE] -> [2005/05/27 00:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Extension Manager.exe -> %ProgramFiles%\Macromedia\Extension Manager\Extension Manager.exe [C:\Program Files\Macromedia\Extension Manager\Extension Manager.exe] -> [2005/08/10 14:13:52 | 00,614,400 | ---- | M] (Macromedia, Inc.)
EZUnload.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\EZunload.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\EZUnload.exe] -> [2000/08/14 15:46:56 | 00,118,784 | ---- | M] ()
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> [2008/11/14 20:50:47 | 00,307,712 | ---- | M] (Mozilla Corporation)
Flash.exe -> %ProgramFiles%\Macromedia\Flash 8\Flash.exe [C:\Program Files\Macromedia\Flash 8\flash.exe] -> [2005/08/31 03:10:38 | 16,879,616 | ---- | M] (Macromedia, Inc.)
HELPCTR.EXE -> %SystemRoot%\pchealth\helpctr\binaries\HelpCtr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2004/08/04 13:00:00 | 00,768,512 | ---- | M] (Microsoft Corporation)
HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> [2008/12/01 07:23:15 | 00,396,288 | ---- | M] (Trend Micro Inc.)
Hpi_CameraShell.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_CameraShell.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_CameraShell.exe] -> [2000/08/14 15:51:28 | 00,053,248 | ---- | M] ()
Hpi_JetSend.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe] -> [2000/08/14 15:52:34 | 00,585,728 | ---- | M] ()
Hpi_Monitor.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe] -> [2000/08/14 15:48:06 | 00,032,768 | ---- | M] (Hewlett-Packard Company)
hpi_print.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Printing\Hpi_Print.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpi_print.exe] -> [2000/08/14 15:43:56 | 00,512,000 | ---- | M] ()
hpi_run.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Update\HPI_Run.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Update\hpi_run.exe] -> [2000/08/14 15:50:10 | 00,036,864 | ---- | M] ()
hpi_upvm.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Update\bin\hpi_upvm.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\hpi_upvm.exe] -> [2000/08/14 15:55:02 | 00,020,544 | ---- | M] ()
hrtzzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2004/08/04 13:00:00 | 00,042,573 | ---- | M] (Microsoft Corporation)
hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> [2004/08/04 13:00:00 | 00,028,160 | ---- | M] (Hilgraeve, Inc.)
ICWCONN1.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe ["C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2004/08/04 13:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation)
ICWCONN2.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe ["C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2004/08/04 13:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation)
IEXPLORE.EXE -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE] -> [2007/12/06 12:04:44 | 00,625,664 | ---- | M] (Microsoft Corporation)
ImageDrive.exe -> %ProgramFiles%\Ahead\ImageDrive\ImageDrive.exe [C:\Program Files\Ahead\ImageDrive\ImageDrive.exe] -> [2005/03/03 19:34:30 | 00,893,016 | ---- | M] (Ahead Software AG)
INETWIZ.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe ["C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2004/08/04 13:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation)
infopath.exe -> %ProgramFiles%\Microsoft Office\OFFICE11\INFOPATH.EXE [C:\Program Files\Microsoft Office\OFFICE11\INFOPATH.EXE] -> [2005/07/05 11:19:18 | 07,069,896 | ---- | M] (Microsoft Corporation)
install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found
ISIGNUP.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe ["C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2004/08/04 13:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation)
javaws.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe] -> [2008/06/10 01:32:34 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.)
LimeWire.exe -> %ProgramFiles%\LimeWire Plus\LimeWire.exe [C:\Program Files\LimeWire Plus\LimeWire.exe] -> [2007/09/17 15:19:14 | 00,147,456 | ---- | M] (Lime Wire, LLC)
mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> [2008/12/03 19:52:32 | 01,265,296 | ---- | M] (Malwarebytes Corporation)
migwiz.exe -> %SystemRoot%\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2004/08/04 13:00:00 | 00,246,272 | ---- | M] (Microsoft Corporation)
moviemk.exe -> %ProgramFiles%\Movie Maker\moviemk.exe [C:\Program Files\Movie Maker\moviemk.exe] -> [2004/08/04 13:00:00 | 03,555,328 | ---- | M] (Microsoft Corporation)
mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [2004/08/04 13:00:00 | 00,004,639 | ---- | M] ()
MSACCESS.EXE -> %ProgramFiles%\Microsoft Office\OFFICE11\MSACCESS.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\MSACCESS.EXE] -> [2005/07/07 15:58:00 | 06,657,224 | ---- | M] (Microsoft Corporation)
MSCONFIG.EXE -> %SystemRoot%\pchealth\helpctr\binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe] -> [2004/08/04 13:00:00 | 00,160,256 | ---- | M] (Microsoft Corporation)
msimn.exe -> %ProgramFiles%\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2004/08/04 13:00:00 | 00,060,416 | ---- | M] (Microsoft Corporation)
msinfo32.exe -> %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe [C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2004/08/04 13:00:00 | 00,040,960 | -

[emeraldnzl]

with avast i guess you mean the other program as avast is the one i deinstalled?

Yep you got it right, my mistake.

Now

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\XP\Application Data\Mozilla\FireFox\Profiles\aua4qmfv.default\prefs.js
YN -> browser.search.defaultenginename -> "Ask"
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "MalwareDestructor" -> [C:\Program Files\MalwareDestructor\MalwareDestructor.exe /s]
YN -> "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

[masterb7]

here you go:

[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Documents and Settings\XP\Application Data\Mozilla\FireFox\Profiles\aua4qmfv.default\prefs.js not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MalwareDestructor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12062008_115816



im not an expert, but thats not neccesary to see malwaredestructor was succesfully deleted


EDIT: woops, forgot hijack log, here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:19, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Windows SysNotify] C:\WINDOWS\system32\mssecc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MalwareDestructor] C:\Program Files\MalwareDestructor\MalwareDestructor.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nick LaunchPad] "C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\XP\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom....gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7062 bytes

Edited by masterb7, 06 December 2008 - 05:14 AM.

[emeraldnzl]

im not an expert, but thats not neccesary to see malwaredestructor was succesfully deleted

Here is a link to tell you about Malwaredestructor.

http://www.bleepingc....exe-20235.html

Unfortunately even though we have attacked it from many angles it persists on your computer.

I wonder, did you reinstall it at all?

[masterb7]

wait... its still there?

and having a look at that information page memories are coming back... i had that a long time ago, i was already having problems at that point. hoped that could fix it. But looks i got tricked :/
as soon as i saw the, pay warning though, i ignored it. i also think i had it deleted, but apparently, i did not.


having a deeper look at the information, i also saw a topic about a feature called system restore. could this have anything to do with this

and what do you mean with did you reinstall it at all? as far as i know i followed every step as good as i could.

Edited by masterb7, 06 December 2008 - 03:28 PM.

[emeraldnzl]

Well lets try again but this time make absolutely sure you have that anti-virus of yours disabled. Anti-virus, anti-spyware and firwalls can all stop HijackThis and other tools working properly.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [MalwareDestructor] C:\Program Files\MalwareDestructor\MalwareDestructor.exe /s

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Next

Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  :files
  C:\Program Files\MalwareDestructor\MalwareDestructor.exe
  :commands
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post along with a new HijackThis log.

[masterb7]

moveit file:

========== FILES ==========
File/Folder C:\Program Files\MalwareDestructor\MalwareDestructor.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\XP\LOCALS~1\Temp\etilqs_SJT1ha4cbJ89o5Kk0m0g scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12072008_101515

Files moved on Reboot...
File C:\DOCUME~1\XP\LOCALS~1\Temp\etilqs_SJT1ha4cbJ89o5Kk0m0g not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\aua4qmfv.default\XUL.mfl moved successfully.


and an hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:05, on 7/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Windows SysNotify] C:\WINDOWS\system32\mssecc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nick LaunchPad] "C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\XP\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom....gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 6861 bytes

[emeraldnzl]

Hello masterb7,

That looks better.

Now

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) Java 1.6.0_7 or later.

Your version of Java does not comply, please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Now go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

[masterb7]

here's the log. and sorry about the delay, i forgot to mention i was gone till wednesday.


KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 11, 2008 04:01:06
Records in database: 1451358
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 38807
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:21:13

No malware has been detected. The scan area is clean.
The selected area was scanned.


also, i recently deleated some files. but looks like i accidently deleted an quite important file, as when i restarted the comp. everything got double as big as supposed to be, and when i use my settings to turn it back to normal, the first option gives me a smaller than wished window/pictures... any ideas?

EDIT:fixed the screen problem, but at start up i now get two messages:
title:RUNDLL
an error has occured while loading C:\WINDOWS\system32\NvMcTray.dll
requested module could not be found.

and an same window just like that but only with NvCpl.dll instead of NvMcTray.dll

also, i found this 'trial' on my comp, same kind off program like malwaredestructor but called AROTrial_bt.exe. im 100% syre its malware, could i just remove it without any problem?

Edited by masterb7, 11 December 2008 - 11:12 AM.

[emeraldnzl]

also, i found this 'trial' on my comp, same kind off program like malwaredestructor but called AROTrial_bt.exe. im 100% syre its malware, could i just remove it without any problem?

Follow the link below to see what McAfee site advisor says about it:

http://www.siteadvis...loads/13803829/

Not malware I think but one I would remove. Registry cleaners are notorious for causing problems on computers. In almost all situations they are not necessary.

I think your machine is clean of malware now.

However before we remove the tools we have used from your computer lets try this to attend to your tech problem.

If this doesn't help you may need to post a new topic in the tech area after we have cleared away those tools.

Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.

Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:
My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

[masterb7]

yes, it got an insert a CD message while running the scan. we might have the CD lying around somewhere here, but i doubt it, so could you already tell me what i should do?

and thanks a lot for helping me with mine malware problem

[emeraldnzl]

Hi masterb7,

yes, it got an insert a CD message while running the scan. we might have the CD lying around somewhere here, but i doubt it, so could you already tell me what i should do?

You can go to the tech section here. They should be able to help you. If you do, explain your problem and tell them you have been here and that you have a clean bill of health on the malware front.

Now

We have a couple of last steps to perform and then you're all set.

• Make sure you have an Internet Connection.
• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

--------------------------------------------------------------------------------------------------------------------

Check your Adobe Acrobat Reader; it may be out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

• ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".a
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (Note: this as an added benefit!) that I have seen. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

------------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

Before you do though remember that running two or more real-time (some of these are not real-time) anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

• SUPERAntiSpyware Free for Home Users to detect and remove spyware.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  
  If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• AdAware SE Personal
  
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!

[masterb7]

thaks a lot for the help, im going to post a message in the tech forum now

one last question though, about IEspyad: this will probally not work with firefox?

and i would like to thank you once more, the problem which i came for hasn't yet been fixed, but that doesnt mean you have been a great help

now, off to the tech forum.

ps: cann not find tech forum
link?

Edited by masterb7, 12 December 2008 - 04:33 AM.