AUTO key input?

Hey guys im new, and im concearned because my computer has a wierd problem where, when i play games like half life the page up key keeps pressing automaticly and the mouse will also move. Its so annoying please help. I think its spyware.

got it. but it shows what i installed is it supposed to?

Just download DDS from any of the 3 links, then double click DDS.com/scr/pif
This will start the cmd window and it will have a message inside so you know what to do.
It may seem unresponsive for awhile because the message doesn't change, but it's scanning the machine in the background, so allow it to run and it will open two log files when done.
Post DDS.txt back here.

a okay so i copy and paste it here? because i dont know how to upload attachments.

Yep, copy and paste.

its too big. :oops:

Break it up into more than one post.

Everything from the top down to the finish of the psudo HJT report should fit in one post, everything else should fit in the rest.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 7:58:06.89 on Sat 02/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.198 [GMT -8:00]

AV: avast! antivirus 4.8.1335 [VPS 090227-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60446
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1BE91023-1E07-483B-8F65-0F2F8A466B81} - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TrueTransparency] "c:\documents and settings\owner\desktop\truetransparency\TrueTransparency.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\transbar.lnk - c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230230178328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: ssqOICVm - ssqOICVm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJayARH

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3zexqeos.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw=
FF - component: c:\program files\mozilla firefox\components\scriptff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-15 340592]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-2-25 22536]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-15 114768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-26 353680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-15 138680]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-2-25 4150840]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-12-15 67904]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-15 352920]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-15 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-15 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-12-15 64432]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\drivers\qcusbmdm.sys [2009-1-29 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\drivers\qcusbser.sys [2009-1-29 59632]

=============== Created Last 30 ================

2009-02-28 07:53 --d----- c:\documents and settings\owner\.gimp-2.6
2009-02-28 07:53 --d----- c:\documents and settings\owner\.gegl-0.0
2009-02-28 07:50 --d----- c:\program files\GIMP-2.0
2009-02-28 03:39 --d----- c:\program files\AMR to MP3 Converter
2009-02-26 22:10 --d----- c:\program files\Project64 1.6
2009-02-25 19:56 --d----- c:\program files\Half-Life Model Viewer
2009-02-25 18:59 22,536 a------- c:\windows\system32\drivers\pxscan.sys
2009-02-25 18:59 --d----- c:\program files\Prevx
2009-02-25 18:58 --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-02-25 18:58 64 a------- c:\windows\wininit.ini
2009-02-25 17:59 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-25 17:59 --d----- c:\docume~1\owner\applic~1\Spyware Terminator
2009-02-25 17:59 --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-02-25 17:59 --d----- c:\program files\Spyware Terminator
2009-02-23 03:50 --d----- c:\docume~1\owner\applic~1\Canneverbe_Limited
2009-02-22 20:00 --d----- C:\FSX
2009-02-20 18:42 --d----- c:\program files\Super Mario Blue Twilight DX
2009-02-20 17:40 --d----- c:\program files\Streets of Rage
2009-02-13 19:38 --d----- C:\Panda3D-1.5.4
2009-02-13 01:23 --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-02-13 01:10 2,786 a------- c:\windows\system32\tmp.reg
2009-02-12 20:06 --d----- C:\Multimedia Files
2009-02-12 20:06 --d----- c:\program files\Microsoft GIF Animator
2009-02-07 17:04 --d----- c:\program files\CS
2009-02-07 17:02 --d----- C:\CrystalSpaceLibs
2009-02-07 16:36 --d----- C:\133ca53c28de759083402cb8
2009-02-07 00:11 --d----- c:\windows\pss
2009-02-05 17:13 --d----- c:\program files\Bishop3D
2009-02-05 16:57 --d----- c:\program files\Lite-C
2009-02-05 16:56 17,408 a------- C:\psapi.dll
2009-02-04 20:14 --d----- c:\windows\wb
2009-02-04 19:34 --d----- c:\program files\UnrealTournament
2009-02-04 18:16 --d----- C:\UnrealTournament
2009-02-04 17:28 --d----- c:\docume~1\owner\applic~1\Wings3D
2009-02-04 16:50 --d----- c:\program files\wings3d_0.99.04a
2009-02-03 20:55 --d----- c:\program files\AVIedit
2009-02-03 20:54 --d----- c:\program files\OpenLibraries
2009-02-03 20:52 --d----- c:\program files\mlt
2009-02-03 20:52 --d----- c:\program files\Jahshaka
2009-02-03 20:52 --d----- c:\program files\gtk2
2009-02-03 13:27 --d----- C:\Counter-Strike Source
2009-02-02 13:02 --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-02-02 13:00 --d----- c:\program files\Prima Games
2009-02-01 23:42 63 a------- c:\windows\3DWarehouseClient.INI
2009-02-01 13:12 --d----- c:\windows\RegisteredPackages
2009-02-01 12:38 --d----- c:\program files\Pure Motion
2009-02-01 12:37 --d----- c:\program files\Sonic Foundry
2009-02-01 12:37 --d----- c:\program files\DebugMode
2009-02-01 11:50 --d----- c:\program files\t@b
2009-01-29 22:13 59,632 a----r-- c:\windows\system32\drivers\qcusbser.sys
2009-01-29 22:05 59,632 a----r-- c:\windows\system32\drivers\qcusbmdm.sys
2009-01-29 21:49 --d----- c:\program files\BitPim

==================== Find3M ====================

2009-02-23 11:28 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-02-07 17:04 86,016 a------- c:\windows\system32\OpenAL32.dll
2009-01-11 18:49 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-01-09 21:49 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-08 19:16 672,166 a--sh--- c:\windows\system32\HRAyaJlm.ini2
2009-01-05 03:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-04 18:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 18:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-01 02:50 5,417 a------- c:\windows\BricoPackFoldersDelete.cmd
2009-01-01 02:49 72,074 a------- c:\windows\BricoPackUninst.cmd
2009-01-01 02:49 218,624 a------- c:\windows\system32\uxtheme.dll
2008-12-27 17:16 286,720 a------- c:\windows\iun506.exe
2008-12-26 07:05 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-25 17:58 732,200 a------- C:\WindowsXP-KB943232-x86-ENU.exe
2008-12-21 04:05 2,678 a------- c:\windows\java\packages\data\TR7N3L37.DAT
2008-12-21 04:05 2,678 a------- c:\windows\java\packages\data\OVTFD317.DAT
2008-12-21 04:05 2,678 a------- c:\windows\java\packages\data\ZFJXBBHF.DAT
2008-12-21 04:05 2,678 a------- c:\windows\java\packages\data\R53T3RN1.DAT
2008-12-21 04:05 2,678 a------- c:\windows\java\packages\data\29N1FLZB.DAT
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-14 03:31 3,828,492 a------- c:\program files\DirectX.cab
2008-12-14 02:42 10,520 a------- c:\windows\system32\avgrsstx(2).dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-03 20:15 2,030,080 a------- c:\windows\system32\python30.dll
2006-12-08 13:16 1,670,936 a------- c:\docume~1\alluse~1\applic~1\dsetup32.dll
2006-12-08 13:16 484,632 a------- c:\docume~1\alluse~1\applic~1\DXSETUP.exe
2006-12-08 13:16 74,520 a------- c:\docume~1\alluse~1\applic~1\DSETUP.dll
2006-09-28 16:22 91,265 a------- c:\program files\OCT2006_xinput_x64.cab
2006-09-28 16:22 49,149 a------- c:\program files\OCT2006_xinput_x86.cab
2006-09-28 16:21 1,413,862 a------- c:\program files\OCT2006_d3dx9_31_x64.cab
2006-09-28 16:21 183,321 a------- c:\program files\OCT2006_XACT_x64.cab
2006-09-28 16:21 138,977 a------- c:\program files\OCT2006_XACT_x86.cab
2006-09-28 16:21 41,996 a------- c:\program files\dxdllreg_x86.cab
2006-09-28 16:21 1,128,177 a------- c:\program files\OCT2006_d3dx9_31_x86.cab
2004-12-07 09:13 1,156,363 a------- c:\program files\BDANT.cab
2004-12-07 09:13 703,080 a------- c:\program files\BDA.cab
2004-12-07 09:13 976,020 a------- c:\program files\BDAXP.cab
2004-12-07 08:47 20,717 a------- c:\program files\DirectX SDK EULA.txt

============= FINISH: 8:00:14.89 ===============

Hello.
Do you also have attach.txt? if so, please post that too. There is one or two things that need to be uninstalled.

thanks i have it but not sure how to attach it, Thanks for your help im gunna talk to my friend whom i bought the pc from and ask what he had on it.But i'd love to now what to remove.

Hello.
I wanted to see it because I see Mcafee is present (and avast! too), running TWO AV's is dangerous because they conflict with each other, and by having two installed, you run the risk on actually having lower security than you would with just one installed. I want to uninstall Mcafee because it's a bigger product than avast! and will save you disc space.

There is also Ask toolbar present, Ask is VERY questionable.

I strongly recommend you to remove Ask from your computer because it's:

• Promoting its toolbars on sites targeted to kids.
  
• Promoting its toolbars through ads that appear to be part of other companies' sites.
  
• Promoting its toolbars through other companies' spyware.
  
• Installing without any disclosure whatsoever and without any consent whatsoever.
  
• Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

See Here for more info.

Oh thank you so much im glad i found this site you guys are awseome.

Heh.
Do you know how to uninstall stuff yourself and what your unstalling? if not, post attach.txt and I'll guide you through it.
There is also two leftovers from a vundo infection we need to fix.

okay thanks i could use some help, also how do i attach it?

Don't need to attach.txt, copy and paste it like you did with DDS.txt.
Split it up into more than one post if needed.

oh i dont see it oh well its okay, will windows uninstaller and ccleaner do it?

Do what?
Actually, forget attach.txt.
Do it this way.

• Open HijackThis
  
• Click "Open the Misc Tools section"
  
• Click "Open Uninstall Manager"
  
• Click "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

This will fit into one post.

okay on sec.

7-Zip 4.62
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
AMR to MP3 Converter 1.2
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Aspell English Dictionary-0.50-2
Avanquest update
avast! Antivirus
AVIedit 3.38
AVS Video Editor 4
AVS4YOU Software Navigator 1.3
Backup Dell-Installed Programs
Bishop3D 1.0.3.4a Beta
Blender (remove only)
Boeing Stratoliner for FSX
Bonjour
CA Yahoo! Anti-Spy (remove only)
Camtasia Studio 6
CDBurnerXP
City Racing
Counter-Strike 1.6
Counter-Strike Source 1.19
CrystalSpace Win32 libraries 1.2_002
DebugMode Wax 2.0
Desolation
Ease Audio Converter 4.80
ExtractNow
FMS
FPS Creator
FPS Creator 1.0.4
FPS Creator Model Pack - 10
FPS Creator Model Pack - 11
FPS Creator Model Pack - 2
FPS Creator Model Pack - 4
FPS Creator Model Pack - 9
Free 3GP Video Converter version 3.1
Free DVD Video Burner version 1.1
Free MP3 WMA WAV Converter v2.0
Free Studio version 4.1
Free Video to DVD Converter version 1.1
Free WMA MP3 Converter
FSX Viper V1.1
GameGain
GIMP 2.6.4
Google Earth
Google SketchUp 6
Google SketchUp 6
Google SketchUp 7
Graboid Video 1.3
Half-Life
Half-Life Model Viewer 1.25
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IcoFX 1.6
iTunes
IZArc 3.81
Jahshaka
Java(TM) 6 Update 11
KLM and Swissair Fokker FVIIb_3m for FSX or FS2004
Lite-C
Luzon Domino Solitaire 1.03
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework SDK (English) 1.1

Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (August 2006)
Microsoft Flight Simulator X Demo
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.6)
mp3-2-wav converter 1.14
MSM2MSI_gstudio
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
msxml4
No Tomorrow
NVIDIA Drivers
OpenAL
OpenLibraries
OpenOffice.org Installer 1.0
Opera 9.60
Pack Vista Inspirat 2 1.0
Paint.NET v3.36
Panda3D 1.5.4
PawnFoX 1.00
Platform Studio 3.2 Standard Edition
Prevx CSI
Project64 1.6
Python 3.0
QuickTime
RealPlayer
RocketDock 1.3.5
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SketchyPhysics2b1
Sony Ericsson PC Suite 3.209.00
Spyware Terminator
Streets of Rage
Super Mario: Blue Twilight DX (v1.04.1)
t@b ZS4 Video Editor v0.958-686
trakAx Movie Mixer (PocketPC) Evaluation Version
Uninstall 1.0.0.1
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6d
Vspainter LE
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinFlip 0.50
Wings 3D 0.99.04a
WinRAR archiver
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar
Yahoo! Widgets
ZoneAlarm Pro

Hello.
Okay, lets remove some of this stuff. Here are the instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Ask Toolbar
  
• McAfee Agent
  
• McAfee VirusScan Enterprise
  
• Prevx CSI
  
• WinRAR archiver <<== see my note below
  

Note:
You have 7zip AND Winrar installed, if you don't use 7zip, uninstall 7zip.
If you don't use Winrar instead, then uninstall Winrar.

Please uninstall the items listed and let me know if you uninstalled Winrar or 7zip.

thanks i got rid of 7zip and the other stuff. Ill reboot later.

Hello.
Now that stuff is gone, lets fix the two vundo leftovers.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Program Files\AskBarDis
  c:\windows\system32\tmp.reg
  c:\windows\system32\HRAyaJlm.ini2
  c:\windows\system32\Agent.OMZ.Fix.exe
  
  :reg
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02282009_091522

Hello.
It didn't fix the files, only the registry part.

Please make sure you have :files on top of the file paths and run OTMoveIt again.

yes we got them,
========== FILES ==========
File/Folder C:\Program Files\AskBarDis not found.
c:\windows\system32\tmp.reg moved successfully.
c:\windows\system32\HRAyaJlm.ini2 moved successfully.
c:\windows\system32\Agent.OMZ.Fix.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02282009_092032

That's it.
Log looked good aside from what we have killed off.

How is the machine now?

much faster and stable no more auto inputs incredible, Thank you so much.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thanks.