Explore topic-wise InterviewSolutions in .

I RECENTLY replaced Avast with Kaspersky Internet Security 2011 and after LEAVING the PC for a while Kaspersky flagged that it had found Backdoor.Win32.Bifrose.cwlo
Quote

Detected (1)   
06/11/2010 17:32:39   Detected   Trojan program Backdoor.Win32.Bifrose.cwlo   C:\Documents and Settings\Cameron\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003f43/POLE.EXE   High   

Deleted (2)   
06/11/2010 17:32:21   Deleted   Trojan program Backdoor.Win32.Bifrose.cwlo   C:\Documents and Settings\Cameron\Local Settings\Google\Chrome\User Data\Default\Cache\f_003f43   High   
06/11/2010 17:32:21   Deleted   Trojan program Backdoor.Win32.Bifrose.cwlo   C:\Documents and Settings\Cameron\Local Settings\Google\Chrome\User Data\Default\Cache\f_003f43/POLE.EXE   High   

Ok. Let's do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file EXTENSIONS, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
*********************************
Clean out your temporary internet files and TEMP files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and SCROLL down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running MOZILLA based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and MALWARE
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

18424 09:15:45 (0) ** WMIDiag v2.0 started on Tuesday, September 14, 2010 at 09:11.
18425 09:15:45 (0) **
18426 09:15:45 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
18427 09:15:45 (0) **
18428 09:15:45 (0) ** This script is not supported under any Microsoft standard support program or service.
18429 09:15:45 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
18430 09:15:45 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
18431 09:15:45 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or PERFORMANCE
18432 09:15:45 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
18433 09:15:45 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
18434 09:15:45 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
18435 09:15:45 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
18436 09:15:45 (0) ** the use of or inability to use the script or documentation, EVEN if Microsoft has been advised
18437 09:15:45 (0) ** of the possibility of such damages.
18438 09:15:45 (0) **
18439 09:15:45 (0) **
18440 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18441 09:15:45 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
18442 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18443 09:15:45 (0) **
18444 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18445 09:15:45 (0) ** Windows XP - No service pack - 32-bit (2600) - User 'D2PGV571\BRETT' on computer 'D2PGV571'.
18446 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18447 09:15:45 (0) ** Environment: ... OK..
18448 09:15:45 (0) ** System drive: ... C: (Disk #0 Partition #1).
18449 09:15:45 (0) ** Drive type: ... IDE (Maxtor 6Y080M0).
18450 09:15:45 (0) ** There are no missing WMI system files: ....................................... ....................................... OK.
18451 09:15:45 (0) ** There are no missing WMI repository files: ....................................... ................................... OK.
18452 09:15:45 (0) ** WMI repository state: ....................................... ....................................... ................. N/A.
18453 09:15:45 (0) ** BEFORE running WMIDiag:
18454 09:15:45 (0) ** The WMI repository has a size of: ....................................... ....................................... ..... 12 MB.
18455 09:15:45 (0) ** - Disk FREE space on 'C:': ....................................... ....................................... ............ 29517 MB.
18456 09:15:45 (0) **   - INDEX.BTR,                     1826816 bytes,      9/14/2010 9:10:23 AM
18457 09:15:45 (0) **   - INDEX.MAP,                     940 bytes,          9/14/2010 9:10:23 AM
18458 09:15:45 (0) **   - OBJECTS.DATA,                  10575872 bytes,     9/14/2010 9:10:23 AM
18459 09:15:45 (0) **   - OBJECTS.MAP,                   5208 bytes,         9/14/2010 9:10:24 AM
18460 09:15:45 (0) ** AFTER running WMIDiag:
18461 09:15:45 (0) ** The WMI repository has a size of: ....................................... ....................................... ..... 12 MB.
18462 09:15:45 (0) ** - Disk free space on 'C:': ....................................... ....................................... ............ 29512 MB.
18463 09:15:45 (0) **   - INDEX.BTR,                     1826816 bytes,      9/14/2010 9:10:23 AM
18464 09:15:45 (0) **   - INDEX.MAP,                     940 bytes,          9/14/2010 9:10:23 AM
18465 09:15:45 (0) **   - OBJECTS.DATA,                  10575872 bytes,     9/14/2010 9:10:23 AM
18466 09:15:45 (0) **   - OBJECTS.MAP,                   5208 bytes,         9/14/2010 9:10:24 AM
18467 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18468 09:15:45 (0) ** Windows Firewall: ....................................... ....................................... ..................... NOT INSTALLED.
18469 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18470 09:15:45 (0) ** DCOM Status: ... OK.
18471 09:15:45 (0) ** WMI registry setup: ....................................... ....................................... ................... OK.
18472 09:15:45 (0) ** WMI Service has no dependents: ....................................... ....................................... ........ OK.
18473 09:15:45 (0) ** RPCSS service: ... OK (Already started).
18474 09:15:45 (0) ** WINMGMT service: ... OK (Already started).
18475 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18476 09:15:45 (0) ** WMI service DCOM setup: ....................................... ....................................... ............... OK.
18477 09:15:45 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 6 WARNING(S)!
18478 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
18479 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
18480 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
18481 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
18482 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
18483 09:15:45 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
18484 09:15:45 (0) ** => WMI System components are not properly registered as COM objects, which COULD make WMI to
18485 09:15:45 (0) **    fail depending on the operation requested.
18486 09:15:45 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE ' command.
18487 09:15:45 (0) **
18488 09:15:45 (0) ** WMI ProgID registrations: ....................................... ....................................... ............. OK.
18489 09:15:45 (0) ** WMI provider DCOM registrations: ....................................... ....................................... ...... OK.
18490 09:15:45 (2) !! WARNING: WMI provider CIM registrations missing for the following provider(s): ...................................... 3 WARNING(S)!
18491 09:15:45 (0) ** - ROOT/INTELNCS, NcsEvent (i.e. WMI Class 'IANet_802dot3VlanEvent')
18492 09:15:45 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
18493 09:15:45 (0) ** - ROOT/INTELNCS, NcsEvent (i.e. WMI Class 'IANet_802dot3TeamEvent')
18494 09:15:45 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
18495 09:15:45 (0) ** - ROOT/INTELNCS, NcsEvent (i.e. WMI Class 'IANet_802dot3AdapterEvent')
18496 09:15:45 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
18497 09:15:45 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers
18498 09:15:45 (0) **    while the CIM registration is wrong or missing. This can be due to:
18499 09:15:45 (0) **    - a de-installation of the software.
18500 09:15:45 (0) **    - a deletion of some CIM registration information.
18501 09:15:45 (0) ** => You can correct the CIM configuration by:
18502 09:15:45 (0) **    - Manually recompiling the MOF file(s) with the 'MOFCOMP ' command.
18503 09:15:45 (0) **    Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
18504 09:15:45 (0) **          (This list can be built on a similar and working WMI Windows installation)
18505 09:15:45 (0) **          The following command line must be used:
18506 09:15:45 (0) **          i.e. 'WMIDiag CorrelateClassAndProvider'
18507 09:15:45 (0) **    - Re-installing the software.
18508 09:15:45 (0) ** => If the software has been de-installed intentionally, then this information must be
18509 09:15:45 (0) **    removed from the WMI repository. You can use the 'WMIC.EXE' command to remove the provider
18510 09:15:45 (0) **    registration data and its set of associated classes.
18511 09:15:45 (0) **    i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\INTELNCS path __Win32Provider Where Name='NcsEvent' DELETE'
18512 09:15:45 (0) **    i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\INTELNCS Class IANet_802dot3AdapterEvent DELETE'
18513 09:15:45 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software,
18514 09:15:45 (0) **    the namespace and ALL its content can be ENTIRELY deleted.
18515 09:15:45 (0) **    i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='INTELNCS' DELETE'
18516 09:15:45 (0) **
18517 09:15:45 (0) ** WMI provider CLSIDs: ....................................... ....................................... .................. OK.
18518 09:15:45 (0) ** WMI providers EXE/DLL availability: ....................................... ....................................... ... OK.
18519 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18520 09:15:45 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
18521 09:15:45 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
18522 09:15:45 (0) **        - REMOVED ACE:
18523 09:15:45 (0) **          ACEType:  &h0
18524 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18525 09:15:45 (0) **          ACEFlags: &h0
18526 09:15:45 (0) **          ACEMask:  &h1
18527 09:15:45 (0) **                    DCOM_RIGHT_EXECUTE
18528 09:15:45 (0) **
18529 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
18530 09:15:45 (0) **    Removing default security will cause some operations to fail!
18531 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
18532 09:15:45 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
18533 09:15:45 (0) **
18534 09:15:45 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
18535 09:15:45 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
18536 09:15:45 (0) **        - REMOVED ACE:
18537 09:15:45 (0) **          ACEType:  &h0
18538 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18539 09:15:45 (0) **          ACEFlags: &h0
18540 09:15:45 (0) **          ACEMask:  &h1
18541 09:15:45 (0) **                    DCOM_RIGHT_EXECUTE
18542 09:15:45 (0) **
18543 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
18544 09:15:45 (0) **    Removing default security will cause some operations to fail!
18545 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
18546 09:15:45 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
18547 09:15:45 (0) **
18548 09:15:45 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
18549 09:15:45 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
18550 09:15:45 (0) **        - REMOVED ACE:
18551 09:15:45 (0) **          ACEType:  &h0
18552 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18553 09:15:45 (0) **          ACEFlags: &h0
18554 09:15:45 (0) **          ACEMask:  &h1
18555 09:15:45 (0) **                    DCOM_RIGHT_EXECUTE
18556 09:15:45 (0) **
18557 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
18558 09:15:45 (0) **    Removing default security will cause some operations to fail!
18559 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
18560 09:15:45 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
18561 09:15:45 (0) **
18562 09:15:45 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ....................................... .............................. MODIFIED.
18563 09:15:45 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
18564 09:15:45 (0) **        - ACTUAL ACE:
18565 09:15:45 (0) **          ACEType:  &h0
18566 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18567 09:15:45 (0) **          ACEFlags: &h2
18568 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
18569 09:15:45 (0) **          ACEMask:  &h1
18570 09:15:45 (0) **                    WBEM_ENABLE
18571 09:15:45 (0) **        - EXPECTED ACE:
18572 09:15:45 (0) **          ACEType:  &h0
18573 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18574 09:15:45 (0) **          ACEFlags: &h12
18575 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
18576 09:15:45 (0) **                    INHERITED_ACE
18577 09:15:45 (0) **          ACEMask:  &h13
18578 09:15:45 (0) **                    WBEM_ENABLE
18579 09:15:45 (0) **                    WBEM_METHOD_EXECUTE
18580 09:15:45 (0) **                    WBEM_WRITE_PROVIDER
18581 09:15:45 (0) **
18582 09:15:45 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
18583 09:15:45 (0) **    This will cause some operations to fail!
18584 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
18585 09:15:45 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
18586 09:15:45 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
18587 09:15:45 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
18588 09:15:45 (0) **       A specific WMI application can always require a security setup different
18589 09:15:45 (0) **       than the WMI security defaults.
18590 09:15:45 (0) **
18591 09:15:45 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ....................................... .............................. MODIFIED.
18592 09:15:45 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
18593 09:15:45 (0) **        - ACTUAL ACE:
18594 09:15:45 (0) **          ACEType:  &h0
18595 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18596 09:15:45 (0) **          ACEFlags: &h2
18597 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
18598 09:15:45 (0) **          ACEMask:  &h1
18599 09:15:45 (0) **                    WBEM_ENABLE
18600 09:15:45 (0) **        - EXPECTED ACE:
18601 09:15:45 (0) **          ACEType:  &h0
18602 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18603 09:15:45 (0) **          ACEFlags: &h12
18604 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
18605 09:15:45 (0) **                    INHERITED_ACE
18606 09:15:45 (0) **          ACEMask:  &h13
18607 09:15:45 (0) **                    WBEM_ENABLE
18608 09:15:45 (0) **                    WBEM_METHOD_EXECUTE
18609 09:15:45 (0) **                    WBEM_WRITE_PROVIDER
18610 09:15:45 (0) **
18611 09:15:45 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
18612 09:15:45 (0) **    This will cause some operations to fail!
18613 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
18614 09:15:45 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
18615 09:15:45 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
18616 09:15:45 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
18617 09:15:45 (0) **       A specific WMI application can always require a security setup different
18618 09:15:45 (0) **       than the WMI security defaults.
18619 09:15:45 (0) **
18620 09:15:45 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ....................................... .............................. MODIFIED.
18621 09:15:45 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
18622 09:15:45 (0) **        - REMOVED ACE:
18623 09:15:45 (0) **          ACEType:  &h0
18624 09:15:45 (0) **                    ACCESS_ALLOWED_ACE_TYPE
18625 09:15:45 (0) **          ACEFlags: &h12
18626 09:15:45 (0) **                    CONTAINER_INHERIT_ACE
18627 09:15:45 (0) **                    INHERITED_ACE
18628 09:15:45 (0) **          ACEMask:  &h13
18629 09:15:45 (0) **                    WBEM_ENABLE
18630 09:15:45 (0) **                    WBEM_METHOD_EXECUTE
18631 09:15:45 (0) **                    WBEM_WRITE_PROVIDER
18632 09:15:45 (0) **
18633 09:15:45 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
18634 09:15:45 (0) **    Removing default security will cause some operations to fail!
18635 09:15:45 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
18636 09:15:45 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
18637 09:15:45 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
18638 09:15:45 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
18639 09:15:45 (0) **       A specific WMI application can always require a security setup different
18640 09:15:45 (0) **       than the WMI security defaults.
18641 09:15:45 (0) **
18642 09:15:45 (0) **
18643 09:15:45 (0) ** DCOM security warning(s) detected: ....................................... ....................................... .... 0.
18644 09:15:45 (0) ** DCOM security error(s) detected: ....................................... ....................................... ...... 3.
18645 09:15:45 (0) ** WMI security warning(s) detected: ....................................... ....................................... ..... 0.
18646 09:15:45 (0) ** WMI security error(s) detected: ....................................... ....................................... ....... 3.
18647 09:15:45 (0) **
18648 09:15:45 (1) !! ERROR: Overall DCOM security status: ....................................... ....................................... .. ERROR!
18649 09:15:45 (1) !! ERROR: Overall WMI security status: ....................................... ....................................... ... ERROR!
18650 09:15:45 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
18651 09:15:45 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ....................................... ....................................... .. 2.
18652 09:15:45 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
18653 09:15:45 (0) **   'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
18654 09:15:45 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
18655 09:15:45 (0) **   'select * from MSFT_SCMEventLogEvent'
18656 09:15:45 (0) **
18657 09:15:45 (0) ** WMI TIMER instruction(s): ....................................... ....................................... ............. NONE.
18658 09:15:45 (0) ** INFO: WMI ADAP status: ....................................... ....................................... ................ 1.
18659 09:15:45 (0) ** => The WMI ADAP process is currently running (1).
18660 09:15:45 (0) **    Some WMI performance classes could be missing at the time WMIDiag was executed.
18661 09:15:45 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: ....................................... ............................. 1 NAMESPACE(S)!
18662 09:15:45 (0) ** - ROOT/SERVICEMODEL.
18663 09:15:45 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
18664 09:15:45 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
18665 09:15:45 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
18666 09:15:45 (0) **    i.e. 'WMIC.EXE /NODE:"D2PGV571" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
18667 09:15:45 (0) **
18668 09:15:45 (0) ** WMI MONIKER CONNECTIONS: ....................................... ....................................... .............. OK.
18669 09:15:45 (0) ** WMI CONNECTIONS: ... OK.
18670 09:15:45 (0) ** WMI GET operations: ....................................... ....................................... ................... OK.
18671 09:15:45 (0) ** WMI MOF representations: ....................................... ....................................... .............. OK.
18672 09:15:45 (0) ** WMI QUALIFIER access operations: ....................................... ....................................... ...... OK.
18673 09:15:45 (0) ** WMI ENUMERATION operations: ....................................... ....................................... ........... OK.
18674 09:15:45 (0) ** WMI EXECQUERY operations: ....................................... ....................................... ............. OK.
18675 09:15:45 (0) ** WMI GET VALUE operations: ....................................... ....................................... ............. OK.
18676 09:15:45 (0) ** WMI WRITE operations: ....................................... ....................................... ................. NOT TESTED.
18677 09:15:45 (0) ** WMI PUT operations: ....................................... ....................................... ................... NOT TESTED.
18678 09:15:45 (0) ** WMI DELETE operations: ....................................... ....................................... ................ NOT TESTED.
18679 09:15:45 (0) ** WMI static instances retrieved: ....................................... ....................................... ....... 604.
18680 09:15:45 (0) ** WMI dynamic instances retrieved: ....................................... ....................................... ...... 0.
18681 09:15:45 (0) ** WMI instance request cancellations (to limit performance impact): ....................................... ............ 0.
18682 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18683 09:15:45 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
18684 09:15:45 (0) **   DCOM: ... 0.
18685 09:15:45 (0) **   WINMGMT: ... 0.
18686 09:15:45 (0) **   WMIADAPTER: ... 0.
18687 09:15:45 (0) **
18688 09:15:45 (0) ** # of additional Event Log events AFTER WMIDiag execution:
18689 09:15:45 (0) **   DCOM: ... 0.
18690 09:15:45 (0) **   WINMGMT: ... 0.
18691 09:15:45 (0) **   WMIADAPTER: ... 0.
18692 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18693 09:15:45 (0) ** WMI Registry key setup: ....................................... ....................................... ............... OK.
18694 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18695 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18696 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18697 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18698 09:15:45 (0) **
18699 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18700 09:15:45 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
18701 09:15:45 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18702 09:15:45 (0) **
18703 09:15:45 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\BRETT\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_D2PGV571_2010.09.14_09.11.33.LOG' for details.
18704 09:15:45 (0) **
18705 09:15:45 (0) ** WMIDiag v2.0 ended on Tuesday, September 14, 2010 at 09:15 (W:87 E:26 S:1).
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the RESULTS of the scan. Please post this log in your next reply.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Quote from: PuB_Evo on October 29, 2010, 07:11:31 PM

I went into MSCONFIG to try and disable UAC, however when I went tools>UAC SETTINGS>launch, it said access denied. I tried doing it through Control Panel>user accounts but it wouldn't save the settings, once I clicked OK, nothing would happen, and if I left it, then went back to it, the setting would then get reverted. My friend said my Administrative privledges are probably corrupt or something similar.

Ok. Please re-enable your emulations drivers as per instructions in Reply # 27.
How is your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

when i close my broswer the screen closes real slow from top to bottom. instead of just closing out. if you know what i mean..

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Hi! Finally back! I called asus tech & asked about recovery console & he took me to the bios to disable BOOT booster, then hit f9 but after about 5 tries & just kept loading windows, he said my partition was gone & needed recovery disc,(which they want 30.for!) can`t believe I didnt get one when I bought it! grrrr! So whaddya think now? Thnx!!It would appear that they have you over a barrel but it would be $30 well-spent.
Hi hun! Yes, they do!lol Well, I guess I don`t have much choice but to order it! That`s how my luck rolls anyway, gettin pretty used to it! lol Thnx again & I guess I`ll be back! Wish I could be of help to someone else but I`m pretty computer stupid! ttys!I'm sorry to hear about that. Didn't you say that your computer doesn't have a disk drive. How is a recovery disk going to help you? Before you leave I would like to give you some information which, I think, will be helpful once you get your computer reformatted.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false VIRUS alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com OPTIONS if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************
Use the Secunia Software Inspector to check for out-of-date software.

•Click Start Now

•Check the BOX next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the LATEST Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
Good Luck!  Hi SD!! WOW! Thanks for all that info! Will definately do that! I DO have another question though just out of curiousity?? Before I have to order the disc from them, I decided to try something so I`m not throwing away 30. (not that its much, but still,lol!) Being as I have no disc drive, I put a copy of recovery disc from the computer I`m on now, (my desktop) different brands,etc. but same os. onto my flashdrive. I went back to notebook,went to the bios & set it to boot from usb. Was just curious if it would read anything or if its gonna work if i get disc?? I`m so confused!!lol Anyway, it didnt work! I`m trying to do test runs first. Is there something I did wrong? I even disabled 2nd & 3rd boot hoping to just read from usb but dumb thing just keeps loading windows??grrrrr Just thought I`d ask!!hehe I`m gonna give you a headache soon, I drove murf nuts with my dads i think but God bless him!!ttys! thnx again!Are you sure that you're saving the changes in the BIOS? Does your BIOS have the option to boot from the usb drive?hi! sorry, been so busy, haven`t been on. Yes, I hit F10 to save all changes after I set it to boot from usb but all it does is flash the cursor? nothing else. My one friend said u cant boot from usb on these computers but I wouldn`t know why if you`re able to set it to do so?? WOW, how confusing! thnx babes!Since you have no disk drive I can't think of any other way the OS could be installed on the computer. You may be able to do a network installation. Your best bet would be to contact the maker of your computer and ask them those questions.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:37:13 PM, on 10/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1264797502\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1264797502\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'Default user')
O8 - Extra CONTEXT menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - TRUSTED Zone: http://*.mcafee.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265487941250
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5885/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, INC. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8884 bytes

THANK YOU !!!You can check it yourself by going to this site.

Quote

It found 3 viruses and it cleaned it. Is it really gone from my computer and could there possibly be more?

Should I disable Windows Essentials AntiVirus and Firewall if I run a 3rd party software? I have Windows XP. I added SuperAntiVirius, ONLINE Armour and Malwarebytes awhle back after I got attacked with MALWARE. This FORUM got me SQUARED away on what to do. Recently I had some issues with OLA so I uninstalled it. I just CHECKED my Windows Security Center and it has firewall and antivirus enabled.

Should I disable the antivirus since I have SuperAntivirus? Could the problem I had with OLA be a result of the Window's firewall being enabled? Thanks.  Where did you get SuperAntiVirius?  Why did you install it when you already had Windows Essentials AntiVirus?  I followed the advice I got here and used a link from here to get SuperAntivirus. I'll have to go back and review the thread to remember the deatils.

I have come on this forum to submit scan logs, have been on XP forum, (Polecat.)  Have done Steps A and B. 1, 2, (not the REGISTRY), 3,4 and 5*.  Am now trying to download HijackThis.msi, but it will not download for me. Therefore I am sending logs of Step3 and STEP4 now. Will keep trying to download HijackThis and will send log if I succeed.

*JAVA is downloaded, but appears not fully so. (will redownload it).


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2010 at 02:06 AM

Application Version : 4.45.1000

Core Rules Database Version : 5794
Trace Rules Database Version: 3606

Scan type       : Complete Scan
Total Scan Time : 01:04:52

Memory items scanned      : 538
Memory threats detected   : 0
Registry items scanned    : 5946
Registry threats detected : 10
File items scanned        : 61479
File threats detected     : 0

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-3848972102-916346316-1962185885-1006\SOFTWARE\FunWebProducts
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5025

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/11/2010 22:05:59
mbam-log-2010-11-02 (22-05-59).txt

Scan type: Quick scan
Objects scanned: 516407
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
I have now downloaded JAVA correctly and removed older versions and run CCleaner.
Have also downloaded HijackThis and renamed it to sniper.exe.
Carried out system scan and have enclosed  the log. 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:35:29, on 03/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\COMODO\COMODO BackUp\COSService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra BUTTON: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - file://C:\DRIVERS\snapsys\HDDDiag\bin\npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{209D9EED-D3DF-4C32-B518-950CEBF198EB}: NameServer = 212.139.132.105 212.139.132.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{209D9EED-D3DF-4C32-B518-950CEBF198EB}: NameServer = 212.139.132.105 212.139.132.107
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Comodo Online Storage Service (COSService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\COSService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: LexBce Server (LexBceS) - LEXMARK International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10007 bytes

The ROOT DIRECTORY of DRIVE C is C:\ - not "the DESKTOP".

How long does it take a virus to corrupt a computer?No such thing. Depends on the virus and what it does. Some can cause major DAMAGE immediately, some trojans will cause problems down the road. Is there a purpose behind the question?Is there a way to protect websites on shared servers when virus protection is not given by the hosting company?  I seem to be continuously hit by them.  Thank you.Lawyer, should start your own topic. But to answer your question quickly it depends on the type of webserver you're using. It's more than likely that the server is getting compromised then getting INFECTED from an outside source. I'd make sure to CHANGE all your passwords and if it happens again send an e-mail to your webserver indicating that there is a security breach on the server and that it should be fixed.

If all else fails switch hosting companies, there are thousands out there that will PROVIDE you with better service.

You can obviously ignore the above post.This is the log from ESETscan ...

I updated my java , and removed the old versions... but i was unable to download the newest version of Adobe Reader .

____________________________

C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\CoreSrv.dll   Win32/Adware.HotBar.E application   cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll   Win32/Adware.HotBar.E application   cleaned by deleting - quarantined
C:\System Volume Information\SystemRestore\FRStaging\Program Files\Hotbar\bin\11.0.78.0\HostOL.dll   Win32/Adware.HotBar.E application   cleaned by deleting - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-51cdfff9   Java/TrojanDownloader.Agent.NBK trojan   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\475ee9f-2a566eb7   multiple threats   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3c071b2a-51ca90db   multiple threats   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-4fb5b306   Java/TrojanDownloader.Agent.NBL trojan   deleted - quarantined
C:\Users\HP User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-57cca50e   Java/TrojanDownloader.Agent.NBM trojan   deleted - quarantined
C:\Users\HP User\Documents\LimeWire\Incomplete\T-5905209-incomplete jyshoun original studio version.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\3lw - ocean.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\about time cassie.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\be next to ya KRYSS ivory.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\belly no banga.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\cassie about time.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Come with me - Sammie.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Day 26 Favorite Girl.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\envy nicki minaj.wma   probably a variant of Win32/TrojanDownloader.Agent.IIYTTCE trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\feel like *censored* plies.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\frankee im leaving.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\incomplete jyshoun [club mix].mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\inessa mad in love with you - greatest hits.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\inessa mad in love with you.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Isley Brothers feat Ronald Isley aka Mr Biggs - Contagious.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\karina pasian the love we got - greatest hits.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\karina pasian the love we got.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\Keyshia Cole - A Different Me - 04 - *censored*.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\kryss ivory next to ya (256k 44800).mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\kryss ivory next to ya.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\let go megan rochell.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\lil wayne colorful clothes [cd rip].mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\lol smiley FACE - ttrey songz new single.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\mad in love with you.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\make a movie plies.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\mario - directions.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\mary j. blige- missing you.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\memories trina.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\next to ya kryss ivory.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\niki minaj click clack.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\questions blaque original studio version.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\questions brandi willams [new album].au   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\street love plies.mp3   WMA/TrojanDownloader.GetCodec.C trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\that aint love myxx - high quality.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\that aint love myxx.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\tlc - greatest hits.wma   WMA/TrojanDownloader.Wimad.N trojan   cleaned by deleting - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\trina Patch.zip   Win32/Delf.NWU trojan   deleted - quarantined
C:\Users\HP User\Documents\LimeWire\Saved\usher - simple things.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
I was able to download the new version of Adobe Reader.As you can see most of your infections came from downloading with Limewire. I hope that you uninstalled it from your computer.

How's your computer working now?yes i did see that ... and i did uninstall it a long while ago ...

it's running fine now ... the internet is freezing up a little bit ... do you think it would help to update my browser ? Quote

do you think it would help to update my browser

• Click on to download the ESET Smart INSTALLER. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

atiedxx.exe

csrss.exe

winlogon.exe 

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel HOOKS << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  Quote

  KillAll::
  
  FCopy::
  C:\Windows\ERDNT\cache\userinit.exe | c:\windows\system32\userinit.exe
  
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Hi,
I have a client with a computer (Dell Vista 32 bit) that was very infected.
I've gone thru the CH process (see attached logs). SAS and MBAM found and cleaned several infections. I believe all is well now except that while surfing to some sites (Adobe downloads for example) both Chrome and IE get redirected to/by "antimalwarelist" showing a screen of a cop with a stop sign and 2 options.
I have not clicked on either option which I know will REINSTALL the Trojans again.
Any help in getting rid of this re-director WOULD be appreciated.

[recovering disk space - old attachment deleted by admin]Sorry. I have just READ the new INSTRUCTIONS on where and how to post logs.
I will post there.
Vlogg5No problem. I'll LOCK this thread.

Hey, I'm starting to get the hang of this computer stuff. I was able to disable StopZilla at startup and tried the ComboFix again. It ran the very first time! This is the log it produced...


ComboFix 10-10-12.03 - Wayne 10/14/2010  17:38:26.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2031.1262 [GMT -5:00]
Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wayne\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\q6m3suwq.vbt
.
---- Previous Run -------
.
c:\windows\system32\ccrpTmr6.dll

.
(((((((((((((((((((((((((   Files Created from 2010-09-14 to 2010-10-14  )))))))))))))))))))))))))))))))
.

2010-10-10 19:10 . 2010-10-10 20:26   --------   d-----w-   c:\documents and settings\Wayne\Local Settings\Application Data\Temp
2010-10-07 00:41 . 2010-10-07 00:41   --------   d-----w-   c:\program files\7-Zip
2010-10-05 18:22 . 2010-10-05 18:22   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Foxit Software
2010-09-29 19:13 . 2010-10-14 22:17   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-09-26 20:50 . 2010-09-26 20:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\PCToolsFirewallPlus
2010-09-26 20:46 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 20:46 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-26 20:45 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 20:44 . 2010-09-26 20:46   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-26 20:44 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-26 20:44 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-26 20:44 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-26 20:44 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-26 20:44 . 2010-09-28 03:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-26 09:53 . 2010-09-26 09:54   --------   d-----w-   c:\program files\CCleaner
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\STOPzilla!
2010-09-25 15:42 . 2010-10-14 22:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\Common Files\iS3
2010-09-25 05:00 . 2010-09-25 05:00   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
2010-09-24 16:25 . 2010-09-25 19:46   --------   d-----w-   c:\program files\UnHackMe
2010-09-24 15:57 . 2010-09-24 16:26   2   --shatr-   c:\windows\winstart.bat
2010-09-24 01:33 . 2010-09-24 01:33   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-09-24 01:26 . 2010-10-12 00:34   16968   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-09-24 01:23 . 2010-09-24 01:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-24 01:23 . 2010-09-24 01:23   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-09-21 06:28 . 2010-10-07 22:26   --------   d-----w-   c:\program files\ESET
2010-09-20 23:08 . 2010-09-20 23:08   546256   ----a-r-   c:\windows\system32\SZComp5.dll
2010-09-20 23:08 . 2010-09-20 23:08   22992   ----a-r-   c:\windows\system32\SZIO5.dll
2010-09-20 23:08 . 2010-09-20 23:08   132560   ----a-r-   c:\windows\system32\IS3HTUI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Svc5.dll
2010-09-20 23:08 . 2010-09-20 23:08   67024   ----a-r-   c:\windows\system32\IS3Hks5.dll
2010-09-20 23:08 . 2010-09-20 23:08   452048   ----a-r-   c:\windows\system32\SZBase5.dll
2010-09-20 23:08 . 2010-09-20 23:08   398800   ----a-r-   c:\windows\system32\IS3DBA5.dll
2010-09-20 23:08 . 2010-09-20 23:08   28624   ----a-r-   c:\windows\system32\IS3XDat5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Inet5.dll
2010-09-20 23:08 . 2010-09-20 23:08   738768   ----a-r-   c:\windows\system32\IS3Base5.dll
2010-09-20 23:08 . 2010-09-20 23:08   390608   ----a-r-   c:\windows\system32\IS3UI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   230864   ----a-r-   c:\windows\system32\IS3Win325.dll
2010-09-16 00:51 . 2010-09-16 00:51   --------   d-----w-   c:\program files\WinPcap

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 19:43 . 2008-09-06 19:16   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 19:43 . 2008-09-06 19:16   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 19:43 . 2008-09-06 19:16   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 19:43 . 2008-09-06 19:16   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 19:43 . 2008-09-06 19:16   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GOOGLE Update"="c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-10 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-11 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2004-05-05 237568]
"EssSpkPhone"="essspk.exe" [2002-05-31 167936]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-20 86016]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-19 805392]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-10-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk]
backup=c:\windows\pss\Cloudmark SpamNet for OE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk]
backup=c:\windows\pss\dpcstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk]
backup=c:\windows\pss\ClickTray Calendar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 11:57 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2008 11:57 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/26/2010 3:45 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/18/2010 7:46 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/18/2010 7:47 PM 308136]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/29/2010 8:14 PM 20072]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/26/2010 3:46 PM 88040]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/26/2010 3:44 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/26/2010 3:44 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/26/2010 3:44 PM 115216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 nuvaudio;Hauppauge WinTV USB Pro Audio Service;c:\windows\system32\DRIVERS\nuvaudio.sys --> c:\windows\system32\DRIVERS\nuvaudio.sys [?]
S3 NuVision;Hauppauge WinTV USB Live Pro;c:\windows\system32\drivers\Nuvision.sys [12/19/2002 3:56 PM 260144]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
S3 USBNDIS;%USBNDIS.Service.DispName%;c:\windows\system32\DRIVERS\usbndis.sys --> c:\windows\system32\DRIVERS\usbndis.sys [?]
S4 DPCUSB;Satellite Receiver USB Driver;c:\windows\system32\Drivers\DPCUSB.sys --> c:\windows\system32\Drivers\DPCUSB.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 19:10]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.ca/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=localhost:8080
IE: Refresh Pa≥ with Full Quality - c:\program files\MTS Accelerator\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\MTS Accelerator\pac-image.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.canoe.ca/home.html
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]\components\PACMozComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-TPSvc - TPSvc.dll
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\documents and settings\Wayne\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}*]
"WE6X3HNHJXRI2CPMH2OUMP32VF1"=hex:01,00,01,00,00,00,00,00,6d,db,9e,e2,89,b8,a5,
   65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\program files\KMaestro\HidKeybd.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\System32\locator.exe
c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\essspk.exe
c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
COMPLETION time: 2010-10-14  18:09:12 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-14 23:08

Pre-Run: 275,573,174,272 bytes free
Post-Run: 275,562,561,536 bytes free

- - End Of File - - DB88A25472011ED62CAB7C60CB122CBB
Jacked again. Ran the OTL scan (Minimal Output, LOP & Purity checked)

OTL logfile created on: 10/14/2010 10:15:19 PM - Run 9
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 256.63 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-X35LSKRDA | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\MTS Accelerator\PropelAC.exe (Propel Software Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (BTC)
PRC - C:\WINDOWS\essspk.exe ()
PRC - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\KMaestro\HidKeybd.dll (BTC)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBNDIS) -- C:\WINDOWS\System32\DRIVERS\usbndis.sys File not found
DRV - (nuvaudio) -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\Drivers\LMouKE.sys File not found
DRV - (LHidUsbK) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys File not found
DRV - (Dual Mode) -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys File not found
DRV - (DPCUSB) -- C:\WINDOWS\System32\Drivers\DPCUSB.sys File not found
DRV - (CoachUsb) -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (eMPIA Technology, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (NuVision) -- C:\WINDOWS\system32\drivers\Nuvision.sys (Hauppauge Computer Works)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Edspport) -- C:\WINDOWS\system32\drivers\es56hpi.sys (ESS Technology, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (VIAPFD) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (ViaIde) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (SnapTHN) -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS (Play Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]
 
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/14 21:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/14 21:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/10/14 17:53:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files\MTS Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\MTS Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\aptera.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\aptera.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [ = ComFile] -- "%1" %*
O37 - HKLM\...exe [ = exefile] -- "%1" %*
O37 - HKCU\...exe [ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/10/14 18:21:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/14 17:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/14 17:35:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 20:52:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 20:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/11 23:42:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/10 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Temp
[2010/10/10 00:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Art Stuff
[2010/10/10 00:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop Nudes
[2010/10/10 00:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Fixed Folder
[2010/10/10 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\MyStuff
[2010/10/10 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Recipes
[2010/10/10 00:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Temp Pics
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Video Editing
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/10/14 22:15:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/14 22:04:38 | 000,000,303 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/14 22:03:51 | 000,100,660 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy.jpg
[2010/10/14 18:18:39 | 066,317,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/14 18:10:29 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/14 17:54:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 17:53:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/14 17:52:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 14:15:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/14 01:23:39 | 001,066,274 | ---- | M] () -- C:\WINDOWS\aptera.bmp
[2010/10/13 20:12:07 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
[2010/10/12 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/12 00:58:10 | 000,001,257 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/11 19:34:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/10 15:26:55 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 15:26:55 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 13:33:15 | 000,736,854 | ---- | M] () -- C:\WINDOWS\CNorris.bmp
[2010/10/09 23:20:30 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/10/14 18:09:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/14 17:35:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/14 17:35:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 19:52:30 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
[2010/10/13 16:13:31 | 001,066,274 | ---- | C] () -- C:\WINDOWS\aptera.bmp
[2010/10/10 15:26:55 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 15:26:54 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 14:10:50 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/10 14:10:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/10 13:29:25 | 000,736,854 | ---- | C] () -- C:\WINDOWS\CNorris.bmp
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,303 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,257 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/08 04:14:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv
 
========== LOP Check ==========
 
[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/14 22:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/14 17:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/10/10 14:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >
I've sent a pm to my mentor to look at this problem but it may take a few days for him to respond.I hope this is not too much of an inconvience to you.
SuperDave, no inconvience at all. You have been more than patient. I can wait.

WayneYour comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.I would not insult the intelligence of the kind people on this site, who volunteer their precious time and knowledge, by not doing as much as possible, to remedy the problem myself, using the self help posted here.Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox browser windows are closed.
• To run the tool, DOUBLE-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

• Click the CleanUp BUTTON.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

You need to use Notepad.
To open Notepad, click Start, point to All Programs, point to Accessories, and then click Notepad.    
Thanks SuperDave, I got the report into notepad so here GOES... OK.



[recovering disk SPACE - old attachment deleted by admin]I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

I don't know if it would've actually affected Combofix or not, but I wasn't able to really disable AVG. I tried following the appropriate steps but it wouldn't let me disable anything. So I tried uninstalling it but that just failed multiple times. So I tried just deleting it which didn't quite work either (1 file wasn't able to be deleted). Just thought I'd add that incase it was important.You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
************************************

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and COPY/paste the text in the quotebox below into it:
  Quote

  KillAll::
  
  Driver::
  DFBCFDBA
  
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was

Sometimes programs like Internet Explorer or iTunes randomly decide to crash. Also, if I click the button on my mouse that brings up the magnifying glass tool, everything pauses and the screen goes black for about a second before going back to normal. Those small issues are the only ones I'm noticing though.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Glad it GOT resolved.

When you see the error again, make SURE you STOP using the computer and come BACK here as it may be a SIGN that your hard drive is failing.

Before doing this, could we try and understand what all this will be doing to the computer? Like those 3 things you say to put a checkmark by. We want to make sure this will not cause me to not be able to do certain things anymore with any of my accounts. Those are my useraccounts I use on Funtrivia. Funtrivia is a website that I make quizzes on. So, I want to make sure I wont be accidently removing any of my quizzes I've made.


Yes, I did report to you what is going on. The long list of problems is STILL happening. Sorry if we are misunderstanding something here.
Everyones computer is set up different so if I am asking you to do something that does not sound right then I don't mind you making sure I'm not going the wrong direction

Quote

# N3 - Netscape 7: user_pref(\"browser.startup.homepage\", \"http://www.funtrivia.com\"); (C:\Documents and Settings\AMYR\Application Data\Mozilla\Profiles\default\3c1q6q2g.slt\prefs.js)
# N3 - Netscape 7: user_pref(\"browser.search.defaultengine\", \"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src\"); (C:\Documents and Settings\AMYR\Application Data\Mozilla\Profiles\default\3c1q6q2g.slt\prefs.js)

Fix This! -> F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,SKEYS /I

Everyones computer is set up different so if I am asking you to do something that does not sound right then I don't mind you making sure I'm not going the wrong direction

I have never seen an entry in a HJT log like this. You can skip that part if you are sure it is needed but you do need to be sure to fix the other entry.

HijackThis N1, N2, N3, N4 Sections


These sections are for Netscape and Mozilla Browsers Start and default search pages.

These entries are stored in the prefs.js files stored in different places under the C:\Documents and Settings\YourUserName\Application Data folder. Netscape 4's entries are stored in the prefs.js file in the program directory which is generally, DriveLetter:\Program Files\Netscape\Users\default\prefs.js.

N1 corresponds to the Netscape 4's Startup Page and default search page.

N2 corresponds to the Netscape 6's Startup Page and default search page.

N3 corresponds to Netscape 7' Startup Page and default search page.

N4 corresponds to Mozilla's Startup Page and default search page.

Files Used: prefs.js

The other thing, I'm trying to understand what all the Combofix does. One of the things I noticed it says Windows Vista, and I don't have Windows Vista. So, will it even work?

Also, have had problems with other programs in the past like Ccleaner erasing important stuff because we didn't understand what exactly the files are.

Looking at the word REG sounds like it has something to do with the Registry, which we are a bit worried about doing things to the Registry since we don't understand it at all and the repairmen we have used in the past have all warned us too about not messing with the Registry.

First, trust Evilfantasy. He knows what he's doing. Why do you think he is a Malware Removal Specialist? He deals with HijackThis every day on dozens of computers.
Second, trust me for telling you to trust him.
Third, Everything you do involves the registry in some way. All HijackThis does is scan through the registry to look for potential security threats, which you can choose to eliminate.
If it's any consolation, I've used HiJackThis, and I run scans every few weeks to see if anything is out of line.


From where I see it, you have two choices. End this topic and keep your computer at risk of attack, or end your fussing and eliminate the security risk.

From where I see it, you have two choices. End this topic and keep your computer at risk of attack, or end your fussing and eliminate the security risk.

Only report to me what problems you are having at this immediate moment, things that were happening does me no good.

ComboFix 09-06-26.02 - XP User 06/27/2009 19:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.227 [GMT -4:00]
Running from: c:\documents and settings\XP User\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 02:41 . 2009-06-27 02:41--------d-----w-c:\documents and settings\XP User\WINDOWS
2009-06-26 08:25 . 2009-06-26 08:25--------d-----w-c:\documents and settings\LocalService\Application Data\SACore
2009-06-26 02:25 . 2009-06-26 02:25--------d-----w-c:\program files\Windows Doctor
2009-06-26 01:39 . 2009-06-26 01:39--------d-----w-c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-26 01:39 . 2009-06-26 01:39--------d-----w-c:\program files\SiteAdvisor
2009-06-26 01:31 . 2009-06-26 01:32--------d-----w-c:\program files\McAfee.com
2009-06-26 01:14 . 2009-06-27 02:39--------dc----w-c:\windows\system32\dllcache\cache
2009-06-25 23:26 . 2009-06-27 22:59--------d-----w-c:\windows\system32\CatRoot2
2009-06-25 22:28 . 2009-05-14 03:2540552----a-w-c:\windows\system32\DRIVERS\mfesmfk.sys
2009-06-25 22:28 . 2009-05-14 03:2579816----a-w-c:\windows\system32\drivers\mfeavfk.sys
2009-06-25 22:28 . 2009-05-14 03:2535272----a-w-c:\windows\system32\drivers\mfebopk.sys
2009-06-25 22:28 . 2009-04-09 18:23120136----a-w-c:\windows\system32\drivers\Mpfp.sys
2009-06-25 22:26 . 2009-06-26 01:32--------d-----w-c:\program files\Common Files\McAfee
2009-06-25 22:25 . 2009-06-26 01:38--------d-----w-c:\program files\McAfee
2009-06-25 22:24 . 2009-05-14 03:2434248----a-w-c:\windows\system32\drivers\mferkdk.sys
2009-06-25 22:21 . 2009-06-26 02:21--------d-----w-c:\documents and settings\All Users\Application Data\McAfee
2009-06-25 22:09 . 2009-06-25 22:09--------d-----w-c:\documents and settings\All Users\Application Data\Geek Squad

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 00:03 . 2008-07-13 02:27--------d-----w-c:\documents and settings\XP User\Application Data\LimeWire
2009-06-25 23:51 . 2008-07-13 02:02--------d-----w-c:\program files\Common Files\Symantec Shared
2009-06-25 23:50 . 2008-07-13 02:03--------d-----w-c:\program files\Symantec
2009-06-25 23:50 . 2008-07-13 02:02--------d-----w-c:\documents and settings\All Users\Application Data\Symantec
2009-06-25 23:18 . 2008-08-23 14:53--------d-----w-c:\program files\iTunes
2009-05-14 03:25 . 2008-06-27 10:08214024----a-w-c:\windows\system32\drivers\mfehidk.sys
2009-05-07 15:44 . 2004-08-10 12:00344064----a-w-c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 12:00827392----a-w-c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 12:0078336----a-w-c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-10 12:001846656----a-w-c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 12:00584192----a-w-c:\windows\system32\rpcrt4.dll
2009-04-06 04:07 . 2008-07-12 20:4290112----a-w-c:\windows\DUMP62e0.tmp
.

((((((((((((((((((((((((((((( [emailprotected]_02.38.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 02:41 . 2007-11-30 12:3917272 c:\windows\system32\spmsg.dll
+ 2008-07-13 02:41 . 2008-07-09 07:3817272 c:\windows\system32\spmsg.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5644544 c:\windows\system32\pngfilt.dll
- 2004-08-10 12:00 . 2009-02-20 18:0944544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 12:00 . 2009-06-27 22:5946450 c:\windows\system32\perfc009.dat
- 2004-08-10 12:00 . 2009-06-27 02:3246450 c:\windows\system32\perfc009.dat
- 2007-08-13 22:54 . 2009-02-20 18:0952224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2009-04-29 04:5552224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5527648 c:\windows\system32\jsproxy.dll
- 2004-08-10 12:00 . 2009-02-20 18:0927648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 22:39 . 2009-04-28 09:0513824 c:\windows\system32\ieudinit.exe
- 2007-08-13 22:39 . 2009-02-20 10:2013824 c:\windows\system32\ieudinit.exe
- 2004-08-10 12:00 . 2009-02-20 18:0944544 c:\windows\system32\iernonce.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5544544 c:\windows\system32\iernonce.dll
- 2004-08-10 12:00 . 2009-02-20 10:2070656 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 12:00 . 2009-04-28 09:0570656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 22:36 . 2009-04-29 04:5563488 c:\windows\system32\icardie.dll
- 2007-08-13 22:36 . 2009-02-20 18:0963488 c:\windows\system32\icardie.dll
- 2004-08-10 12:00 . 2009-02-20 18:0944544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5644544 c:\windows\system32\dllcache\pngfilt.dll
- 2008-07-30 21:22 . 2009-02-20 18:0952224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-07-30 21:22 . 2009-04-29 04:5552224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-10 12:00 . 2009-02-20 18:0927648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5527648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-07-30 21:22 . 2009-02-20 10:2013824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-07-30 21:22 . 2009-04-28 09:0513824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-10 12:00 . 2009-02-20 18:0944544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5544544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-10 12:00 . 2009-02-20 18:0978336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 12:00 . 2009-04-29 04:5578336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-10 12:00 . 2009-02-20 10:2070656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 12:00 . 2009-04-28 09:0570656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-07-30 21:22 . 2009-02-20 18:0963488 c:\windows\system32\dllcache\icardie.dll
+ 2008-07-30 21:22 . 2009-04-29 04:5563488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-27 02:39 . 2005-06-10 23:5357856 c:\windows\system32\dllcache\cache\spoolsv.exe
- 2009-06-26 02:24 . 2009-06-27 00:3232768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-26 02:24 . 2009-06-27 19:2332768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-26 02:24 . 2009-06-27 19:2316384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-26 02:24 . 2009-06-27 00:3216384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-26 02:24 . 2009-06-27 00:3232768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-26 02:24 . 2009-06-27 19:2332768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-27 19:30 . 2009-02-20 18:0944544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-27 19:31 . 2009-02-20 18:0952224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-27 19:31 . 2009-02-20 18:0927648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-27 19:31 . 2009-02-20 10:2013824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-27 19:31 . 2009-02-20 18:0944544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-27 19:31 . 2009-02-20 18:0978336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-27 19:31 . 2009-02-20 10:2070656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-27 19:31 . 2009-02-20 18:0963488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
- 2006-10-16 10:21 . 2008-04-17 10:37351744 c:\windows\system32\xpsp3res.dll
+ 2006-10-16 10:21 . 2009-04-15 09:24351744 c:\windows\system32\xpsp3res.dll
- 2004-08-10 12:00 . 2009-02-20 18:09233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56105984 c:\windows\system32\url.dll
- 2004-08-10 12:00 . 2009-02-20 18:09105984 c:\windows\system32\url.dll
- 2004-08-10 12:00 . 2009-06-27 02:32366876 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2009-06-27 22:59366876 c:\windows\system32\perfh009.dat
- 2004-08-10 12:00 . 2009-02-20 18:09102912 c:\windows\system32\occache.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56102912 c:\windows\system32\occache.dll
- 2004-08-10 12:00 . 2009-02-20 18:09671232 c:\windows\system32\mstime.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56671232 c:\windows\system32\mstime.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56193024 c:\windows\system32\msrating.dll
- 2004-08-10 12:00 . 2009-02-20 18:09193024 c:\windows\system32\msrating.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56477696 c:\windows\system32\mshtmled.dll
- 2004-08-10 12:00 . 2009-02-20 18:09477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2009-02-20 18:09459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 22:54 . 2009-04-29 04:55459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:34 . 2009-02-20 18:09268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2009-04-29 04:55268288 c:\windows\system32\iertutil.dll
- 2004-08-10 12:00 . 2009-02-20 18:09385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 16:27 . 2009-02-20 18:09383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 16:27 . 2009-04-29 04:55383488 c:\windows\system32\ieapfltr.dll
- 2004-08-10 12:00 . 2009-02-20 05:14161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 12:00 . 2009-04-25 05:26161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55230400 c:\windows\system32\ieaksie.dll
- 2004-08-10 12:00 . 2009-02-20 18:09230400 c:\windows\system32\ieaksie.dll
- 2004-08-10 12:00 . 2009-02-20 18:09153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55153088 c:\windows\system32\ieakeng.dll
- 2008-07-12 20:51 . 2009-04-04 21:25112584 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-12 20:51 . 2009-06-27 19:51112584 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 12:00 . 2009-04-29 04:55133120 c:\windows\system32\extmgr.dll
- 2004-08-10 12:00 . 2009-02-20 18:09133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55214528 c:\windows\system32\dxtrans.dll
- 2004-08-10 12:00 . 2009-02-20 18:09214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55347136 c:\windows\system32\dxtmsft.dll
- 2004-08-10 12:00 . 2009-02-20 18:09347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56827392 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-10 12:00 . 2009-02-20 18:09233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56105984 c:\windows\system32\dllcache\url.dll
- 2004-08-10 12:00 . 2009-02-20 18:09105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 12:00 . 2009-04-15 15:11584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-10 12:00 . 2007-07-09 13:09584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 12:00 . 2009-02-20 18:09102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 12:00 . 2009-02-20 18:09671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 12:00 . 2009-02-20 18:09193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 12:00 . 2009-04-29 04:56477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-10 12:00 . 2009-02-20 18:09477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-07-30 21:22 . 2009-04-29 04:55459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-07-30 21:22 . 2009-02-20 18:09459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-10 12:00 . 2009-05-07 15:44344064 c:\windows\system32\dllcache\localspl.dll
+ 2008-07-13 01:24 . 2009-04-25 05:27636088 c:\windows\system32\dllcache\iexplore.exe
+ 2008-07-30 21:22 . 2009-04-29 04:55268288 c:\windows\system32\dllcache\iertutil.dll
- 2008-07-30 21:22 . 2009-02-20 18:09268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-10 12:00 . 2009-02-20 18:09385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-07-30 21:22 . 2009-02-20 18:09383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-07-30 21:22 . 2009-04-29 04:55383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-10 12:00 . 2009-02-20 05:14161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-10 12:00 . 2009-04-25 05:26161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-10 12:00 . 2009-02-20 18:09230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-10 12:00 . 2009-02-20 18:09153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-10 12:00 . 2009-02-20 18:09133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-10 12:00 . 2009-02-20 18:09214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 12:00 . 2009-02-20 18:09347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-06-27 02:39 . 2008-04-14 00:12507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 02:39 . 2007-03-08 15:36577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-10 12:00 . 2009-02-20 18:09124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 12:00 . 2009-04-29 04:55124928 c:\windows\system32\advpack.dll
- 2004-08-10 12:00 . 2009-02-20 18:09124928 c:\windows\system32\advpack.dll
+ 2009-06-27 19:30 . 2009-03-03 00:18826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-27 19:30 . 2009-02-20 18:09233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-27 19:30 . 2009-02-20 18:09105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-27 19:31 . 2008-07-09 07:38382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-27 19:31 . 2008-07-09 07:38231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-27 19:30 . 2009-02-20 18:09102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-27 19:30 . 2009-02-20 18:09671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-27 19:30 . 2009-02-20 18:09193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-27 19:30 . 2009-02-20 18:09477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-27 19:31 . 2009-02-28 04:54636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-27 19:31 . 2009-02-20 18:09268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-27 19:31 . 2009-02-20 05:14161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-27 19:31 . 2009-02-20 18:09124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2004-08-10 12:00 . 2009-04-29 04:561159680 c:\windows\system32\urlmon.dll
+ 2004-08-10 12:00 . 2009-04-29 04:563596288 c:\windows\system32\mshtml.dll
- 2007-08-13 22:54 . 2009-02-20 18:096066176 c:\windows\system32\ieframe.dll
+ 2007-08-13 22:54 . 2009-04-29 04:556066176 c:\windows\system32\ieframe.dll
+ 2004-08-10 12:00 . 2009-04-17 09:581846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-10 12:00 . 2009-04-29 04:561159680 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 12:00 . 2009-04-29 04:563596288 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-30 21:22 . 2009-04-29 04:556066176 c:\windows\system32\dllcache\ieframe.dll
- 2008-07-30 21:22 . 2009-02-20 18:096066176 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-27 02:39 . 2007-06-13 10:231033216 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-27 19:30 . 2009-02-20 18:091160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-27 19:30 . 2009-02-20 18:093595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-27 19:31 . 2009-02-20 18:096066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-27 19:31 . 2008-07-09 14:252455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-11-16 88209]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication PackagesREG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/25/2009 9:38 PM 203280]
S3 DCamUSBTP10;Cam IV;c:\windows\system32\drivers\TP6810.SYS [7/24/2008 3:52 PM 240584]
.
Contents of the 'Scheduled Tasks' folder

2008-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-26 12:57]

2009-06-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-26 12:57]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://70.46.125.59/WebDiginet.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 19:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4008)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-06-27 19:10
ComboFix-quarantined-files.txt 2009-06-27 23:10
ComboFix2.txt 2009-06-26 01:15

Pre-Run: 67,797,995,520 bytes free
Post-Run: 67,864,244,224 bytes free

292--- E O F ---2009-06-27 19:58

I don't see anything malware related now.

How is the computer running?

----------


• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

computer keeps shutting off randomly

c:\program files\Windows Doctor

• Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete the 'Norton_Removal_Tool' from your desktop.

WARNING New scam targets User Forums.. activationlink.co

A new user will ch eck in with something LIKE this:

Hello, I dont know if I am writing in a proper board but I have got a problem with activation,
link is not working... http: // activationlink.co/,

DO NOT try the link. (I broke it on purpose.)
The user names changes, but the text is the same.err- a scam gets money from the victim- this seems to be SPAM.I'm not able to investigate the link right now but what is the exploit?I saw that on in a advertisement it crashed my browser. DONT GO THERE!Is that the right link?

hxxp://activationlink.com

Not finding it in any of the databases.

http://www.mywot.com/en/scorecard/www.activationlink.com
https://safeweb.norton.com/report/show?url=activationlink.com&x=12&y=11
http://www.siteadvisor.com/lookup/?q=activationlink.com

Appears clean. http://unmaskparasites.com/security-report/Can't find out what it is because it somehow is very clever.
If will show up on forums using PHP. The would include this forum. I found it on a a site using SMF. The are dozens, maybe hundreds of sites getting this post. I think it is called a

Santy Worm

But I don't have enough knowledge to confirm this. It attacks PHP code

There is no such site.
I used Sandboxie and visited. It's just a generic search provider hosted on Godaddy servers. Didn't have time to look around too much but I never was able to find anything malicious.

www.sandboxie.com <- Great for investigating malicious sites.

I think it's just a spammer trying to generate traffic.Quote

It's just a generic search provider

Ok I have a Dell Desktop that I've owned for 2, maybe 3 years. Always worked fine no major problems until recently. My cpu started freezing up during startup. I WOULD log on and it would start to load my desktop and programs and halfway through it would freeze. I ran a few programs in safe mode and now can start the CPU but if i plug in my wireless adapter and try to connect to the internet my cpu will freeze. I use Mozilla firefox. I can run firefox in "safemode with networking" which I am doing now.
Any help is appreciated as I know little to nothing about spyware, viruses, ETC. I just try and run the popular anti-virus, spyware, etc programs for my "protection". I know nothing about fixing cpu problems. Thanks guys!!Have you tried "last known good configuration"?

What avtivirus program(s) do you have?

Did you make any changes (like downloading a file) recently?i have these programs:

avast antivirus
advanced system care
mal-warebyte antimalware
spybot search and destroy



i tried the last know good config and that also froze. my CPU has been acting this way for atleast a month. Open up your case and CHECK for dust.....use compressed air..........sounds like you are overheating......check your fans and heatsink for dirt and operation.

http://www.professormesser.com/2008/03/24/keeping-things-clean/really overheating? my CPU will run fine in normal mode as long as I don't try to connect to the internet. can dust really cause this problem? i will clean my CPU tomorrow ASAP. i still think its a hardware problem, either a virus or something along those lines but i can easily be wrong. i downloaded and ran Hijack this. here is the log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:36 AM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\MICROSOFT\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: DIGITAL Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210395714937
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6808 bytes

So i downloaded Malwarebytes Malware remover and its on my desktop, and all of the files appear to be present, but every time i click the icon or try to open the file, nothing happens...at all.. i believe that it may be because of some kind of virus affecting my registry or something im not EXACTLY sure.... I also cannot run Disk Defragmenter (every time i click analyze or defrag it pops up a window saying "Disk Defragmenter could not start") and cannot go to certain websites such as malwarebytes.org.....many of them simply say "Internet Explorer cannot display the webpage."

Please HELP!! hi ur prob might b same as mine (SEE post below) if i get ne response i will let u no.Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
  
• Then search for TDSSserv.sys
  
• Let me know if you find this or not.
• If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
  
• Also if this is found and you disable it.
• Now reboot and see if you can run the other scans that would not run.

Hey, does anyone have problems with malwarebytes DESTROYING the drivers for your cd rom or dvd rom? Or keeps you from connecting to the internet with on one of your users?

I was unsure where I needed to post this, but here it is.
I was having TROUBLE... I'll check back here soon to SEE what you guys have to say.
Thanks.

[attachment deleted by admin]Harry , you should not pass judgement on people like that.....I had a client who had 240 trojans on her pc, and she was getting hundreds of popups an hour relating to *censored* sites........yet she had never been to a PORN site. All her problems originated from using a pirated copy of XP, whose origin I won't mention.......She is now HAPPILY using Ubuntu, and no more popups.sorry removed

Ok...a couple days ago I had to format my C and reinstall windows xp pro. One of the first things I did was install windows update and get sp2. Then reinstalled AVG Malwarebytes and Opera. Last night I discovered I needed to get the .net frame for another program I run.
I cant get to any part of the Microsoft domain using either Opera or IE6.
Installing IE8 via yahoo failed.
Uninstalling AVG doesnt fix it. There are no blocked sites listed anywhere I can find in Opera or IE.
I can go anywhere else I want.
Others reach the site fine and I can reach it fine on my laptop, so its not a router issue I guess.
There is no SAS log as I cant get to the site to download it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:40 PM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Opera\Opera.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-1214440339-1604221776-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1214440339-1604221776-725345543-1003\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245972850194
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - SUN Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5238 bytes

===========================================
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 2

6/26/2009 2:58:37 PM
mbam-log-2009-06-26 (14-58-37).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 130513
Time elapsed: 1 hour(s), 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data ITEMS Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\DavidG\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Thank you for you help




Are you sure you reinstalled or just recopied the files? Some name brand computers have either a copy windows files over setting or a destructive setting. You may not have set it to format the hdd.Paudash, he has Virut...he has to reformat/reinstall.Its not a brand name, I built it from parts. It was fully formatted, not the quick version either.
While Ive been waiting, I used the self help and searched the hjt log. It doesnt show any issues. It doesnt seem to notice that my windows firewall is in fact turned on. I can get to microsoft sites now after scanning the drives multiple times, but its still obvious something is wrong. David, you have a variant of virut.

C:\WINDOWS\system32\reader_s.exe (Trojan.Agent)


You can search Virut on this forum, and you'll see evilfantasy recommends wiping the hard drive and reinstall XP.

You cannot remove this malware, it replicates as quickly as you can remove it.

Evilfantasy will confirm this for you.Good eye Karnac.

The logs show that you are infected by an infection called Virut or Sality. Virut/Sality is a virus that infects all executable files and screensavers. Virut also opens a back door providing the attacker with unauthorized remote access to the infected computer. Definition: Polymorphic virus.

There is no way to cure this infection. Your only option is to perform a full reformat. Do NOT attempt a repair install. Trying to fix this infection will only leave the computer unusable. See Virut on the Rise and Virut and other File infectors - Throwing in the Towel? for more information.

Note that if you decide to try and clean this you must be extremely careful on what is backed up as these new infections can get into many different file extensions ( DLL, EXE, SCR, HTM, HTML, MP3, AVI, WMV, PDF.....etc). A complete reformat and reinstall is highly suggested! Avoid backing up compressed files (zip/cab/rar.....etc). Virut can also penetrate compressed files that have .exe or .scr inside them.

Backing up files before formatting

If you backup any files they should be scanned from a clean properly protected PC before restoring. Also be careful what scanner is used as some are very poor at detecting and even worse at protecting from this infection. In fact due to the nature of these new infections there are probably no tools that will properly protect you from the infection. Be very selective and only backup files you can not replace like TEXT documents and personal photos.

Do not back up to another machine! It will likely become infected by Virut. Burn to DVD/CD, a flash drive or to an external drive which has nothing else on it and which you can format should it become infected from the backups.

I suggest running at least 3 of the below scanners on the backup files. Run the first scan then reboot before running the second then reboot after the second before running the third.

-) Dr.Web CureIt!
-) AVG Win32/Virut Removal Tool
-) Symantwc W32.Virut Removal Tool
-) McAfee Avert Stinger
-) Microsoft Windows Malicious Software Removal Tool

If you do not know how to perform a fresh install, use this website -> http://www.windowsreinstall.com/

Very important, do the following immediately or as soon as possible!

If you have done any online transactions, call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts and/or change all of your account numbers.

From a clean computer change all of your online passwords including for email, banks, financial accounts, PayPal, eBay, online credit card companies and any online forums or groups you belong to etc.

DO NOT change passwords or do any transactions while using the infected computer. The attacker will get the new passwords and TRANSACTION information.

hiii geeks i have 2 probs one is trojan virus and another is no POST or no BOOT sound.

Virus :

my systems are infected by some trojon virus. Wats the problem is if a folder is opened an exe file containing the folders name or a word DOCUMENT containing the folders name is being created. It makes the computer tooo slow and Net connection also too slow......can one pls SUGGEST me gud anti virus to get away from this.....
i tried Avast, Avira, MCAfee, Kaspersky ,etc etc.....but no solution i would be thk FUL if anyone GIVES me a permanent solution.....i also tried formatting, but when i back up the files the virus comes inside again............Did you try any of the antivirus programs while booted from Safe Mode?We are not geeks! (Hugs computer)Quote

Avast, Avira, MCAfee, Kaspersky

no POST

2 weeks ago i was having time/date reset to september 2020 everytime i boot my PC. back then i thought it was a virus/malware problem but my avg antivirus cannot see it. this week i started to have the error missing file msnmgnr.exe after my pc starts. then i started reading about that file and realized its in fact a virus. i found out that the file msnmgnr.exe in fact causes the date reset i experienced 2 weeks ago. however, i wasnt able to find a clear fix over the net for my problem. i need help. the necessary logs are found below. thanks.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2009 at 01:35 AM

Application Version : 4.26.1004

Core Rules Database Version : 3930
Trace Rules Database Version: 1873

Scan type : Complete Scan
Total Scan Time : 01:02:37

Memory items scanned : 450
Memory threats detected : 0
Registry items scanned : 6375
Registry threats detected : 29
File items scanned : 93254
File threats detected : 6

Trojan.Downloader-Gen/FotoMoto
HKLM\Software\Classes\CLSID\{733716E1-76D2-4003-AC39-845281C0EF85}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{733716E1-76D2-4003-AC39-845281C0EF85}
HKCR\CLSID\{733716E1-76D2-4003-AC39-845281C0EF85}
HKCR\CLSID\{733716E1-76D2-4003-AC39-845281C0EF85}\ProgID
HKCR\CLSID\{733716E1-76D2-4003-AC39-845281C0EF85}\Programmable
HKCR\CLSID\{733716E1-76D2-4003-AC39-845281C0EF85}\TypeLib
HKCR\CLSID\{733716E1-76D2-4003-AC39-845281C0EF85}\VersionIndependentProgID

Adware.MyWebSearch
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Adware.HotBar/ShopperReports (Low Risk)
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Unclassified.Unknown Origin
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
E:\DOWNLOADS\MISC\COLLAGE MAKER\KEYGEN.NFO
E:\DOWNLOADS\MISC\KEYGEN.NFO

Adware.Zango/ShoppingReport
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\S-1-5-21-1547161642-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}

Adware.MyWebSearch/FunWebProducts
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

Trojan.Media-Codec/V4
C:\Program Files\Video Add-on Setup

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\RemoveRP

Rogue.Component/Trace
HKLM\Software\Microsoft\600DE937
HKLM\Software\Microsoft\600DE937#600de937
HKLM\Software\Microsoft\600DE937#Version

Trojan.Net-SvHoster
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\PROTECT\SVHOST.EXE

Adware.AdRotator/SuperiorAds
C:\WINDOWS\SYSTEM32\SUPERIORADS-UNINST.EXE

Adware.180solutions/Seekmo/Zango
E:\DOWNLOADS\SETUP.EXE



Malwarebytes' Anti-Malware 1.37
Database version: 2255
Windows 5.1.2600 Service Pack 3

6/10/2009 2:00:38 AM
mbam-log-2009-06-10 (02-00-38).txt

Scan type: Quick Scan
Objects scanned: 96960
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a1301497-029d-cff7-a294-146df193dc0e (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.bqva (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_dcads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rqbmvpso (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pdoskegl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-648-2323245-23256) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\a1301497-029d-cff7-a294-146df193dc0e.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cont_dcads-remove.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:46 PM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=62548
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
O2 - BHO: (no name) - {0021042F-2CC8-EFD8-B715-2713974D46A3} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {60D2E6AF-F47E-45B8-917F-DE66D9C379B8} - (no file)
O2 - BHO: (no name) - {706D5729-5152-4040-8978-F49C6D23F9C7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {a0b71f07-c3b7-1c4a-99c9-0bbe2de60d71} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B0F73815-DCE5-4838-9000-41CF13C3610F} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: qalkfxor - {8BE3A45C-46D2-407E-8A70-878D0828634D} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: xxyXOhFX - xxyXOhFX.dll (file missing)
O23 - Service: Adobe LM Service - Adobe SYSTEMS - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9831 bytes
Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.required logs below:



DDS (Ver_09-05-14.01) - NTFSx86
Run by Jared at 14:16:14.85 on Wed 06/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1397 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jared\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://fmz.qiwa.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
mWinlogon: Shell=Explorer.exe msnmgnr.exe
BHO: {0021042F-2CC8-EFD8-B715-2713974D46A3} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {60D2E6AF-F47E-45B8-917F-DE66D9C379B8} - No File
BHO: {706D5729-5152-4040-8978-F49C6D23F9C7} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {a0b71f07-c3b7-1c4a-99c9-0bbe2de60d71} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {B0F73815-DCE5-4838-9000-41CF13C3610F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: qalkfxor: {8be3a45c-46d2-407e-8a70-878d0828634d} -
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {97F32659-2957-DE6E-6FA4-EC24F7C7CEF0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [Uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
mRun: [Gainward] c:\program files\vdotool\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.ph/com/EGamesPlugin.cab
DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} - hxxp://legendofares.netgame.com/download/MusaLauncherNew.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: xxyXOhFX - xxyXOhFX.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {60D2E6AF-F47E-45B8-917F-DE66D9C379B8} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGxWqrr

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jared\applic~1\mozilla\firefox\profiles\rfcjzjrh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: content.switch.threshold - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-16 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-16 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-16 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-16 298776]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-9-7 38656]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-4-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-4-24 98696]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-10 12:39--d-----c:\program files\Trend Micro
2009-06-10 01:49--d-----c:\docume~1\jared\applic~1\Malwarebytes
2009-06-10 01:4940,160a-------c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 01:4919,096a-------c:\windows\system32\drivers\mbam.sys
2009-06-10 01:49--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-10 01:49--d-----c:\program files\Malwarebytes' Anti-Malware
2009-06-10 00:53410,984a-------c:\windows\system32\deploytk.dll
2009-06-10 00:22--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-10 00:22--d-----c:\program files\SUPERAntiSpyware
2009-06-10 00:22--d-----c:\docume~1\jared\applic~1\SUPERAntiSpyware.com
2009-06-09 23:52--d-----c:\program files\CCleaner
2009-06-09 09:26--dsh---c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-09 09:22--d-----c:\docume~1\alluse~1\applic~1\Uniblue
2009-06-09 09:07--d-----c:\program files\Uniblue
2009-06-09 08:44--d-----c:\docume~1\jared\applic~1\Uniblue
2009-06-09 08:43-cd-h---c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-08 12:3923,392a-------c:\windows\system32\nscompat.tlb
2009-06-08 12:3916,832a-------c:\windows\system32\amcompat.tlb
2009-05-29 15:44--d-----c:\program files\MSECache
2009-05-28 22:5298,304a-------c:\windows\system32\CmdLineExt.dll
2009-05-27 10:173,255a-------c:\windows\system32\wbem\Outlook_01c9de71480d7222.mof

==================== Find3M ====================

2009-05-09 09:54325,896a-------c:\windows\system32\drivers\avgldx86.sys
2009-05-09 09:5411,952a-------c:\windows\system32\avgrsstx.dll
2009-05-09 09:54108,552a-------c:\windows\system32\drivers\avgtdix.sys
2009-01-25 21:224---shr--c:\docume~1\alluse~1\applic~1\sysqcl1129139270.dat
2007-10-25 11:2818,895,728a-------c:\program files\Install_Messenger.exe
2008-08-28 19:0929,587a--sh---c:\windows\system32\rrqWxGgh.ini2
2008-09-09 22:4916,384a--sh---c:\windows\system32\config\systemprofile\cookies\index.dat
2008-09-09 22:4932,768a--sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-09-09 22:4932,768a--sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat
2008-09-09 22:4932,768a--sh---c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 14:16:37.10 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 11:24:05 PM
System Uptime: 6/10/2009 12:19:00 PM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N8-VMX
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | CPU 1 | 2209/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 156 GiB total, 120.383 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 142 GiB total, 89.403 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP364: 3/13/2009 11:21:21 PM - System Checkpoint
RP365: 3/15/2009 6:08:19 PM - System Checkpoint
RP366: 3/17/2009 8:10:08 PM - System Checkpoint
RP367: 3/18/2009 8:20:55 AM - Avg8 Update
RP368: 3/19/2009 8:33:21 AM - System Checkpoint
RP369: 3/20/2009 12:12:03 PM - System Checkpoint
RP370: 3/21/2009 12:42:51 PM - System Checkpoint
RP371: 3/22/2009 12:01:07 AM - Software Distribution Service 3.0
RP372: 3/24/2009 8:12:04 AM - System Checkpoint
RP373: 3/25/2009 11:38:20 AM - System Checkpoint
RP374: 3/25/2009 7:08:55 PM - Configured AVG Free 8.5
RP375: 3/26/2009 8:31:33 AM - Avg8 Update
RP376: 3/27/2009 8:51:28 AM - Avg8 Update
RP377: 3/28/2009 10:22:00 AM - System Checkpoint
RP378: 3/30/2009 10:07:04 AM - System Checkpoint
RP379: 3/31/2009 1:21:33 PM - System Checkpoint
RP380: 4/1/2009 1:44:20 PM - System Checkpoint
RP381: 4/2/2009 2:39:14 PM - System Checkpoint
RP382: 4/3/2009 10:40:12 PM - System Checkpoint
RP383: 4/4/2009 10:59:16 PM - System Checkpoint
RP384: 4/4/2009 11:59:57 PM - Installed Windows Media Player 10
RP385: 4/5/2009 12:20:02 AM - Software Distribution Service 3.0
RP386: 4/6/2009 12:23:20 AM - System Checkpoint
RP387: 4/6/2009 3:00:15 AM - Software Distribution Service 3.0
RP388: 4/7/2009 8:37:10 AM - System Checkpoint
RP389: 4/8/2009 9:20:54 AM - System Checkpoint
RP390: 4/11/2009 12:14:05 PM - Avg8 Update
RP391: 4/12/2009 1:07:08 PM - System Checkpoint
RP392: 4/13/2009 1:51:45 PM - System Checkpoint
RP393: 4/14/2009 2:22:25 PM - System Checkpoint
RP394: 4/15/2009 8:50:45 PM - System Checkpoint
RP395: 4/16/2009 9:10:32 AM - Avg8 Update
RP396: 4/17/2009 3:00:22 AM - Software Distribution Service 3.0
RP397: 4/18/2009 7:58:30 AM - System Checkpoint
RP398: 4/19/2009 9:18:17 AM - System Checkpoint
RP399: 4/20/2009 2:50:10 PM - System Checkpoint
RP400: 4/21/2009 3:58:01 PM - System Checkpoint
RP401: 4/22/2009 5:37:38 PM - System Checkpoint
RP402: 4/23/2009 9:27:13 PM - System Checkpoint
RP403: 4/30/2009 9:45:26 PM - System Checkpoint
RP404: 5/1/2009 9:16:43 AM - Software Distribution Service 3.0
RP405: 5/7/2009 9:27:51 PM - System Checkpoint
RP406: 5/7/2009 11:40:17 PM - Software Distribution Service 3.0
RP407: 5/9/2009 9:50:28 AM - Avg8 Update
RP408: 5/9/2009 9:55:04 AM - Avg8 Update
RP409: 5/10/2009 1:14:55 PM - System Checkpoint
RP410: 5/10/2009 2:30:02 PM - Removed GG E-Sports Platform
RP411: 5/12/2009 5:29:01 PM - System Checkpoint
RP412: 5/13/2009 5:36:28 PM - Software Distribution Service 3.0
RP413: 5/14/2009 10:48:59 PM - System Checkpoint
RP414: 5/16/2009 10:45:07 AM - Avg8 Update
RP415: 5/18/2009 9:26:47 AM - System Checkpoint
RP416: 5/19/2009 8:13:39 AM - Avg8 Update
RP417: 5/19/2009 8:16:54 AM - Avg8 Update
RP418: 5/21/2009 11:52:12 AM - System Checkpoint
RP419: 5/22/2009 10:45:03 PM - System Checkpoint
RP420: 5/24/2009 5:47:53 PM - System Checkpoint
RP421: 5/25/2009 8:21:50 PM - System Checkpoint
RP422: 5/26/2009 9:30:28 PM - System Checkpoint
RP423: 5/28/2009 8:40:26 AM - System Checkpoint
RP424: 5/28/2009 10:40:52 PM - Installed DirectX
RP425: 5/28/2009 10:45:50 PM - Installed DirectX
RP426: 5/29/2009 3:44:39 PM - Installed Compatibility Pack for the 2007 Office system
RP427: 5/30/2009 4:41:19 PM - System Checkpoint
RP428: 5/31/2009 5:40:10 PM - System Checkpoint
RP429: 6/2/2009 12:43:05 PM - System Checkpoint
RP430: 6/3/2009 5:20:09 PM - System Checkpoint
RP431: 6/5/2009 7:51:11 PM - System Checkpoint
RP432: 6/7/2009 10:57:53 PM - System Checkpoint
RP433: 6/8/2009 11:59:43 AM - Removed Ad-Aware
RP434: 6/8/2009 12:37:37 PM - Installed Windows Media Player 11
RP435: 6/8/2009 12:41:01 PM - Installed Windows Media Player 11
RP436: 6/8/2009 12:42:54 PM - Installed Windows XP MSCompPackV1.
RP437: 6/9/2009 1:12:03 AM - Software Distribution Service 3.0
RP438: 6/9/2009 9:11:10 AM - Uniblue RegistryBooster
RP439: 6/9/2009 9:16:17 AM - Uniblue RegistryBooster
RP440: 6/9/2009 9:26:02 AM - Removed TuneUp Utilities 2008
RP441: 6/9/2009 9:27:02 AM - Installed TuneUp Utilities 2009
RP442: 6/9/2009 10:13:46 AM - Removed TuneUp Utilities 2009
RP443: 6/9/2009 11:00:17 AM - Software Distribution Service 3.0
RP444: 6/9/2009 11:29:48 PM - Removed Comic Life
RP445: 6/10/2009 12:22:44 AM - Installed SUPERAntiSpyware Free Edition
RP446: 6/10/2009 12:52:39 AM - Installed Java(TM) 6 Update 13
RP447: 6/10/2009 12:31:03 PM - Removed Java(TM) 6 Update 2
RP448: 6/10/2009 12:31:47 PM - Removed Java(TM) 6 Update 3
RP449: 6/10/2009 12:32:25 PM - Removed Java(TM) 6 Update 5
RP450: 6/10/2009 12:33:18 PM - Removed Java(TM) 6 Update 7

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop CS2
Adobe Reader 8.1.2
AIO_Scan
Apple Mobile Device Support
Apple Software Update
Attansic Giga Ethernet Utility
AVG 8.5
Bonjour
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Copy
CorelDRAW Graphics Suite X3
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
EN
eSupportQFolder
F4100
F4100_Help
Final Draft 7
FontNav
Garena
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Imikimi Plugin
InterActual Player
InterVideo WinDVD 7
iTunes
Java(TM) 6 Update 13
LimeWire 4.16.6
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Premium 2007
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero Suite
NVIDIA Drivers
OpenOffice.org Installer 1.0
Picture Collage Maker
QuickFix
QuickTime
Realtek High Definition Audio Driver
Scan
Scrapbook Flair
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SereneScreen Marine Aquarium 2.6
Skype™ 3.8
SolutionCenter
Status
SUPERAntiSpyware Free Edition
The Settlers II - 10th Anniversary
ToggleEN Toolbar
Toolbox
TrayApp
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
VBA
VDOTool 5.3
Ventrilo Client
WebFldrs XP
WebReg
Winamp (remove only)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/9/2009 8:35:37 AM, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.
6/8/2009 12:43:06 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
6/3/2009 2:34:20 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
6/10/2009 2:03:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these DIRECTIONS as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

DDS::
BHO: {0021042F-2CC8-EFD8-B715-2713974D46A3} - No File
BHO: {60D2E6AF-F47E-45B8-917F-DE66D9C379B8} - No File
BHO: {706D5729-5152-4040-8978-F49C6D23F9C7} - No File
BHO: {a0b71f07-c3b7-1c4a-99c9-0bbe2de60d71} - No File
BHO: {B0F73815-DCE5-4838-9000-41CF13C3610F} - No File
TB: qalkfxor: {8be3a45c-46d2-407e-8a70-878d0828634d} -
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {97F32659-2957-DE6E-6FA4-EC24F7C7CEF0} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SEH: {60D2E6AF-F47E-45B8-917F-DE66D9C379B8} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGxWqrr

Firefox::
FF - ProfilePath - c:\docume~1\jared\applic~1\mozilla\firefox\profiles\rfcjzjrh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www2.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious SITES can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa