View Full Version : Virtumonde and variants! HELP!
Hello everyone. I ran into some trouble lol and I ran spybot to find out that I have Virtumonde.DLL and its variants as well as a Firewall Bypass Malware? Anyways, Please let me know what I have to do to clean out my pc. By the way, This is my other account on my pc that got infected.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:46 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=ZhMHPIl8V1yP8qMjdswv8q0sljY
O1 - Hosts: ::1 localhost
O1 - Hosts: ??????????????? browser-security.microsoft.com
O1 - Hosts: ??????????????? spyware-protector-2009.com
O1 - Hosts: ??????????????? www.spyware-protector-2009.com
O1 - Hosts: ??????????????? secure.spyware-protector-2009.com
O1 - Hosts: ??????????????? knocker
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ABD42510-9B22-41cd-9DCD-8182A2D07C63} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ffaab799-0354-4a06-9bee-d3dce95e72e9} - C:\WINDOWS\system32\butabefu.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CPM4fb7f5df] Rundll32.exe "c:\windows\system32\zawomebe.dll",a
O4 - HKLM\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\difodime.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingC5577] cmd.exe /c del "C:\WINDOWS\system32\gulobimu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1994] command.com /c del "C:\WINDOWS\instsp2.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4013] cmd.exe /c del "C:\WINDOWS\instsp2.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O20 - AppInit_DLLs: c:\windows\system32\zawomebe.dll,C:\WINDOWS\system32\,C:\WINDOWS\system32\gulobimu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zawomebe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zawomebe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8778 bytes
Bio-Hazard
2009-04-26, 16:25
Hello and Welcome to forums!
My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
I f you don't know or understand something please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
No Reply Within 5 Days Will Result In Your Topic Being Closed!!
Bio-Hazard
2009-04-26, 16:30
Download HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your computer, somewhere where you can find it.
Double click on HostsXpert.exe to launch the programme.
Check to see if top button on left hand side says Make Writable ?
If it does. click on it then proceed to next instruction.
If not, just proceed to next instruction
Click on Restore MS Hosts File to restore your Hosts file to its default condition.
When prompted to confirm, click OK.
Click on the Download button (lower left hand side)
Click on MVPs Hosts... button.
Click on Replace button.
Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
When finished.
Click on File Handling button.
Click on Make Read Only ? to secure it against infection.
Exit the programme.
Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop.
Alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
Alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
random's system information tool (RSIT)
Download random's system information tool (RSIT) by random/random from HERE (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt (<<will be maximized)
info.txt (<<will be minimized)
Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
Malwarebytes Antimalware log
RSIT Logs, log.txt (<<will be maximized) and info.txt (<<will be minimized)
A description of how your computer is behaving
Hello Bio-Hazard, Thanks for helping me out here with this problem.
I downloaded HostXpert as you said and followed your instruction's and it say's that it cannot connect to the internet. It also mentions that my DNS client is still running and should be shut down in order to download a large host file.
I have not made any other moves. I already have MalwareBytes dowloaded. I will wait for your instructions as to what I should to about the HostXpert before I go on?
Bio-Hazard
2009-04-26, 21:47
Hello!
Sorry to hear that you are having problems with HostExpert. Skip that part for now and continue with the rest of the instructions. As you already have Malwarebytes Antimalware installed make sure you updated before you run a full scan. If you have any other problems or questions please let me know.
Regards,
Bio-Hazard
Im trying to update MBAM, But it won't let me? It think's im not connected to the internet? Im gonna run a full scan anyway's and give you the log's and i will try to keep updateing as well.
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
4/27/2009 12:58:26 PM
mbam-log-2009-04-27 (12-58-26).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 121125
Time elapsed: 51 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Josh at 2009-04-27 13:00:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (54%) free of 73 GB
Total RAM: 1918 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:15 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Josh\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Josh.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=ZhMHPIl8V1yP8qMjdswv8q0sljY
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ABD42510-9B22-41cd-9DCD-8182A2D07C63} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ffaab799-0354-4a06-9bee-d3dce95e72e9} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-603694747-43259115-2487476695-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Dave')
O4 - HKUS\S-1-5-21-603694747-43259115-2487476695-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Dave')
O4 - HKUS\S-1-5-21-603694747-43259115-2487476695-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Dave')
O4 - HKUS\S-1-5-21-603694747-43259115-2487476695-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Dave')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O20 - AppInit_DLLs: c:\windows\system32\,C:\WINDOWS\system32\,C:\WINDOWS\system32\gulobimu.dll c:\windows\system32\zawomebe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8370 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-10 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffaab799-0354-4a06-9bee-d3dce95e72e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-14 1862144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-02 267048]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\,C:\WINDOWS\system32\,C:\WINDOWS\system32\gulobimu.dll c:\windows\system32\zawomebe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\gulobimu.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2009-04-27 13:00:02 ----D---- C:\rsit
2009-04-25 16:12:30 ----A---- C:\WINDOWS\instsp2.exe
2009-04-21 16:20:29 ----D---- C:\Program Files\Microsoft Sync Framework
2009-04-21 16:19:44 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-04-21 16:19:37 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-04-21 16:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-04-21 16:17:29 ----D---- C:\Program Files\Microsoft
2009-04-21 16:17:09 ----D---- C:\Program Files\Windows Live SkyDrive
2009-04-21 16:16:44 ----D---- C:\Program Files\Windows Live
2009-04-21 16:11:35 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-20 20:27:46 ----A---- C:\WINDOWS\Brownie.ini
2009-04-20 18:20:16 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-04-20 18:20:16 ----A---- C:\WINDOWS\brpcfx.ini
2009-04-20 18:19:52 ----N---- C:\WINDOWS\system32\Brmfrmps.exe
2009-04-20 18:19:52 ----N---- C:\WINDOWS\system32\brinsstr.dll
2009-04-20 18:19:48 ----N---- C:\WINDOWS\system32\Pdrvinst.dll
2009-04-20 18:19:48 ----N---- C:\WINDOWS\system32\Brwebup.exe
2009-04-20 18:19:48 ----N---- C:\WINDOWS\system32\BrWebIns.dll
2009-04-20 18:19:45 ----D---- C:\Brother
2009-04-20 18:19:44 ----N---- C:\WINDOWS\system32\BrfxD04a.dll
2009-04-20 18:19:43 ----D---- C:\Program Files\Brother
2009-04-20 18:19:43 ----A---- C:\WINDOWS\brunin03.dll
2009-04-20 18:19:23 ----D---- C:\Documents and Settings\All Users\Application Data\Brother
2009-04-20 17:59:31 ----A---- C:\WINDOWS\system32\brss01a.ini
2009-04-18 20:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-18 20:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-18 20:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-18 20:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-18 20:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-18 20:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-18 16:17:13 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-04 14:55:36 ----D---- C:\CFLog
======List of files/folders modified in the last 1 months======
2009-04-27 12:56:34 ----D---- C:\Program Files\Mozilla Firefox
2009-04-27 10:28:16 ----D---- C:\WINDOWS\temp
2009-04-27 10:10:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-27 10:10:17 ----D---- C:\WINDOWS
2009-04-27 10:10:08 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-04-27 01:01:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-27 00:50:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-26 10:59:00 ----A---- C:\WINDOWS\wininit.ini
2009-04-26 10:34:19 ----D---- C:\WINDOWS\system32
2009-04-25 18:59:05 ----RD---- C:\Program Files
2009-04-25 18:59:05 ----D---- C:\WINDOWS\Prefetch
2009-04-25 16:13:03 ----ASH---- C:\WINDOWS\system32\pabuzili.dll
2009-04-25 16:12:30 ----ASH---- C:\WINDOWS\system32\lonayemu.exe
2009-04-24 21:41:27 ----D---- C:\WINDOWS\system32\drivers
2009-04-24 18:43:17 ----D---- C:\WINDOWS\Minidump
2009-04-23 13:07:00 ----D---- C:\Documents and Settings\Josh\Application Data\LimeWire
2009-04-21 21:07:18 ----HD---- C:\WINDOWS\inf
2009-04-21 21:07:14 ----D---- C:\Program Files\MSN
2009-04-21 18:51:15 ----SD---- C:\Documents and Settings\Josh\Application Data\Microsoft
2009-04-21 17:56:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-21 16:23:15 ----RSD---- C:\WINDOWS\assembly
2009-04-21 16:22:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-21 16:21:08 ----SHD---- C:\WINDOWS\Installer
2009-04-21 16:21:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-21 16:20:29 ----D---- C:\WINDOWS\WinSxS
2009-04-21 16:20:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-21 16:19:45 ----D---- C:\WINDOWS\system32\DirectX
2009-04-21 16:17:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-21 16:16:50 ----RSD---- C:\WINDOWS\Fonts
2009-04-21 16:11:35 ----D---- C:\Program Files\Common Files
2009-04-20 18:20:16 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-04-20 18:19:55 ----D---- C:\WINDOWS\twain_32
2009-04-20 18:19:48 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-20 18:19:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-20 18:00:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-20 17:59:31 ----A---- C:\WINDOWS\BRWMARK.INI
2009-04-20 17:59:29 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-18 21:10:58 ----D---- C:\WINDOWS\Debug
2009-04-18 20:13:41 ----D---- C:\WINDOWS\system32\wbem
2009-04-18 20:13:41 ----D---- C:\WINDOWS\AppPatch
2009-04-18 20:06:16 ----D---- C:\WINDOWS\system32\en-US
2009-04-18 20:06:16 ----D---- C:\Program Files\Internet Explorer
2009-04-18 20:06:05 ----D---- C:\WINDOWS\ie7updates
2009-04-18 20:04:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 21:46:51 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-15 19:48:01 ----D---- C:\Program Files\PokerStars
2009-04-08 23:45:05 ----D---- C:\WINDOWS\Help
2009-04-07 21:24:57 ----D---- C:\WINDOWS\network diagnostic
2009-03-29 10:01:02 ----D---- C:\Program Files\Nitto 1320 Legends
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-02-26 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-02-22 24336]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-25 47360]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-15 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-19 53248]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Subagames\CrossFire\GameGuard\dump_wmimmc.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-02-26 700152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-10 152984]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-02 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-14 1862144]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-16 2736890]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-04-27 13:00:18
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AMD Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->MsiExec.exe /I{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bodog Poker Version 2.16.3.49-->"C:\Program Files\Bodog Poker\unins000.exe"
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Support Center-->MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DesignPro 5.0 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Free Studio version 4.1-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tune Tools 2-->"C:\Program Files\Tune Tools 2\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O20 - Winlogon Notify: pmnMCUmj - pmnMCUmj.dll (file missing) [2009-03-20]
O4 - HKLM\..\Run: [CPM4fb7f5df] Rundll32.exe "c:\windows\system32\nubobevu.dll",a [2009-03-20]
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) [2009-03-20]
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nubobevu.dll [2009-03-20]
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) [2009-03-20]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\cssdll32.dll lqhdwk.dll c:\windows\system32\sayawoha.dll erqpou.dll c:\windows\system32\tugojogu.dll [2009-03-20]
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) [2009-03-20]
O4 - HKUS\S-1-5-20\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\rewuvafu.dll",s (User 'NETWORK SERVICE') [2009-03-21]
O4 - HKLM\..\Run: [CPM4fb7f5df] Rundll32.exe "c:\windows\system32\popiwoba.dll",a [2009-03-21]
O20 - AppInit_DLLs: C:\WINDOWS\system32\sidikeyu.dll c:\windows\system32\gekuhiri.dll qxepnl.dll c:\windows\system32\popiwoba.dll [2009-03-21]
O4 - HKLM\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\rewuvafu.dll",s [2009-03-21]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\popiwoba.dll [2009-03-21]
O2 - BHO: (no name) - {ffaab799-0354-4a06-9bee-d3dce95e72e9} - C:\WINDOWS\system32\totodele.dll [2009-03-21]
O4 - HKLM\..\Run: [4c84c643] rundll32.exe "C:\WINDOWS\system32\sizugomu.dll",b [2009-03-21]
O4 - HKUS\S-1-5-19\..\Run: [kazafolipi] Rundll32.exe "C:\WINDOWS\system32\rewuvafu.dll",s (User 'LOCAL SERVICE') [2009-03-21]
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\popiwoba.dll [2009-03-21]
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: COMODO Antivirus
FW: COMODO Firewall
======System event log======
Computer Name: D6N8Z2F1
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 24134
Source Name: Cdrom
Time Written: 20090415191030.000000-240
Event Type: warning
User:
Computer Name: D6N8Z2F1
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 24133
Source Name: Cdrom
Time Written: 20090415191030.000000-240
Event Type: warning
User:
Computer Name: D6N8Z2F1
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 24132
Source Name: Cdrom
Time Written: 20090415191030.000000-240
Event Type: warning
User:
Computer Name: D6N8Z2F1
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 24131
Source Name: Cdrom
Time Written: 20090415191030.000000-240
Event Type: warning
User:
Computer Name: D6N8Z2F1
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 24130
Source Name: Cdrom
Time Written: 20090415191030.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: D6N8Z2F1
Event Code: 12001
Message:
Record Number: 68
Source Name: usnjsvc
Time Written: 20090331212024.000000-240
Event Type:
User:
Computer Name: D6N8Z2F1
Event Code: 1001
Message: Fault bucket 1110235319.
Record Number: 59
Source Name: Application Hang
Time Written: 20090331141602.000000-240
Event Type: error
User:
Computer Name: D6N8Z2F1
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 58
Source Name: Application Hang
Time Written: 20090331141448.000000-240
Event Type: error
User:
Computer Name: D6N8Z2F1
Event Code: 1517
Message: Windows saved user D6N8Z2F1\Josh registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 21
Source Name: Userenv
Time Written: 20090330191911.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: D6N8Z2F1
Event Code: 12001
Message:
Record Number: 12
Source Name: usnjsvc
Time Written: 20090330163901.000000-240
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Bio-Hazard
2009-04-27, 21:40
Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
If you have version 1.6, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings in TeaTimer.
Remove HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=ZhMHPIl8V1yP8qMjdswv8q0sljY
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.
Back Up registry with ERUNT
Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE (http://www.derfisch.de/lars/erunt-setup.exe)
Click on the erunt-setup.exe
Follow the prompts to install ERUNT
Choose language
A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
http://i219.photobucket.com/albums/cc99/BioHazard_030/erunt.png
Backup your registry to the default location
Note: To restore your registry (if needed), go to the folder and start ERDNT.exe
OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:Processes
explorer.exe
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffaab799-0354-4a06-9bee-d3dce95e72e9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"=-
"C:\WINDOWS\system32\logonui.exe"=-
"C:\WINDOWS\system32\winlogon.exe"=-
:Files
c:\windows\system32\zawomebe.dll
C:\WINDOWS\system32\gulobimu.dll
C:\WINDOWS\instsp2.exe
C:\WINDOWS\system32\pabuzili.dll
C:\WINDOWS\system32\lonayemu.exe
C:\Program Files\LimeWire
C:\Documents and Settings\Josh\Application Data\LimeWire
:Commands
[emptytemp]
[start explorer]
[Reboot]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
OTMoveIt Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffaab799-0354-4a06-9bee-d3dce95e72e9}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\Notification Packages|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\logonui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winlogon.exe deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\zawomebe.dll not found.
File/Folder C:\WINDOWS\system32\gulobimu.dll not found.
File move failed. C:\WINDOWS\instsp2.exe scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pabuzili.dll
C:\WINDOWS\system32\pabuzili.dll NOT unregistered.
C:\WINDOWS\system32\pabuzili.dll moved successfully.
C:\WINDOWS\system32\lonayemu.exe moved successfully.
File/Folder C:\Program Files\LimeWire not found.
C:\Documents and Settings\Josh\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\promotion moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\mozilla-profile\updates\0 moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\mozilla-profile\updates moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\mozilla-profile\extensions moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\mozilla-profile\Cache moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\mozilla-profile moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\certificate moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\res\html moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\res\fonts moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\res\entityTables moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\res\dtd moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\res moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\plugins moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\modules moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\greprefs moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\dictionaries moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults\profile moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults\pref moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\defaults moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\components moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner\chrome moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser\xulrunner moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\browser moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Josh\Application Data\LimeWire moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Josh\LOCALS~1\Temp\etilqs_hH1vG5J981sz3Suhd0JT scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04282009_112033
Files moved on Reboot...
File move failed. C:\WINDOWS\instsp2.exe scheduled to be moved on reboot.
File C:\DOCUME~1\Josh\LOCALS~1\Temp\etilqs_hH1vG5J981sz3Suhd0JT not found!
File C:\WINDOWS\temp\Perflib_Perfdata_cc.dat not found!
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\urlclassifier3.sqlite moved successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:24 AM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7087 bytes
So far, It is acting more stable. It would be a pain to check my email. Now it isnt lol. So far, It looks ok.
Bio-Hazard, I have one question how ever, Why does Spybot start up sometimes when I boot the pc and I never started Spybot or put it to run after a reboot. And even after it does the scan, It would freeze forcing me a manual shut down. If you try to cancel it, It still freezes! What would cause that?
Bio-Hazard
2009-04-28, 18:46
Hello!
Bio-Hazard, I have one question how ever, Why does Spybot start up sometimes when I boot the pc and I never started Spybot or put it to run after a reboot. And even after it does the scan, It would freeze forcing me a manual shut down. If you try to cancel it, It still freezes! What would cause that?
I need to ask advice about this. So i will post back about it when i know something.
We have some more things to do. I want you to update Malwarebytes Antimalware and do another full scan.
Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform full scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are known security issues with older versions of Adobe Reader. It is strongly suggested that you update to the current version. Please uninstall older version of Adobe Reader before installing the latest version.
If you are using a FULL featured, purchased version of Adobe Reader.
These instructions will remove the current version of Adobe Reader and replace it with the limited feature FREE version. If you want to replace the paid for version with the free version, then continue, otherwise DO NOT perform these steps!
Click Start
Control Panel
Double clicking on Add/Remove Programs
Locate older version of Adobe Reader and click on Change/Remove to uninstall it
Click HERE (http://www.adobe.com/products/acrobat/readstep2.html) to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.
If you don't like Adobe Reader, you can download Foxit PDF Reader from HERE (http://www.filehippo.com/download_foxit/download/423817ca4028434efe3f6174b07468b0/FoxitReader30_enu_Setup.exe). It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
Malwarebytes Antimalware log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
Malwarebytes' Anti-Malware 1.36
Database version: 2056
Windows 5.1.2600 Service Pack 3
4/28/2009 7:22:30 PM
mbam-log-2009-04-28 (19-22-30).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 138489
Time elapsed: 58 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\instsp2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zasulege.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zizakohe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:05 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7287 bytes
It seems to be alright. Thank you for helping me out Bio-Hazard, Let me know how everything look's.
Bio-Hazard
2009-04-29, 11:58
Hello!
You have done well. :bigthumb: Lasts checks and then you are good to go if it doesnt find anything.
Why does Spybot start up sometimes when I boot the pc and I never started Spybot or put it to run after a reboot. And even after it does the scan, It would freeze forcing me a manual shut down. If you try to cancel it, It still freezes! What would cause that?Well the reason for it is that when Spybots founds something to clean, if it cant clean it straight away. I will do it on a next reboot. Is it still happening?
ATF-Cleaner
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords please click No at the prompt.
Click Exit on the Main menu to close the program.
Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, April 29, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 29, 2009 15:42:01
Records in database: 2094071
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 61825
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 00:58:24
File name / Threat name / Threats count
C:\Documents and Settings\Dave\My Documents\LimeWire\Saved\Twilight soundtrack paramore i caught myself.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090321-235251-736.dll Infected: Packed.Win32.Krap.o 1
C:\WINDOWS\system32\rn.tmp Infected: Trojan-Downloader.Win32.Agent.bjuv 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:26 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7004 bytes
Seems stable but it does seem to be a little bit sluggish in some areas of loading. Not as bad as before how ever. Its much more quick with the email and web surfing. Just some loading seems to be affected at times.
Bio-Hazard
2009-04-29, 23:17
Just some loading seems to be affected at times.
Do you mean when computer is booting up? I have added a link for what to do when computer is running slowly. Maybe that is some use to you.
Slow Computer
Read here What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
OTMoveIt3
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.
:Processes
explorer.exe
:Files
C:\WINDOWS\system32\rn.tmp
C:\Documents and Settings\Dave\My Documents\LimeWire\Saved\Twilight soundtrack paramore i caught myself.mp3
:Commands
[emptytemp]
[start explorer]
[Reboot]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
OTMOveIt3 log
A fresh HijackThis Log ( after all the above has been done)
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\rn.tmp moved successfully.
C:\Documents and Settings\Dave\My Documents\LimeWire\Saved\Twilight soundtrack paramore i caught myself.mp3 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Josh\LOCALS~1\Temp\etilqs_ZUpfAkTZJdC4ghqbVmJE scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04292009_191250
Files moved on Reboot...
File C:\DOCUME~1\Josh\LOCALS~1\Temp\etilqs_ZUpfAkTZJdC4ghqbVmJE not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_cc.dat scheduled to be moved on reboot.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Josh\Local Settings\Application Data\Mozilla\Firefox\Profiles\a04q7v0z.default\XUL.mfl moved successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:57 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071114
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7105 bytes
Actually, The only time it lags horriblely is when Spybot loads after I type my password at the welcome screen to log on. Only time around booting. I meant as I surf the internet, In some areas not all, It lags and usually a refresh or by clicking on the URL again would help. But sometimes it wont.
Other than this, The pc seems to be performing well and Spybot does not load on its own as it stands right now.
Bio-Hazard
2009-04-30, 23:31
Hello!
If you want to speed up your boot time. You can fix these lines with HijackThis.
Remove HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.
Your log now appears to be clean. Congratulations!
You can get rid of the tools we used:
HostExpert - (You can just delete the exe file from your desktop)
ERUNT - (You can uninstall it from Add/Remove Programs)
Clean up with OTMoveIt3
Double-click OTMoveIt3.exe to start the program.
Close all other programs apart from OTMoveIt3 as this step will require a reboot
On the OTMoveIt main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
You can now re-enable Spybots Teatimer
General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
Clear Infected System Restore Points
Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.
Note: only do this once,and not on a regular basis
Set correct settings for files
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under Hidden files and folders if necessary select Do not show hidden files and folders.
If unchecked please check Hide protected operating system files (Recommended)
If necessary check Display content of system folders
If necessary Uncheck Hide file extensions for known file types.
Click OK
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site (http://update.microsoft.com/microsoftupdate) on a regular basis.
NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) or F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html). I suggest that you run one of them at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE (http://surfthenetsafely.com/ieseczone8.htm)
Recommended Programs
I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE (http://www.winpatrol.com/).
SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE (http://www.webopedia.com/TERM/A/ActiveX_control.html). You can download SpywareBlaster from HERE (http://www.javacoolsoftware.com/sbdownload.html).
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE (http://www.malwarebytes.org/mbam.php). Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926) and Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913).
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE (http://forum.malwareremoval.com/viewtopic.php?t=22187) and for more information regarding host files read HERE (http://www.mvps.org/winhelp2002/hosts.htm).
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox (http://www.mozilla.com/en-US/firefox/) or Opera (http://www.opera.com/download/)
Here is a great article by miekiemoes How to prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html).
Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php). You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Happy surfing and stay clean!
Bio-Hazard
Hello Bio-Hazard! GREAT! Im grateful to you and the Spybot team for taking your time and helping me out with my problem. I will do as you said in your post and make sur everything is cleaned out as much as possible. I will se about those programs as well. Again, Thank you very much and you can go ahead and lock the thread!
By the way, What do I do with ATF Cleaner?
Bio-Hazard
2009-05-01, 08:27
Hello!
You can keep the ATF cleaner if you want or you can just delete the exe file. It is good program to use for get rid of junk like temp filed and so on.
Okay, I will keep it then. Thanks again Bio-Hazard! You can lock up the thread now.
Bio-Hazard
2009-05-01, 22:53
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.