PDA

View Full Version : Win32.TDSS.rtk and Trojan.BHO cannot be removed


bclouie13
2009-05-06, 01:10
hello Spybot representatives. thank you so much for your time. i cannot remove Win32.TDSS.rtk via Spybot (i have tried over 10 times) and Trojan.BHO via Malwarebytes (i hav tried over 10 times). i have read the "Before You Post" thread, backed up my registry via ERUNT, and am currently on a personal computer. below is my HJT log. please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:51 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IOGear\ION\IoctlSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\ld08.exe
\?\globalroot\C:\WINDOWS\system32\cmd.exe
c:\windows\pp06.exe
C:\WINDOWS\System32\SYS32DLL.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - (no file)
O2 - BHO: (no name) - {C994035A-4B5A-45A0-8ED0-4534F9C4E0AC} - (no file)
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerMate] "C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [sysldtray] c:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp06.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [JaaduConnect] C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-657750371-3516429507-239927934-1008\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\4027757417.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ovnyt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: ActiveHome Pro (2).lnk = C:\Program Files\ActiveHome Pro\ActiveHm.exe
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: OrbThis - {0BF88E98-7ADC-44d6-8242-0BF87CD1BC14} - C:\Program Files\ORB Networks\OrbThis for IE\OrbIE.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} (Antx Class) - http://site.x10.com/cabs/antx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241305375187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241049890125
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.0.104/NetCamPlayerWeb11gv2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ppmzxg.dll quqfap.dll jzehod.dll c:\windows\system32\nujekoko.dll C:\WINDOWS\system32\yetotibo.dll hgewsb.dll C:\WINDOWS\system32\lugehuyi.dll c:\windows\system32\henebevi.dll c:\windows\system32\jemotodu.dll c:\windows\system32\milufuro.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnllIaA - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Update Service (gupdate1c982a0d9b1ef28) (gupdate1c982a0d9b1ef28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\IOGear\ION\IoctlSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WavIt - Unknown owner - C:\Program Files\WavitMENU101c\TO_Drivers\WavItService.exe (file missing)
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15450 bytes
pskelley
2009-05-06, 12:52
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions, anything else will waste your time and mine.

This malware can be tough to remove, do not expect fast or easy, we will start like this.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks
bclouie13
2009-05-07, 10:27
hello pskelley. thank you so much for your help.

ComboFix Log:

ComboFix 09-05-06.05 - Brian Louie 05/07/2009 0:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.874 [GMT -7:00]
Running from: c:\documents and settings\Brian Louie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brian Louie\Application Data\.#
c:\documents and settings\Brian Louie\protect.dll
c:\documents and settings\Brian Louie\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\program files\Common Files\fnts~1
c:\temp\tn3
c:\windows\patch.exe
c:\windows\system32\_004167_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004169_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004176_.tmp.dll
c:\windows\system32\_004177_.tmp.dll
c:\windows\system32\_004178_.tmp.dll
c:\windows\system32\_004179_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004186_.tmp.dll
c:\windows\system32\_004188_.tmp.dll
c:\windows\system32\_004189_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004192_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004262_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_006475_.tmp.dll
c:\windows\system32\_006476_.tmp.dll
c:\windows\system32\_006477_.tmp.dll
c:\windows\system32\_006478_.tmp.dll
c:\windows\system32\_006485_.tmp.dll
c:\windows\system32\_006487_.tmp.dll
c:\windows\system32\_006488_.tmp.dll
c:\windows\system32\_006490_.tmp.dll
c:\windows\system32\_006491_.tmp.dll
c:\windows\system32\_006494_.tmp.dll
c:\windows\system32\_006495_.tmp.dll
c:\windows\system32\_006497_.tmp.dll
c:\windows\system32\_006498_.tmp.dll
c:\windows\system32\_006499_.tmp.dll
c:\windows\system32\_006501_.tmp.dll
c:\windows\system32\_006504_.tmp.dll
c:\windows\system32\_006505_.tmp.dll
c:\windows\system32\_006509_.tmp.dll
c:\windows\system32\_006510_.tmp.dll
c:\windows\system32\_006512_.tmp.dll
c:\windows\system32\_006515_.tmp.dll
c:\windows\system32\_006517_.tmp.dll
c:\windows\system32\_006519_.tmp.dll
c:\windows\system32\_006520_.tmp.dll
c:\windows\system32\_006521_.tmp.dll
c:\windows\system32\_006524_.tmp.dll
c:\windows\system32\_006525_.tmp.dll
c:\windows\system32\_006526_.tmp.dll
c:\windows\system32\_006527_.tmp.dll
c:\windows\system32\_006528_.tmp.dll
c:\windows\system32\_006533_.tmp.dll
c:\windows\system32\_006535_.tmp.dll
c:\windows\system32\_006536_.tmp.dll
c:\windows\system32\_007594_.tmp.dll
c:\windows\system32\_007595_.tmp.dll
c:\windows\system32\_007596_.tmp.dll
c:\windows\system32\_007597_.tmp.dll
c:\windows\system32\_007604_.tmp.dll
c:\windows\system32\_007605_.tmp.dll
c:\windows\system32\_007606_.tmp.dll
c:\windows\system32\_007608_.tmp.dll
c:\windows\system32\_007609_.tmp.dll
c:\windows\system32\_007612_.tmp.dll
c:\windows\system32\_007613_.tmp.dll
c:\windows\system32\_007615_.tmp.dll
c:\windows\system32\_007616_.tmp.dll
c:\windows\system32\_007617_.tmp.dll
c:\windows\system32\_007619_.tmp.dll
c:\windows\system32\_007622_.tmp.dll
c:\windows\system32\_007623_.tmp.dll
c:\windows\system32\_007627_.tmp.dll
c:\windows\system32\_007628_.tmp.dll
c:\windows\system32\_007630_.tmp.dll
c:\windows\system32\_007633_.tmp.dll
c:\windows\system32\_007635_.tmp.dll
c:\windows\system32\_007636_.tmp.dll
c:\windows\system32\_007637_.tmp.dll
c:\windows\system32\_007638_.tmp.dll
c:\windows\system32\_007641_.tmp.dll
c:\windows\system32\_007642_.tmp.dll
c:\windows\system32\_007643_.tmp.dll
c:\windows\system32\_007644_.tmp.dll
c:\windows\system32\_007645_.tmp.dll
c:\windows\system32\_007650_.tmp.dll
c:\windows\system32\_007652_.tmp.dll
c:\windows\system32\_007653_.tmp.dll
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthnwotsrwkgcdbuwvhraybdbxvkqkqrxhp.sys
c:\windows\system32\nifolije.exe
c:\windows\system32\ovfsthdbfsjrapdlygpuuoboujkvjqehmybjih.dat
c:\windows\system32\ovfsthexricxgklewdqxwgjhhmbsocjlwvnckg.dat
c:\windows\system32\ovfsthkiiavvyfrymkqyjcxucvkghbpscmfvyu.dll
c:\windows\system32\ovfsthkjpeatmighymlrpuscmfqnyylgxcfqes.dll
c:\windows\system32\ovfsthkjpeatmighymlrpuscmfqnyylgxcfqes.dll_old
c:\windows\system32\ovfsthnqlitwnixnovusajiiomplbxevwjeauk.dll
c:\windows\system32\tmp.reg
c:\windows\system32\yifulose.exe
c:\windows\system32\zepepewa.exe
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthfgydjswvsdkxjiaflbieoomqhaksseia
-------\Legacy_TDSSSERV
-------\Legacy_TDSSSERV.SYS
-------\Legacy_CONFIGURATION_LOADING
-------\Legacy_CORE


((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-06 15:07 . 2009-05-07 07:46 27648 ----a-w c:\windows\system32\lmn_setup.exe
2009-05-05 23:00 . 2009-05-05 23:00 -------- d-----w c:\program files\Trend Micro
2009-05-05 22:57 . 2009-05-05 22:57 -------- d-----w c:\program files\ERUNT
2009-05-05 22:38 . 2009-05-05 22:38 202 ----a-w C:\43214354.bat
2009-05-05 22:38 . 2009-05-06 00:38 85504 ----a-w c:\windows\system32\click_setup.exe
2009-05-04 05:38 . 2009-05-04 05:38 -------- d-----w c:\program files\Windows Resource Kits
2009-05-04 05:08 . 2009-05-04 05:08 180224 ----a-w c:\windows\system32\WinVd32.sys
2009-05-04 05:08 . 2009-05-04 05:08 7680 ----a-w c:\windows\system32\WinFLsrv.exe
2009-05-04 05:08 . 2009-05-04 05:08 10752 ----a-w c:\windows\system32\WinFLdrv.sys
2009-05-04 05:08 . 2009-05-04 05:08 -------- d-----w c:\program files\Folder Lock 6
2009-05-03 17:56 . 2002-08-29 12:00 54272 ----a-w c:\windows\system32\dllcache\stclient.dll
2009-05-03 00:26 . 2004-08-04 06:00 71040 ----a-w c:\windows\system32\drivers\_004150_.tmp.dll
2009-05-02 23:26 . 2009-02-20 18:09 78336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
2009-05-02 23:24 . 2004-08-04 06:00 71040 ----a-w c:\windows\system32\drivers\_004142_.tmp.dll
2009-05-02 22:36 . 2009-05-02 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-02 14:19 . 2009-05-02 14:19 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-02 14:18 . 2009-05-02 14:18 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-02 14:18 . 2009-05-02 14:18 -------- d-----w c:\documents and settings\Brian Louie\Application Data\SUPERAntiSpyware.com
2009-04-29 17:32 . 2009-04-29 17:32 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-19 00:47 . 2009-04-19 00:47 -------- d-----w c:\program files\Common Files\Yahoo!
2009-04-19 00:47 . 2009-04-19 00:47 -------- d-----w c:\program files\Pinnacle
2009-04-19 00:47 . 2009-04-20 07:06 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
2009-04-19 00:45 . 2009-04-19 00:45 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-04-14 19:14 . 2009-04-14 19:14 -------- d-----w c:\documents and settings\Brian Louie\Application Data\Amazon
2009-04-14 19:13 . 2009-04-14 19:13 -------- d-----w c:\program files\Amazon
2009-04-12 20:28 . 2009-04-12 20:28 -------- d-----w c:\program files\iLike
2009-04-12 19:55 . 2009-04-12 19:59 -------- d-----w c:\windows\NV29761580.TMP
2009-04-12 19:53 . 2009-04-12 19:59 -------- d-----w c:\windows\NV4921084.TMP
2009-04-10 19:50 . 2009-04-13 01:52 -------- d-----w c:\documents and settings\Brian Louie\Application Data\calibre
2009-04-10 19:50 . 2009-04-10 19:50 -------- d--h--w c:\program files\InstallJammer Registry
2009-04-10 19:49 . 2009-04-16 06:07 -------- d-----w c:\program files\calibre

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 07:31 . 2007-08-30 04:30 2644 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-07 07:22 . 2005-06-05 18:49 -------- d-----w c:\program files\LogMeIn
2009-05-07 07:21 . 2008-01-30 06:30 -------- d-----w c:\program files\dl_Cats
2009-05-04 13:46 . 2004-10-07 04:04 68512 ----a-w c:\documents and settings\Brian Louie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 05:08 . 2006-01-07 22:52 -------- d-----w c:\program files\Folder Lock
2009-05-04 05:07 . 2006-01-07 22:52 256 ----a-w C:\sccfg.sys
2009-05-03 00:07 . 2003-04-17 07:19 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-02 22:37 . 2008-09-09 21:10 -------- d-----w c:\program files\iTunes
2009-05-02 22:36 . 2003-12-24 03:22 -------- d-----w c:\program files\iPod
2009-05-02 22:36 . 2008-01-16 07:16 -------- d-----w c:\program files\Common Files\Apple
2009-05-02 14:17 . 2009-02-08 02:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 18:58 . 2004-01-31 04:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-28 06:04 . 2008-09-19 07:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 06:46 . 2004-06-22 05:05 -------- d-----w c:\program files\Google
2009-04-19 19:34 . 2009-01-19 19:34 47104 --sha-w c:\windows\system32\tejohare.exe
2009-04-12 18:19 . 2009-03-27 01:02 -------- d-----w c:\program files\Digsby
2009-04-06 22:32 . 2008-09-19 07:39 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-09-19 07:39 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 05:49 . 2008-12-28 08:15 -------- d-----w c:\program files\Vio Video Converter
2009-03-27 02:41 . 2009-03-27 02:41 -------- d-----w c:\program files\Common Files\Mobipocket Shared
2009-03-27 02:41 . 2009-03-27 02:41 -------- d-----w c:\program files\Mobipocket.com
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-15 00:01 . 2009-03-15 00:01 -------- d-----w c:\program files\Simplify Media
2009-03-12 07:18 . 2009-03-12 07:17 -------- d-----w c:\program files\QuickTime
2009-03-12 06:59 . 2009-03-12 06:59 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-08 20:10 . 2009-03-08 20:10 -------- d-----w c:\program files\Audacity
2009-03-06 14:44 . 2003-02-03 22:37 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2008-09-09 20:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-01-16 07:17 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-02-06 23:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2009-05-03 17:56 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-04-15 02:34 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2009-05-03 17:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2009-05-03 17:56 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2009-05-03 17:56 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 04:59 . 2009-02-09 04:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-08 02:57 . 2009-02-08 02:57 47868 ---ha-w c:\windows\system32\mlfcache.dat
2009-02-07 22:41 . 2009-02-07 22:41 166352 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-06 17:24 . 2009-05-03 17:56 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2009-05-03 17:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2003-02-03 22:37 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2009-05-03 17:56 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-10-25 21:03 . 2008-10-25 21:03 19090 ----a-w c:\program files\Common Files\cybumohe.dll
2008-10-25 21:03 . 2008-10-25 21:03 19173 ----a-w c:\program files\Common Files\oguxoc.com
2007-07-25 03:03 . 2007-07-25 03:03 118784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2005-09-16 00:26 . 2005-11-13 07:11 94208 ----a-w c:\program files\mozilla firefox\components\BrandRes.dll
2005-09-16 00:26 . 2005-11-13 07:11 150912 ----a-w c:\program files\mozilla firefox\components\fullsoft.dll
2005-09-16 00:26 . 2005-11-13 07:11 41573 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2005-09-16 00:26 . 2005-11-13 07:11 48223 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2005-09-16 00:26 . 2005-11-13 07:11 8813 ----a-w c:\program files\mozilla firefox\components\qfaservices.dll
2005-09-16 00:26 . 2005-11-13 07:11 160871 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-13 22:12 . 2005-05-13 22:12 217073 --sha-r c:\windows\meta4.exe
2005-10-24 16:13 . 2005-10-24 16:13 66560 --sha-r c:\windows\MOTA113.exe
2005-10-14 02:27 . 2005-10-14 02:27 422400 --sha-r c:\windows\x2.64.exe
2005-10-08 00:14 . 2005-10-08 00:14 308224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 17:31 . 2005-07-14 17:31 27648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 20:32 . 2005-06-26 20:32 616448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 03:37 . 2005-06-22 03:37 45568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r c:\windows\system32\i420vfw.dll
2005-08-29 06:30 . 2005-08-15 06:30 10022 --sha-w c:\windows\system32\KGyGaAvL.sys
2005-12-23 01:23 . 2005-12-23 01:23 816640 --sha-r c:\windows\system32\smab.dll
2005-02-28 18:16 . 2005-02-28 18:16 240128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"JaaduConnect"="c:\program files\Jugaari\Jaadu Connect\JaaduConnect.exe" [2008-08-30 2482176]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2007-05-08 589824]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-14 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"PowerMate"="c:\program files\Griffin Technology\PowerMate\PowerMate.exe" [2002-12-18 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2002-08-28 73728]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"="SYS32DLL" [X]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\documents and settings\Brian Louie\Start Menu\Programs\Startup\
ActiveHome Pro (2).lnk - c:\program files\ActiveHome Pro\ActiveHm.exe [2007-11-21 7168]
Belkin Network USB Hub Control Center.lnk - c:\program files\Belkin\Network USB Hub Control Center\Connect.exe [2008-1-29 741494]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 02:23 87352 ----a-w c:\windows\system32\LMIinit.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi3"= usbkt1x1.dll
"midi9"= evolusbn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creative Internet DECT Phone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Creative Internet DECT Phone.lnk
backup=c:\windows\pss\Creative Internet DECT Phone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterCheck Monitor.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterCheck Monitor.LNK
backup=c:\windows\pss\InterCheck Monitor.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Brian Louie^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Brian Louie\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"c:\\WINDOWS\\system32\\ESERVICE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Belkin\\Network USB Hub Control Center\\Connect.exe"=
"c:\\WINDOWS\\system32\\dlbxcoms.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"19540:UDP"= 19540:UDP:SXUPTP

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [11/7/2003 7:59 PM 11886]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R1 spusbaudio;USB Microphone;c:\windows\system32\drivers\CA506AA.sys [11/24/2007 11:40 AM 39824]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/3/2007 12:33 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/3/2007 12:33 AM 47640]
R2 SweepNet;Sophos Anti-Virus Network;c:\program files\Sophos SWEEP for NT\SWNETSUP.EXE [1/31/2004 1:12 AM 159744]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [7/9/2008 3:13 PM 868864]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [5/3/2009 10:08 PM 10752]
R3 SPCA506AV;X10 VA11A Video Capture;c:\windows\system32\drivers\CA506AV.SYS [11/24/2007 11:40 AM 162096]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [1/29/2008 10:42 PM 74624]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
S2 gupdate1c982a0d9b1ef28;Google Update Service (gupdate1c982a0d9b1ef28);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2009 11:06 PM 133104]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [8/24/2001 6:06 PM 69575]
S2 WavIt;WavIt;c:\program files\WavitMENU101c\TO_Drivers\WavItService.exe --> c:\program files\WavitMENU101c\TO_Drivers\WavItService.exe [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 Arfumftr;A4Tech USB RF-Mouse filter driver;c:\windows\system32\DRIVERS\Arfumftr.sys --> c:\windows\system32\DRIVERS\Arfumftr.sys [?]
S3 DJUSB;DMM Controller;c:\windows\system32\Drivers\DM2.sys --> c:\windows\system32\Drivers\DM2.sys [?]
S3 EVOLUSB;Evolution UC-33 USB Driver;c:\windows\system32\drivers\evolusb.sys [9/1/2003 10:01 AM 29060]
S3 EWAVE;EWAVE;\??\c:\windows\System32\drivers\ew.sys --> c:\windows\System32\drivers\ew.sys [?]
S3 FILESPY;FILESPY;\??\c:\windows\System32\drivers\FILESPY.sys --> c:\windows\System32\drivers\FILESPY.sys [?]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [12/6/2004 8:04 PM 6828]
S3 InterCheck Control;InterCheck Control;c:\program files\Sophos SWEEP for NT\ICNTDRV5.SYS [1/31/2004 1:12 AM 68240]
S3 InterCheck Filter;InterCheck Filter;c:\program files\Sophos SWEEP for NT\ICNTFLT5.SYS [1/31/2004 1:12 AM 16048]
S3 InterCheck Support 01;InterCheck Support 01;c:\program files\Sophos SWEEP for NT\ICNTST01.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 02;InterCheck Support 02;c:\program files\Sophos SWEEP for NT\ICNTST02.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 03;InterCheck Support 03;c:\program files\Sophos SWEEP for NT\ICNTST03.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 04;InterCheck Support 04;c:\program files\Sophos SWEEP for NT\ICNTST04.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 05;InterCheck Support 05;c:\program files\Sophos SWEEP for NT\ICNTST05.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 06;InterCheck Support 06;c:\program files\Sophos SWEEP for NT\ICNTST06.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 07;InterCheck Support 07;c:\program files\Sophos SWEEP for NT\ICNTST07.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 08;InterCheck Support 08;c:\program files\Sophos SWEEP for NT\ICNTST08.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 09;InterCheck Support 09;c:\program files\Sophos SWEEP for NT\ICNTST09.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 10;InterCheck Support 10;c:\program files\Sophos SWEEP for NT\ICNTST10.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 11;InterCheck Support 11;c:\program files\Sophos SWEEP for NT\ICNTST11.SYS [1/31/2004 1:12 AM 5232]
S3 InterCheck Support 12;InterCheck Support 12;c:\program files\Sophos SWEEP for NT\ICNTST12.SYS [1/31/2004 1:12 AM 5232]
S3 MPD16USB;AKAIpro MPD16 Driver;c:\windows\system32\drivers\MPD16USB.sys [12/26/2003 5:38 PM 21793]
S3 NSTATION;NSTATION;\??\c:\windows\System32\drivers\nstation.sys --> c:\windows\System32\drivers\nstation.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 SDPIDISKLower;Pioneer SD Disk Lower Filter Driver;c:\windows\system32\drivers\SDPIDFI2.SYS [7/2/2002 12:52 AM 10100]
S3 SDPIUSBLower;Pioneer SD USB Lower Filter Driver;c:\windows\system32\drivers\SDPIUFI2.SYS [6/26/2002 7:42 PM 8372]
S3 TOUSBXP;TOUSBXP;c:\windows\system32\drivers\TOusbxp.sys --> c:\windows\system32\drivers\TOusbxp.sys [?]
S3 UKS11LDR;Midiman USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [7/6/2003 6:50 PM 15740]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [11/22/2003 11:24 PM 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [11/22/2003 11:24 PM 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [11/22/2003 11:24 PM 84092]
S3 USBKS1X1;Midiman USB Keystation USB Driver;c:\windows\system32\drivers\usbks1x1.sys [7/6/2003 6:52 PM 23392]
S3 USBMIDIM;Midiman USB MidiSport Midi Kernel Driver;c:\windows\system32\drivers\usbmidim.sys [6/24/2003 9:56 PM 5664]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-21 08:31]

2009-05-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 06:05]

2009-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657750371-3516429507-239927934-1006.job
- c:\documents and settings\Brian Louie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 05:24]

2009-05-06 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2003-03-16 22:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C994035A-4B5A-45A0-8ED0-4534F9C4E0AC} - (no file)
Toolbar-{8260C2B8-E0D1-448a-B062-33D12D468BF0} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\4027757417.exe
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\ovnyt.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
Notify-dimsntfy - (no file)
Notify-pmnllIaA - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{0BF88E98-7ADC-44d6-8242-0BF87CD1BC14} - {A6125182-0570-4C84-BE88-61190C09112D} - c:\program files\ORB Networks\OrbThis for IE\OrbIE.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} - hxxp://site.x10.com/cabs/antx.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.0.104/NetCamPlayerWeb11gv2.cab
FF - ProfilePath - c:\documents and settings\Brian Louie\Application Data\Mozilla\Firefox\Profiles\jzqcasep.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 01:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d????????F?
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\sys_drv.dat 10040 bytes
c:\windows\system32\sys_drv_2.dat 7028 bytes


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,6f,1c,6b,05,58,
77,ed,cf,c8,28,51,af,b0,29,a3,98,cb,9d,0f,77,79,09,1b,83,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,b8,4e,cc,2c,ff,
d3,ad,7e,71,3b,04,66,8b,46,0d,96,b4,dc,52,54,51,02,93,a6,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d2,e7,15,39,29,
ba,0c,4d,25,da,ec,7e,55,20,c9,26,37,0e,fd,c6,3f,bc,be,81,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,24,c0,2d,7f,86,
6f,10,41,3e,1e,9e,e0,57,5a,93,61,75,f2,99,d0,ce,b4,83,55,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1d,96,90,d4,e9,
f7,40,01,cd,44,cd,b9,a6,33,6c,cd,8d,17,b0,e4,76,8d,23,5e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,89,1a,fd,78,4e,
91,a0,dd,b0,18,ed,a7,3f,8d,37,a4,69,29,0a,8a,34,d6,fd,f5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7f,4d,8d,7d,3c,
76,71,de,31,77,e1,ba,b1,f8,68,02,6c,8b,e6,d1,b6,8b,99,a9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,a0,54,e1,b1,3e,
9a,b6,0f,83,6c,56,8b,a0,85,96,ab,e0,91,59,68,c6,03,f2,73,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,0a,0a,19,a8,67,
bb,b5,27,51,fa,6e,91,28,9e,14,cc,75,d4,42,a2,2c,e2,ee,a8,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,fa,df,bb,f3,9e,
c7,91,6d,b1,cd,45,5a,a8,c4,f8,b9,24,ec,2d,33,a7,f4,e9,6d,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\milufuro.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,55,e8,69,c7,06,
d8,b0,be,e3,0e,66,d5,eb,bc,2f,6b,df,bc,0f,33,2b,b3,26,a5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,d3,b6,d9,13,42,
85,e8,84,fa,ea,66,7f,d4,3b,6b,70,45,04,12,65,fb,bb,3a,be,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(436)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\nview.dll
c:\progra~1\Google\GGTASK~1.DLL
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\PENUSA.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbxcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\IOGear\ION\IoctlSvc.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\Sophos SWEEP for NT\SWEEPSRV.SYS
c:\windows\wanmpsvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\DitExp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-07 1:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 08:08

Pre-Run: 7,366,717,440 bytes free
Post-Run: 7,254,888,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,4,5,6,7
643 --- E O F --- 2009-05-06 10:00

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:05 AM, on 5/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IOGear\ION\IoctlSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerMate] "C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [JaaduConnect] C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - S-1-5-18 Startup: ActiveHome Pro (2).lnk = C:\Program Files\ActiveHome Pro\ActiveHm.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ActiveHome Pro (2).lnk = C:\Program Files\ActiveHome Pro\ActiveHm.exe (User 'Default user')
O4 - .DEFAULT Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (User 'Default user')
O4 - Startup: ActiveHome Pro (2).lnk = C:\Program Files\ActiveHome Pro\ActiveHm.exe
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: OrbThis - {0BF88E98-7ADC-44d6-8242-0BF87CD1BC14} - C:\Program Files\ORB Networks\OrbThis for IE\OrbIE.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} (Antx Class) - http://site.x10.com/cabs/antx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241305375187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241049890125
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.0.104/NetCamPlayerWeb11gv2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Update Service (gupdate1c982a0d9b1ef28) (gupdate1c982a0d9b1ef28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\IOGear\ION\IoctlSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WavIt - Unknown owner - C:\Program Files\WavitMENU101c\TO_Drivers\WavItService.exe (file missing)
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15001 bytes
bclouie13
2009-05-07, 10:29
Uninstall List:

3ivx D4 4.5.1 (remove only)
7-Zip 4.23
AAC
AC3Filter (remove only)
ACDSee Classic
ActiveHome Pro
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Amazon MP3 Downloader 1.0.3
America Online
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AviSynth 2.5
Belkin Network USB Hub Control Center
BitComet 0.59
Bonjour
BUM
calibre
CCleaner (remove only)
CDBurnerXP Pro 3
Compact Wireless-G Internet Video Camera
Creative Internet DECT Phone
Critical Update for Windows Media Player 11 (KB959772)
Digsby
DirectShow Dump
DiskAid 1.21
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-CLONER V2.32
eMusic Remote 1.0.0.2
ERUNT 1.1j
Evernote
Flickr Uploadr 3.1
Google Deskbar
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Handy Safe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
iLike Sidebar
Information about your PC
Intel(R) Integrated Performance Primitives RTI 4.0
IOGear ION
iPod for Windows 2006-01-10
iPod for Windows User Guide
iPod System Software Updater 2.1
IrfanView (remove only)
iTunes
Jaadu Connect
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6
KODAK EASYSHARE Gallery Upload ActiveX Control
Logitech Harmony Remote Software 7
LogMeIn
Malwarebytes' Anti-Malware
Medion Flash XL
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Outlook 2002
Microsoft Picture It! Photo 7.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows Journal Viewer
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Migratr
MMB_PSP
MobileMe Control Panel
Mobipocket Creator 4.2
Mozilla Firefox (1.0.7)
MPD16 Utility software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
National Instruments Software
Nero - Burning Rom
Norton Spyware Scan provided by Yahoo!
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA PureVideo Decoder
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
Orb
OrbThis for IE
PhotoScape
Picasa
Picasa 3
Pinnacle VideoSpin
Pod to PC, v2.33
Power Cinema
PowerDVD
PowerISO
PowerMate Driver 1.5.2
PowerProducer
ppcTunes
PSP Homebrew 9 0.8
PSP Video 9 1.73
QuickTime
RealPlayer
Realtek AC'97 Audio
Remote Control USB Driver
Retrospect 6.5
Riva FLV Encoder 2.0
River Past Video Cleaner
Safari
SBC Yahoo! Applications
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SEMC DSS SyncStation Driver
Shockwave
Simplify Media
SiS 900 PCI Fast Ethernet Adapter Driver
Skype™ 3.6
SlingPlayer
Snagit 9.1.1
SompyPlayer
Sonic Foundry 5.1 Surround Plug-In Pack 1.0
Sony DVD Architect 2.0
Sophos Anti-Virus version 3.78
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TightVNC 1.3.9
TiVo Desktop 2.6.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Driver
Videora iPod Converter 0.90
Videora TiVo Converter 0.80
Vio Video Converter 1.0
VLC media player 0.9.8a
VobSub v2.23 (Remove Only)
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Mail
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinSCP 4.1.7
XviD 1.1 final uninstall
Yahoo! extras
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar
pskelley
2009-05-07, 11:56
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 7.0 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

BitComet 0.59 <<< p2p program, see this information:
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Java 2 Runtime Environment, SE v1.4.2_06 <<< very old
Java(TM) 6 Update 11
Java(TM) 6 Update 3
All out of date and unsafe, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php


Follow the directions carefully and in the numbered order.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

(if you still have MBAM, no need to download, but make sure you update and run as instructed)

4) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks
bclouie13
2009-05-08, 20:41
hello pskelley. thank you again for your help. the computer seems to be running better after following steps 1-4. however when running Malwarebyes, the following shows up continually (tried 5 times):

Trojan.BHO - HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}

Malwarebyes Log:

Malwarebytes' Anti-Malware 1.36
Database version: 2090
Windows 5.1.2600 Service Pack 3

5/8/2009 11:38:30 AM
mbam-log-2009-05-08 (11-38-30).txt

Scan type: Quick Scan
Objects scanned: 90669
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:39 AM, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IOGear\ION\IoctlSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerMate] "C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [JaaduConnect] C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-657750371-3516429507-239927934-1008\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: ActiveHome Pro (2).lnk = C:\Program Files\ActiveHome Pro\ActiveHm.exe
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: OrbThis - {0BF88E98-7ADC-44d6-8242-0BF87CD1BC14} - C:\Program Files\ORB Networks\OrbThis for IE\OrbIE.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} (Antx Class) - http://site.x10.com/cabs/antx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241305375187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241049890125
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.0.104/NetCamPlayerWeb11gv2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Update Service (gupdate1c982a0d9b1ef28) (gupdate1c982a0d9b1ef28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\IOGear\ION\IoctlSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WavIt - Unknown owner - C:\Program Files\WavitMENU101c\TO_Drivers\WavItService.exe (file missing)
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15001 bytes
pskelley
2009-05-08, 21:37
Open notepad and copy/paste the text in the codebox below into it:


File::
c:\windows\system32\milufuro.dll

Registry::
[-HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}

[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt.

Thanks
bclouie13
2009-05-10, 21:06
hello again pskelley. i ran the CFSctipt but the following still surfaces in:

Malwarebytes: Trojan.BHO - HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}

Spybot: Fake.Security.Alert - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\zip.plugin

the ComboFix log is over 500,000 characters and exceeds the attachment limit. hall i post in in multiple postings?

here is a new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:43 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IOGear\ION\IoctlSvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brian Louie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerMate] "C:\Program Files\Griffin Technology\PowerMate\PowerMate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [JaaduConnect] C:\Program Files\Jugaari\Jaadu Connect\JaaduConnect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: ActiveHome Pro (2).lnk = C:\Program Files\ActiveHome Pro\ActiveHm.exe
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: OrbThis - {0BF88E98-7ADC-44d6-8242-0BF87CD1BC14} - C:\Program Files\ORB Networks\OrbThis for IE\OrbIE.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {001000AF-2DEF-0209-10B6-DC5BA692C858} (Antx Class) - http://site.x10.com/cabs/antx.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241305375187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241049890125
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} (NetCamPlayerWeb11gv2 Control) - http://192.168.0.104/NetCamPlayerWeb11gv2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Google Update Service (gupdate1c982a0d9b1ef28) (gupdate1c982a0d9b1ef28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\IOGear\ION\IoctlSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WavIt - Unknown owner - C:\Program Files\WavitMENU101c\TO_Drivers\WavItService.exe (file missing)
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14776 bytes
pskelley
2009-05-10, 22:19
the ComboFix log is over 500,000 characters and exceeds the attachment limit. hall i post in in multiple postings?
You may attach that file as a zip file.
Post Reply > Manage Attachments

1) Post a Spybot Report:
check for updates, run a scan, fix any problems then:
on the toolbar menu select mode and switch to advanced, on the left select tools, view report, make sure all the options are selected near the bottom except:
Uncheck[ ] do not report disabled or known legitimate Items,
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select near top-- view report, Press export, and save the log on your Desktop, post the saved log in your next reply.

2) Post the scan results from Kaspersky Online Scan:
Do an online scan with Kaspersky Online Scanner

http://www.kaspersky.com/virusscanner

1. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
2. Click on the Accept button and install any components it needs.
3. The program will install and then begin downloading the latest definition files.
4. After the files have been downloaded on the left side of the page in the Scan section select My Computer
5. This will start the program and scan your system.
6. The scan will take a while, so be patient and let it run.
7. Once the scan is complete, click on View scan report
8. Now, click on the Save Report as button.
9. Save the file to your desktop.
10. Copy and paste that information in your next post

Thanks
bclouie13
2009-05-12, 01:37
3098

hello pskelley. attached is the ComboFix log in a zip file. i will post another reply once i complete the next 2 recommended steps. thank you again.
bclouie13
2009-05-12, 02:41
3099

attached is the Spybot log.
pskelley
2009-05-12, 13:25
Ask here: http://forums.spybot.info/forumdisplay.php?f=4
or here: http://forums.spybot.info/forumdisplay.php?f=16
and this item, it may be a false positive,
Fake.SecurityAlert: [SBI $1CEE4DC2] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\zip.plugin

I do not run Chrome, but you may want to look for how to control cookies in the settings.
May be here? http://google-chrome-browser.com/feed-categories/cookies
http://blogs.zdnet.com/BTL/?p=9855

Please post the results of the Kaspersky Online Scan as soon as you have it, there is no need to attach the file, copy/paste the information.

I need a report on performance at that point also.

Thanks
bclouie13
2009-05-15, 07:38
hello pskelly. i am unable to post the Kaspersky log. i had many problems with java to actually run the program. i was able to finally run it only via firefox. however, after completion of every scan (which takes 6 hours), the view report screen stalls and will not allow me to save it to the desktop. are there any other options for me?
pskelley
2009-05-15, 14:07
Are you having malware issues at all? Other than the questionable item Spybot S&D is finding that you are going to ask the Spybot S&D experts about.

Thanks
pskelley
2009-05-21, 12:06
No response since 09-05-15, 08:07, topic is closed.

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.