View Full Version : Everything being interrupted, strange program appears and vanishes.. Help?
thedeejay
2009-10-19, 23:15
I have been having this problem for quite some time, about every 10 minutes on the dot a program will take control of the primary view of the computer for a split second, then vanish. It is annoying because even though it seems that nothing opened, it will minimize any maximized program (any full screen video game, powerpoint presentation, youtube video, just anything) and will interrupt control of whatever program you were using because the window is forced behind this one that appears. I once tried to screenshot the windows task manager at the exact moment that it happened and "verclsid.exe" and "rundll32.exe" showed up in that split second before vanishing. What could be the resolution to this program showing up every 10 minutes and interrupting nearly everything I do? Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:45 PM, on 10/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\magicBlock\magicBlock.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.esnips.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Richard\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: magicBlock.lnk = C:\Program Files\magicBlock\magicBlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224369803859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 7749 bytes
If anyone can help me, it'd be greatly appreciated. Thanks!
Hello and :welcome: to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
Looking over your log it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
Avira AntiVir Personal (http://www.free-av.de/en/download/1/avira_antivir_personal__free_antivirus.html)- Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition#tba2) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.
1 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
2 - Status Check
Please reply with
logs from RSIT (log.txt ,info.txt)
Thanks peku006
thedeejay
2009-10-22, 21:42
I actually do have an anti-virus installed, it is called "COMODO Internet Security". I have it set to scan for viruses every so often. I wonder why it does not show up? In any case, here is the log file from RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Richard at 2009-10-22 14:37:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 220 GB (46%) free of 477 GB
Total RAM: 2814 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:14 PM, on 10/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\magicBlock\magicBlock.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Richard\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Richard.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.esnips.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Richard\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: magicBlock.lnk = C:\Program Files\magicBlock\magicBlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224369803859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 7953 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\HP Usg Daily FY04.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-09 17021440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"HPHUPD06"=C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2006-01-07 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2006-01-07 659456]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2006-01-07 172032]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-10-08 1799952]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"cdloader"=C:\Documents and Settings\Richard\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-02-13 4608]
"Fraps"=C:\FRAPS\FRAPS.EXE [2008-10-02 3309224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Documents and Settings\Richard\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
magicBlock.lnk - C:\Program Files\magicBlock\magicBlock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Backup of Flash Drive\1gb Flash Drive Backup\Programs\Messengers\UPP\mirc_upp.exe"="D:\Backup of Flash Drive\1gb Flash Drive Backup\Programs\Messengers\UPP\mirc_upp.exe:*:Enabled:mIRC"
"F:\Program Files\Steam\steamapps\djrerun01\half-life 2 deathmatch\hl2.exe"="F:\Program Files\Steam\steamapps\djrerun01\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"F:\Program Files\Steam\steamapps\djrerun01\condition zero deleted scenes\hl.exe"="F:\Program Files\Steam\steamapps\djrerun01\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Program Files\Steam\Steam.exe"="F:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"F:\Program Files\Steam\steamapps\common\mass effect\MassEffectLauncher.exe"="F:\Program Files\Steam\steamapps\common\mass effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"F:\Program Files\Steam\steamapps\djrerun01\counter-strike source\hl2.exe"="F:\Program Files\Steam\steamapps\djrerun01\counter-strike source\hl2.exe:*:Enabled:hl2"
"F:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="F:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe"="C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM)"
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe"="C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe"
"C:\Program Files\Codemasters\Overlord\Overlord.exe"="C:\Program Files\Codemasters\Overlord\Overlord.exe:*:Disabled:Overlord"
"F:\Program Files\Steam\steamapps\djrerun01\age of chivalry\hl2.exe"="F:\Program Files\Steam\steamapps\djrerun01\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Steam\steamapps\djrerun01\team fortress 2\hl2.exe"="F:\Program Files\Steam\steamapps\djrerun01\team fortress 2\hl2.exe:*:Enabled:hl2"
"F:\Program Files\Steam\steamapps\djrerun01\source sdk base\hl2.exe"="F:\Program Files\Steam\steamapps\djrerun01\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"F:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe"="F:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Documents and Settings\All Users\Application Data\ijjigame\PLauncher.exe"="C:\Documents and Settings\All Users\Application Data\ijjigame\PLauncher.exe:*:Enabled:PLauncher Application"
"F:\Program Files\Steam\steamapps\cali4nyuh\half-life 2 deathmatch\hl2.exe"="F:\Program Files\Steam\steamapps\cali4nyuh\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"F:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe"="F:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
"C:\Documents and Settings\Richard\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Richard\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Documents and Settings\RCHERY - Edison\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\RCHERY - Edison\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"F:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe"="F:\Program Files\Steam\steamapps\common\crayon physics deluxe\launcher.exe:*:Enabled:Crayon Physics Deluxe"
"F:\Program Files\Steam\steamapps\common\beyond good and evil\CheckApplication.exe"="F:\Program Files\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good and Evil"
"F:\Program Files\Steam\steamapps\common\gish\gish.exe"="F:\Program Files\Steam\steamapps\common\gish\gish.exe:*:Enabled:Gish"
"F:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe"="F:\Program Files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:*:Enabled:Fallout 3"
"F:\Program Files\Steam\steamapps\common\sacred gold\Sacred.exe"="F:\Program Files\Steam\steamapps\common\sacred gold\Sacred.exe:*:Enabled:Sacred Gold"
"F:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe"="F:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect"
"F:\Program Files\Steam\steamapps\common\gravitron2\Gravitron2.exe"="F:\Program Files\Steam\steamapps\common\gravitron2\Gravitron2.exe:*:Enabled:Gravitron 2"
"F:\Program Files\Steam\steamapps\common\tomb raider anniversary\tra.exe"="F:\Program Files\Steam\steamapps\common\tomb raider anniversary\tra.exe:*:Enabled:Tomb Raider: Anniversary"
"F:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe"="F:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense"
"F:\Program Files\Steam\steamapps\common\mount and blade\runme.exe"="F:\Program Files\Steam\steamapps\common\mount and blade\runme.exe:*:Enabled:Mount and Blade"
"F:\Program Files\Steam\steamapps\common\xcom enforcer\System\XCom.exe"="F:\Program Files\Steam\steamapps\common\xcom enforcer\System\XCom.exe:*:Enabled:X-COM: Enforcer"
"F:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe"="F:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus"
"F:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe"="F:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Penumbra.exe:*:Enabled:Penumbra: Black Plague"
"F:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX9.exe"="F:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX9.exe:*:Enabled:Lost Planet: Extreme Condition"
"F:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX10.exe"="F:\Program Files\Steam\steamapps\common\lost planet extreme condition\LostPlanetDX10.exe:*:Enabled:Lost Planet: Extreme Condition"
"F:\Program Files\Steam\steamapps\common\alien shooter demo\AlienShooterDemo.exe"="F:\Program Files\Steam\steamapps\common\alien shooter demo\AlienShooterDemo.exe:*:Enabled:Alien Shooter Demo"
"F:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe"="F:\Program Files\Steam\steamapps\common\penumbra black plague\redist\Requiem.exe:*:Enabled:Penumbra: Requiem"
"F:\Program Files\Steam\steamapps\common\alien shooter revisited demo\AlienShooter.exe"="F:\Program Files\Steam\steamapps\common\alien shooter revisited demo\AlienShooter.exe:*:Enabled:Alien Shooter Revisited Demo"
"F:\Program Files\Steam\steamapps\common\nation red demo\NationRed.exe"="F:\Program Files\Steam\steamapps\common\nation red demo\NationRed.exe:*:Enabled:Nation Red Demo"
"F:\Program Files\Steam\steamapps\common\lumines\lumines.exe"="F:\Program Files\Steam\steamapps\common\lumines\lumines.exe:*:Enabled:Lumines Advanced Pack"
"F:\Program Files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe"="F:\Program Files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe"="F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe:*:Enabled:Street Fighter IV"
"F:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe"="F:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture"
"F:\Program Files\Steam\steamapps\common\everyday shooter\EverydayShooter.exe"="F:\Program Files\Steam\steamapps\common\everyday shooter\EverydayShooter.exe:*:Enabled:Everyday Shooter"
"F:\Program Files\Steam\steamapps\common\unreal tournament\System\UnrealTournament.exe"="F:\Program Files\Steam\steamapps\common\unreal tournament\System\UnrealTournament.exe:*:Enabled:Unreal Tournament"
"F:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCry.exe"="F:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"F:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe"="F:\Program Files\Steam\steamapps\common\farcry\Bin32\FarCryConfigurator.exe:*:Enabled:Far Cry"
"F:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe"="F:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"F:\Program Files\Steam\steamapps\djrerun01\darwinia\darwinia.exe"="F:\Program Files\Steam\steamapps\djrerun01\darwinia\darwinia.exe:*:Enabled:Darwinia"
"F:\Program Files\Steam\steamapps\common\ultimate doom\ultimate.bat"="F:\Program Files\Steam\steamapps\common\ultimate doom\ultimate.bat:*:Enabled:Ultimate Doom"
"F:\Program Files\Steam\steamapps\common\blueberry garden\BlueberryGarden.exe"="F:\Program Files\Steam\steamapps\common\blueberry garden\BlueberryGarden.exe:*:Enabled:Blueberry Garden"
"F:\Program Files\Steam\steamapps\common\rip\RIP\RIP.exe"="F:\Program Files\Steam\steamapps\common\rip\RIP\RIP.exe:*:Enabled:RIP"
"F:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="F:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
"F:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe"="F:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia"
"F:\Program Files\Steam\steamapps\common\assassins creed\AssassinsCreed_Game.exe"="F:\Program Files\Steam\steamapps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed"
"F:\Program Files\Steam\steamapps\common\sacred gold\GameServer.exe"="F:\Program Files\Steam\steamapps\common\sacred gold\GameServer.exe:*:Enabled:Sacred Gameserver"
"F:\Program Files\Steam\steamapps\common\mrrobot\MrRobot.exe"="F:\Program Files\Steam\steamapps\common\mrrobot\MrRobot.exe:*:Enabled:Mr. Robot Demo"
"F:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe"="F:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\Steam\steamapps\common\unreal gold\System\Unreal.exe"="F:\Program Files\Steam\steamapps\common\unreal gold\System\Unreal.exe:*:Enabled:Unreal Gold"
"F:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="F:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"F:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe"="F:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\autorun.exe
shell\phone\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{107adff9-a7aa-11dd-9603-001217a0da98}]
shell\AutoRun\command - J:\autorun.exe
shell\phone\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66a1a0c6-9d5a-11dd-bc46-001217a0da98}]
shell\AutoRun\command - G:\OblivionLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94d461eb-ffca-11dd-965b-001217a0da98}]
shell\AutoRun\command - J:\autorun.exe
shell\phone\command - J:\autorun.exe
======List of files/folders created in the last 3 months======
2009-10-19 16:06:13 ----D---- C:\Program Files\ERUNT
2009-10-15 18:54:16 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-02 20:14:16 ----D---- C:\Program Files\Microsoft
2009-09-28 22:20:17 ----D---- C:\Program Files\NVIDIA Corporation
2009-09-28 22:20:12 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-09-28 22:19:55 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-09-28 22:19:42 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-09-26 21:52:28 ----D---- C:\Documents and Settings\Richard\Application Data\fltk.org
2009-09-25 12:41:28 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-09-25 12:41:26 ----A---- C:\WINDOWS\system32\divx_xx16.dll
2009-09-25 12:41:26 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-09-25 12:41:26 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-09-25 12:41:26 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-09-25 12:41:26 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-09-25 12:41:26 ----A---- C:\WINDOWS\system32\DivX.dll
2009-09-21 11:42:22 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-09-18 13:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2009-09-18 13:11:37 ----D---- C:\Program Files\McAfee Security Scan
2009-09-15 21:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-15 21:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-15 21:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-04 01:15:05 ----D---- C:\Documents and Settings\Richard\Application Data\NationRed
2009-08-27 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-08-17 03:03:44 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-08-17 03:03:38 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-08-17 03:03:22 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-08-17 03:03:02 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-08-17 03:02:52 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-08-14 03:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 03:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:01:12 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-12 22:33:45 ----D---- C:\Documents and Settings\Richard\Application Data\The Path
2009-08-12 19:12:27 ----D---- C:\Program Files\ZenoClash
2009-08-09 16:23:08 ----D---- C:\Program Files\Trine
2009-08-08 03:50:59 ----A---- C:\WINDOWS\imsins.BAK
2009-08-08 03:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-07 19:51:54 ----A---- C:\WINDOWS\system32\xlivefnt.dll
2009-08-07 19:51:54 ----A---- C:\WINDOWS\system32\xlive.dll
2009-08-07 19:51:34 ----A---- C:\WINDOWS\system32\xlive.dll.cat
2009-08-07 03:04:11 ----D---- C:\9e2d5ffbda8c6064c4ff0f5b8fb931
2009-08-07 03:03:55 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-05 04:28:39 ----D---- C:\wf
2009-08-01 20:14:46 ----A---- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
2009-08-01 19:45:07 ----D---- C:\ijji
2009-08-01 19:45:07 ----D---- C:\Documents and Settings\Richard\Application Data\ijjigame
2009-08-01 19:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\ijjigame
2009-08-01 19:32:57 ----A---- C:\WINDOWS\system32\PubPlugin.dll
2009-08-01 19:32:57 ----A---- C:\WINDOWS\system32\ijjiSetup.exe
2009-08-01 19:32:57 ----A---- C:\WINDOWS\system32\ijjiPlugin2.dll
2009-08-01 19:32:56 ----D---- C:\Program Files\NHN USA
2009-08-01 19:32:56 ----A---- C:\WINDOWS\system32\ijjiProcessRestarter.exe
2009-07-29 22:13:06 ----D---- C:\Documents and Settings\Richard\Application Data\Hamachi
2009-07-29 22:12:33 ----D---- C:\Program Files\Hamachi
2009-07-29 17:51:35 ----D---- C:\Program Files\THQ
2009-07-27 10:58:22 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2009-07-27 10:58:11 ----D---- C:\Program Files\Illustrate
2009-07-26 16:44:56 ----A---- C:\WINDOWS\system32\sirenacm.dll
======List of files/folders modified in the last 3 months======
2009-10-22 14:37:05 ----D---- C:\Documents and Settings\Richard\Application Data\uTorrent
2009-10-22 14:32:54 ----D---- C:\WINDOWS\Prefetch
2009-10-22 14:03:03 ----D---- C:\Fraps
2009-10-22 13:52:09 ----D---- C:\Program Files\Mozilla Firefox
2009-10-20 13:44:09 ----D---- C:\WINDOWS\Temp
2009-10-19 16:06:30 ----D---- C:\WINDOWS\ERDNT
2009-10-19 16:06:13 ----D---- C:\Program Files
2009-10-19 15:49:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-19 15:49:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-19 09:19:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-15 18:55:24 ----D---- C:\Program Files\DivX
2009-10-15 18:54:23 ----D---- C:\WINDOWS\system32
2009-10-15 18:54:20 ----SHD---- C:\WINDOWS\Installer
2009-10-15 18:54:20 ----HD---- C:\Config.Msi
2009-10-15 18:54:20 ----D---- C:\WINDOWS\WinSxS
2009-10-15 18:54:16 ----D---- C:\Program Files\Common Files
2009-10-15 18:32:17 ----D---- C:\WINDOWS
2009-10-14 22:08:10 ----D---- C:\Program Files\Windows Live Safety Center
2009-10-14 22:08:09 ----HD---- C:\WINDOWS\inf
2009-10-08 11:12:59 ----A---- C:\WINDOWS\system32\guard32.dll
2009-10-02 03:20:47 ----D---- C:\WINDOWS\Help
2009-10-02 03:12:41 ----D---- C:\Program Files\HP
2009-10-01 01:43:46 ----D---- C:\WINDOWS\Debug
2009-09-28 22:19:57 ----D---- C:\WINDOWS\system32\dllcache
2009-09-28 22:19:51 ----D---- C:\WINDOWS\system32\drivers
2009-09-28 22:19:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-28 22:18:40 ----D---- C:\NVIDIA
2009-09-28 00:17:53 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2009-09-28 00:17:53 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2009-09-28 00:17:53 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2009-09-27 23:17:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 20:10:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-15 21:44:44 ----D---- C:\Documents and Settings\Richard\Application Data\mjusbsp
2009-09-15 21:44:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-05 09:42:05 ----D---- C:\WINDOWS\system32\DirectX
2009-09-04 01:14:18 ----RSD---- C:\WINDOWS\assembly
2009-08-21 20:12:40 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-13 11:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-13 03:21:42 ----D---- C:\WINDOWS\system32\Setup
2009-08-13 03:01:22 ----D---- C:\Program Files\Outlook Express
2009-08-13 00:00:02 ----D---- C:\Documents and Settings\Richard\Application Data\skypePM
2009-08-10 19:39:20 ----D---- C:\Documents and Settings\Richard\Application Data\Skype
2009-08-10 12:57:29 ----D---- C:\Documents and Settings\Richard\Application Data\Crayon Physics Deluxe
2009-08-08 03:39:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-07 03:08:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 03:05:12 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-07 03:05:09 ----D---- C:\WINDOWS\system32\en-US
2009-08-07 03:05:02 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 03:02:05 ----D---- C:\Program Files\Internet Explorer
2009-08-06 00:01:39 ----D---- C:\WINDOWS\Minidump
2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-02 19:39:34 ----A---- C:\roster layout.txt
2009-08-01 19:32:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-29 22:12:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-29 22:04:58 ----D---- C:\TEMP
2009-07-29 21:15:05 ----D---- C:\Documents and Settings\Richard\Application Data\Ventrilo
2009-07-29 03:01:11 ----D---- C:\WINDOWS\ie7updates
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-10-08 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-10-08 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-10 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-10 18048]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.0.0; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-05-26 15781]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-01 60800]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-29 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4879360]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-01 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 al9g9c79;al9g9c79; C:\WINDOWS\system32\drivers\al9g9c79.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 mr97310c;CIF Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2008-05-14 107904]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-10-08 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S2 WUSB54GSSVC;WUSB54GSSVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [2006-01-07 77824]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\hpboid.exe [2006-01-07 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
And here is the info file from RSIT:
info.txt logfile of random's system information tool 1.05 2009-01-06 20:46:30
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE C:\WINDOWS\system32\Adobe\Shockwave 11\Install.log
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Arcanum-->MsiExec.exe /I{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf-->"F:\Program Files\Steam\steam.exe" steam://uninstall/12900
Bejeweled Deluxe Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/3352
Bioshock-->"F:\Program Files\Steam\steam.exe" steam://uninstall/7670
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conflict: Denied Ops Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/8090
Darwinia-->"F:\Program Files\Steam\steam.exe" steam://uninstall/1500
Dawn of War: Soulstorm Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/9440
Dedicated Server-->"F:\Program Files\Steam\steam.exe" steam://uninstall/5
Defcon Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/1522
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EasyRecovery Professional Edition-->C:\Program Files\Ontrack\EasyRecovery\uninstal.exe C:\Program Files\Ontrack\EasyRecovery
Fallout 3-->"F:\Program Files\Steam\steam.exe" steam://uninstall/22300
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Heavy Weapon Deluxe-->"F:\Program Files\Steam\steam.exe" steam://uninstall/3410
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
I-Fluid-->"F:\Program Files\Steam\steam.exe" steam://uninstall/23200
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
Insurgency-->"F:\Program Files\Steam\steam.exe" steam://uninstall/17700
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
JGsoft HelpScribble DEMO 7.7.5-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\HelpScribble\Deploy.log"
Left 4 Dead Dedicated Server-->"F:\Program Files\Steam\steam.exe" steam://uninstall/510
Left 4 Dead-->"F:\Program Files\Steam\steam.exe" steam://uninstall/500
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Medieval II: Total War Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/4710
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft .NET Framework SDK (English) 1.1-->MsiExec.exe /X{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->"D:\Backup of Flash Drive\1gb Flash Drive Backup\Programs\Messengers\UPP\mirc_upp.exe" -uninstall
Mount and Blade Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/22110
Mount and Blade-->"F:\Program Files\Steam\steam.exe" steam://uninstall/22100
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multiwinia Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/1540
MY CAMERA-->MsiExec.exe /I{388887F6-0661-4C80-B272-A6A23EFC7A31}
NBA 2K9 Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/7790
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
osu!-->"C:\WINDOWS\osu!\uninstall.exe" "/U:C:\Program Files\osu!\Uninstall\uninstall.xml"
Overlord Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/11470
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Poker Superstars II Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/4102
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Richard Garriott's Tabula Rasa-->C:\Program Files\InstallShield Installation Information\{D44EDF4A-18AB-468E-8508-8A1C326079F1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STALKER: Shadow of Chernobyl-->"F:\Program Files\Steam\steam.exe" steam://uninstall/4500
Sven Co-op 4.0B-->C:\WINDOWS\unvise32.exe f:\program files\steam\steamapps\djrerun01\half-life\SvenCoop\uninstal.log
Tomb Raider: Underworld Demo-->"F:\Program Files\Steam\steam.exe" steam://uninstall/8150
Unreal Gold-->"F:\Program Files\Steam\steam.exe" steam://uninstall/13250
Unreal II: The Awakening-->"F:\Program Files\Steam\steam.exe" steam://uninstall/13200
Unreal Tournament 2004-->"F:\Program Files\Steam\steam.exe" steam://uninstall/13230
Unreal Tournament 3-->"F:\Program Files\Steam\steam.exe" steam://uninstall/13210
Unreal Tournament-->"F:\Program Files\Steam\steam.exe" steam://uninstall/13240
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\mr97310c_79B33283BA293E6C94E125BCE27E0ECDED0A2591\mr97310c.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\Messenger\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\Messenger\INSTALL.LOG
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free (disabled) (outdated)
AV: ZoneAlarm Security Suite Antivirus (outdated)
FW: ZoneAlarm Security Suite Firewall
System event log
Computer Name: URBAN-879C89476
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.
Record Number: 9415
Source Name: Service Control Manager
Time Written: 20081230104709.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: URBAN-879C89476
Event Code: 7035
Message: The GTNDIS5 NDIS Protocol Driver service was successfully sent a start control.
Record Number: 9414
Source Name: Service Control Manager
Time Written: 20081230104705.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: URBAN-879C89476
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.
Record Number: 9413
Source Name: Service Control Manager
Time Written: 20081230104703.000000-300
Event Type: information
User:
Computer Name: URBAN-879C89476
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.
Record Number: 9412
Source Name: Service Control Manager
Time Written: 20081230104703.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: URBAN-879C89476
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.
Record Number: 9411
Source Name: Service Control Manager
Time Written: 20081230104701.000000-300
Event Type: information
User:
Application event log
Computer Name: URBAN-879C89476
Event Code: 700
Message: MsnMsgr (1960) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Messenger\richathomeez25@hotmail.com\SharingMetadata\Working\database_8438_ADF9_38AD_E9FE\dfsr.db'.
Record Number: 1198
Source Name: ESENT
Time Written: 20081129060005.000000-300
Event Type: information
User:
Computer Name: URBAN-879C89476
Event Code: 701
Message: MsnMsgr (1960) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Messenger\richathomeez25@hotmail.com\SharingMetadata\Working\database_8438_ADF9_38AD_E9FE\dfsr.db'.
Record Number: 1197
Source Name: ESENT
Time Written: 20081129050005.000000-300
Event Type: information
User:
Computer Name: URBAN-879C89476
Event Code: 700
Message: MsnMsgr (1960) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Messenger\richathomeez25@hotmail.com\SharingMetadata\Working\database_8438_ADF9_38AD_E9FE\dfsr.db'.
Record Number: 1196
Source Name: ESENT
Time Written: 20081129050005.000000-300
Event Type: information
User:
Computer Name: URBAN-879C89476
Event Code: 701
Message: MsnMsgr (1960) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Messenger\richathomeez25@hotmail.com\SharingMetadata\Working\database_8438_ADF9_38AD_E9FE\dfsr.db'.
Record Number: 1195
Source Name: ESENT
Time Written: 20081129040005.000000-300
Event Type: information
User:
Computer Name: URBAN-879C89476
Event Code: 700
Message: MsnMsgr (1960) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Messenger\richathomeez25@hotmail.com\SharingMetadata\Working\database_8438_ADF9_38AD_E9FE\dfsr.db'.
Record Number: 1194
Source Name: ESENT
Time Written: 20081129040005.000000-300
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
-----------------EOF-----------------
I hope that this is sufficient enough to move on to the next step. Thank you for your help :)
Hi thedeejay
Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe) ... by screen317. Save it to your desktop.
Alternate download site: Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.
Thanks peku006
thedeejay
2009-10-23, 02:05
This is what I got from the program, the checkup.txt:
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.
`````````End of Log```````````
Wonder what it means...
Hi thedeejay
I actually do have an anti-virus installed, it is called "COMODO Internet Security
do not see any traces of COMODO Internet Security Anti-Virus
info.txt :
======Security center information======
AV: AVG Anti-Virus Free (disabled) (outdated)
AV: ZoneAlarm Security Suite Antivirus (outdated)
FW: ZoneAlarm Security Suite Firewall
the checkup.txt:
Windows Firewall Enabled!
McAfee Security Scan
Antivirus out of date! (On Access scanning disabled!)
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.
Antivirus
You have AVG, ZoneAlarm Security Suite Antivirus and McAfee Security Scan Antivirus
Firewall
You have ZoneAlarm Security Suite Firewall ,Comodo Firewall and Windows Firewall
have you tried to uninstall some of those programs.............what do you want to use
thedeejay
2009-10-23, 17:06
Wow, I wonder why there are traces of those other programs.. I don't even remember installing them. Maybe that's what I get for sharing a computer.. Anyways.
I am unsure why the anti-virus properties in Comodo aren't showing up, but it is there and it does work (to my knowledge). It has caught three minor viruses before. The firewall definitely works, as it pops up to inquire about programs when I am installing and such.
I think I will keep it (Comodo) and get rid of the others, as I have no idea where they came from. I will wait until your next post to do any uninstalling.
Hi
You can use these:
Zone Alarm Removal Tool (http://download.zonealarm.com/bin/free/support/cpes_clean.exe)
Run it to remove Zone Alarm. After this, please restart your computer.
============================================
McAfee Removal Tool (http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe)
Run it to remove McAfee. After this, please restart your computer.
============================================
AVG Removal Tool (http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe)
Run it to remove AVG. After this, please restart your computer
============================================
Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.
Thanks peku006
thedeejay
2009-10-24, 06:39
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.
`````````End of Log```````````
Hi thedeejay
your checkup.txt.......it does not look good :sad:
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus out of date! (On Access scanning disabled!)
please disable Windows Firewall.
How can I turn on or turn off the firewall in Windows XP (http://support.microsoft.com/kb/283673)
Please update and re-enable your AntiVirus Software
After that, Reboot.
Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.
Thanks peku006
thedeejay
2009-10-26, 01:20
Although it doesn't seem to say it in this report, I assure you that the Comodo Anti-Virus that is within the Comodo Internet security program is working fine. Then again, what do I know on a technician's level on the situation? Here is the checkup.txt:
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.
`````````End of Log```````````
Hi thedeejay
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
3 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC
Thanks peku006
thedeejay
2009-10-28, 09:25
Sorry for the delay, but I will have to post the follow up within the next 24 hours. Exams at college have been pretty intense lately, so have not been able to post in a while. Please bear with me, as I will post the logs after class :) And thanks again for all the help!
thedeejay
2009-10-29, 18:54
Ok, here is my malwarebytes log:
Malwarebytes' Anti-Malware 1.41
Database version: 3030
Windows 5.1.2600 Service Pack 2
10/29/2009 12:31:19 PM
mbam-log-2009-10-29 (12-31-15).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 798170
Time elapsed: 2 hour(s), 34 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Blueberry Garden\Uninstall.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Documents and Settings\Richard\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
F:\Program Files\AAS\Lounge Lizard 3.0\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
F:\Program Files\Arturia\Moog Modular V 2\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
F:\Program Files\Image-Line\Shared\DSP_IPP\Uninstall.exe (Rootkit.Agent) -> No action taken.
F:\Program Files\VstPlugins\ESSv1.0\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
After this log was taken, I hit remove all. Now here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:18 PM, on 10/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\magicBlock\magicBlock.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\YUPDATER.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.esnips.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Richard\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: magicBlock.lnk = C:\Program Files\magicBlock\magicBlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224369803859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 8065 bytes
Hi
1 - Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
Go to Java Site (http://java.sun.com/javase/downloads/index.jsp)
Click to Download Java SE Runtime Environment (JRE) 6 Update 16
In Platform box choose Windows.
Check the box to Accept License Agreement and click Continue.
Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586-p.exe" and save the downloaded file to your desktop.
Go to Start => Control Panel => Add or Remove Programs
Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
Reboot your computer
2 - Clean temp files
Please download ATF Cleaner by Atribune. (http://www.atribune.org/ccount/click.php?id=1)
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords
please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords
please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support double-click the e-mail address located at the bottom of each menu.
3 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Thanks peku006
thedeejay
2009-11-01, 00:32
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 31, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 30, 2009 23:51:54
Records in database: 3106459
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
L:\
Scan statistics:
Objects scanned: 697445
Threats found: 15
Infected objects found: 54
Suspicious objects found: 1
Scan duration: 17:15:19
File name / Threat / Threats count
D:\Backup of Flash Drive\1gb Flash Drive Backup\Programs\Messengers\UPP\mirc_upp.exe/D:\Backup of Flash Drive\1gb Flash Drive Backup\Programs\Messengers\UPP\mirc_upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\drdoom\CharSffDtoW.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\Psylocke\CharSffDtoW.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\Psylocke\dos2win.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\sabretooth\charsffdtow.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\sabretooth\dos2win.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\Psylocke\CharSffDtoW.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\Psylocke\dos2win.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\sabretooth\charsffdtow.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\sabretooth\dos2win.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\M.U.G.E.N.exe Infected: Trojan.Win32.Chifrax.d 1
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\WORKING mugen MVC3 with 115 characters.rar Infected: Trojan.Win32.Chifrax.d 6
C:\UPP\mirc_upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\Backup of Flash Drive\1gb Flash Drive Backup\Programs\Messengers\UPP\mirc_upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\External Backup\DICE\FireFox Download\upp_2.00_final_[2005.01.28](2).zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\External Backup\DICE\FireFox Download\upp_2.00_final_[2005.01.28].zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\External Backup\Games\Incredible\Goodfruitpunch'sBypassedCE.rar Infected: Backdoor.Win32.HacDef.hu 1
D:\External Backup\Games\Incredible\Goodfruitpunch'sBypassedCE.rar Infected: Trojan-GameThief.Win32.Nilage.apk 1
D:\External Backup\Games\MOVE\SORT OUT\Hacking programs with Tutorials.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
D:\External Backup\Games\MOVE\SORT OUT\Hacking programs with Tutorials.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1
D:\External Backup\Games\MOVE\SORT OUT\Kronia.exe Infected: not-a-virus:RiskTool.Win32.VB.h 1
D:\External Backup\NEW UPP\UPP\mirc_upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\External Backup\NEW UPP\UPP\upp_2.00_final_[2005.01.28].zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\External Backup\START\Frank's Shit\Downloads\kf141.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2
D:\External Backup\UPP\mirc_upp.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\External Backup\WINDOWS\system32\h323msp.dll Suspicious: Packed.Win32.Morphine.a 1
D:\Image Editing\40 Adobe Photoshop CS3 Plugins [TMTS][CYANIDE]\40 Adobe Photoshop CS3 Plug-ins [TMTS][CYANIDE].iso Infected: Trojan.Win32.Genome.pzn 4
D:\TREKSTOR backup\Ebay Ebooks Scripts Tools Latest 2007 plus 300 Auction Templates.rar Infected: Trojan-Spy.Win32.KeyLogger.cb 11
D:\TREKSTOR backup\Ebay Ebooks Scripts Tools Latest 2007 plus 300 Auction Templates.rar Infected: Trojan-Spy.Win32.KeyLogger.dp 3
D:\TREKSTOR backup\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.Win32.TCPScan.bt 1
D:\TREKSTOR backup\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.MSIL.Sniffer.a 1
D:\TREKSTOR backup\Your_Uninstaller_2008_PRO_v6.1.1236_by_shanu\Your_Uninstaller_2008_PRO_v6.1.1236 by shanu\yu2008setup.exe Infected: Trojan.Win32.Buzus.cdd 1
F:\Documents and Settings\Deejay\Desktop\From Drive\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.Win32.TCPScan.bt 1
F:\Documents and Settings\Deejay\Desktop\From Drive\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.MSIL.Sniffer.a 1
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:54 PM, on 10/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\magicBlock\magicBlock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.esnips.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Richard\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: magicBlock.lnk = C:\Program Files\magicBlock\magicBlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224369803859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 7648 bytes
Hi thedeejay
what purpose do you need those
Hacking programs with Tutorials.rar
NetTools5.0.70
thedeejay
2009-11-01, 16:01
I don't think I need them at all. They both seem to be in folders that were backups of the external hard drives me and my friends used to share back when our computers weren't up to the task of saving them. I don't really know what they are, or if I was told what they are I don't remember what their purpose is. They can be deleted.
Hi thedeejay
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Download and run OTM
Download OTM (http://oldtimer.geekstogo.com/OTM.exe) by Old Timer and save it to your Desktop.
Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.
:Files
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\drdoom\CharSffDtoW.exe
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\Psylocke\CharSffDtoW.exe
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\Psylocke\dos2win.exe
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\sabretooth\charsffdtow.exe
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\sabretooth\dos2win.exe I
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\Psylocke\CharSffDtoW.exe
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\Psylocke\dos2win.exe
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\sabretooth\charsffdtow.exe
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\sabretooth\dos2win.exe
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\M.U.G.E.N.exe
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\WORKING mugen MVC3 with 115 characters.rar
D:\External Backup\Games\Incredible\Goodfruitpunch'sBypassedCE.rar
D:\External Backup\Games\Incredible\Goodfruitpunch'sBypassedCE.rar
D:\External Backup\Games\MOVE\SORT OUT\Hacking programs with Tutorials.rar
D:\External Backup\Games\MOVE\SORT OUT\Hacking programs with Tutorials.rar
D:\External Backup\Games\MOVE\SORT OUT\Kronia.exe
D:\External Backup\START\Frank's Shit\Downloads\kf141.zip
D:\External Backup\WINDOWS\system32\h323msp.dll
D:\Image Editing\40 Adobe Photoshop CS3 Plugins [TMTS][CYANIDE]\40 Adobe Photoshop CS3 Plug-ins [TMTS][CYANIDE].iso
D:\TREKSTOR backup\Ebay Ebooks Scripts Tools Latest 2007 plus 300 Auction Templates.rar
D:\TREKSTOR backup\Ebay Ebooks Scripts Tools Latest 2007 plus 300 Auction Templates.rar
D:\TREKSTOR backup\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.Win32.TCPScan.bt 1
D:\TREKSTOR backup\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.MSIL.Sniffer.a 1
D:\TREKSTOR backup\Your_Uninstaller_2008_PRO_v6.1.1236_by_shanu\Your_Uninstaller_2008_PRO_v6.1.1236 by shanu\yu2008setup.exe
F:\Documents and Settings\Deejay\Desktop\From Drive\NetTools5.0.70\Setup.exe
F:\Documents and Settings\Deejay\Desktop\From Drive\NetTools5.0.70\Setup.exe
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Thanks peku006
thedeejay
2009-11-02, 00:45
========== FILES ==========
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\drdoom\CharSffDtoW.exe moved successfully.
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\Psylocke\CharSffDtoW.exe moved successfully.
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\Psylocke\dos2win.exe moved successfully.
C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\sabretooth\charsffdtow.exe moved successfully.
File/Folder C:\Documents and Settings\Richard\Desktop\Sorting Folder\Installers and Archives\ZIP files\MVC3\Mugen\chars\sabretooth\dos2win.exe I not found.
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\Psylocke\CharSffDtoW.exe moved successfully.
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\Psylocke\dos2win.exe moved successfully.
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\sabretooth\charsffdtow.exe moved successfully.
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\chars\sabretooth\dos2win.exe moved successfully.
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\Marvel vs Capcom 3\M.U.G.E.N.exe moved successfully.
C:\Documents and Settings\Richard\My Documents\Downloads\MVC3\WORKING mugen MVC3 with 115 characters.rar moved successfully.
D:\External Backup\Games\Incredible\Goodfruitpunch'sBypassedCE.rar moved successfully.
File/Folder D:\External Backup\Games\Incredible\Goodfruitpunch'sBypassedCE.rar not found.
D:\External Backup\Games\MOVE\SORT OUT\Hacking programs with Tutorials.rar moved successfully.
File/Folder D:\External Backup\Games\MOVE\SORT OUT\Hacking programs with Tutorials.rar not found.
D:\External Backup\Games\MOVE\SORT OUT\Kronia.exe moved successfully.
D:\External Backup\START\Frank's Shit\Downloads\kf141.zip moved successfully.
LoadLibrary failed for D:\External Backup\WINDOWS\system32\h323msp.dll
D:\External Backup\WINDOWS\system32\h323msp.dll NOT unregistered.
D:\External Backup\WINDOWS\system32\h323msp.dll moved successfully.
D:\Image Editing\40 Adobe Photoshop CS3 Plugins [TMTS][CYANIDE]\40 Adobe Photoshop CS3 Plug-ins [TMTS][CYANIDE].iso moved successfully.
D:\TREKSTOR backup\Ebay Ebooks Scripts Tools Latest 2007 plus 300 Auction Templates.rar moved successfully.
File/Folder D:\TREKSTOR backup\Ebay Ebooks Scripts Tools Latest 2007 plus 300 Auction Templates.rar not found.
File/Folder D:\TREKSTOR backup\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.Win32.TCPScan.bt 1 not found.
File/Folder D:\TREKSTOR backup\NetTools5.0.70\Setup.exe Infected: not-a-virus:NetTool.MSIL.Sniffer.a 1 not found.
D:\TREKSTOR backup\Your_Uninstaller_2008_PRO_v6.1.1236_by_shanu\Your_Uninstaller_2008_PRO_v6.1.1236 by shanu\yu2008setup.exe moved successfully.
F:\Documents and Settings\Deejay\Desktop\From Drive\NetTools5.0.70\Setup.exe moved successfully.
File/Folder F:\Documents and Settings\Deejay\Desktop\From Drive\NetTools5.0.70\Setup.exe not found.
OTM by OldTimer - Version 3.0.0.6 log created on 11012009_174431
Hi thedeejay
Please post a new HijackThis log
How's the computer running now?
Thanks peku006
thedeejay
2009-11-05, 18:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:21 AM, on 11/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\magicBlock\magicBlock.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\VirtualDub\VirtualDub.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.esnips.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Richard\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: magicBlock.lnk = C:\Program Files\magicBlock\magicBlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224369803859
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 7738 bytes
The computer is running great now, tested it last night. No programs are showing up and knocking it into minimized anymore. Whatever it was that was doing it, it got taken out along with a lot of other problems that I was unaware of. Thank you so much for the help, a real pro :D :thanks:
Hi thedeejay
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. Viewpoint to Plunge Into Adware (http://www.clickz.com/showPage.html?page=3561546).
I recommend that you remove the Viewpoint products; however, decide for yourself.
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Delete SecurityCheck.exe from your desktop.
Double-click OTM.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913).
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb: