PDA

View Full Version : malware?



aeneas3
2010-03-02, 00:01
greetings. Hope that everyone is having a great day. I have noticed that my laptop has had slow browsing at times. I have also noted that sometimes wordpad freezes. Also at other times my tabs will freeze so that I can hover over something but not click a link. This happens in all browsers, but I use chrome the most. I do get a lot of "shockwave plugin has become unresponsive errors" as well. Tried uninstalling/reboot/reinstalling shockwave to no avail.
anyway, I think the root of the problem is malware.
I had spybot s&d but recently was able to get a free full version of trend micro internet security thru a recent promo.
thanks for your help please let me know if I can give more information.

pc
windows xp sp 3, latest updates

here is my HJT log
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:50:33 PM, on 3/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080328
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series (Copy 1) on YOWPAS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series (Copy 1) on YOWPAS" /O17 "\\YOWPAS\Printer5" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207167158820
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A95E5F-1F11-4DE3-9375-43C369582FF6}: NameServer = 209.193.72.2,209.193.68.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 18534 bytes

aeneas3
2010-03-02, 15:44
if someone could append this to my post it would be great but I felt it was important for me to post.


i am not bumping this but instead had a development last night right before bed.
My AVG resident shield fired a warning stating that it had an alert for me. It detected the following:
infection object result
Trojan horse IRC/BackDoor.Sdbot4.QBU c:\program files\gpotato\flyff\flyff.exe
(listed it x3)

So I am not going to do anything more until someone has a chance to advise me. thank you again.

sorry for the additional post again, but it was relevant.
if someone could merge please, thank you.

ken545
2010-03-02, 17:02
Hello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

No need to merge anything , just reply to this thread only and don't start any new topics.

You should only have one Anti virus program, more than one is overkill and will cause issues. Go to your Add Remove Programs in the Control Panel and uninstall either AVG or Trendmicro.



Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please

aeneas3
2010-03-02, 19:06
thank you.
avg uninstalled :)

Malwarebytes' Anti-Malware 1.44
Database version: 3814
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/2/2010 12:00:36 PM
mbam-log-2010-03-02 (12-00-36).txt

Scan type: Quick Scan
Objects scanned: 123374
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HJT
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:05:15 PM, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080328
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series (Copy 1) on YOWPAS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series (Copy 1) on YOWPAS" /O17 "\\YOWPAS\Printer5" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATABXAEUAMwAtAFYASgAzAEsASA"&"inst=NwA5AC0AOQA5ADMAMgA2ADUAMQAtAFQANQAtAEI"&"prod=90"&"ver=9.0.733
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207167158820
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3A95E5F-1F11-4DE3-9375-43C369582FF6}: NameServer = 209.193.72.2,209.193.68.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 17343 bytes


thanks again.

ken545
2010-03-02, 19:14
Open notepad and then copy and paste the bolded lines below into Notepad.
Go to File > save as and name the file fixes.bat.
Change the Save as type to all files and save it to your desktop.

@echo off
sc stop npggsvc
sc delete npggsvc

Double-click on fixes.bat file to execute it.

Reboot and post a fresh hjt log.


Run this program also and post the log please, it won't remove anything but I need to see the report

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)

Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

aeneas3
2010-03-02, 20:27
HJT

DDS (Ver_09-12-01.01) - NTFSx86
Run by Yowpa at 13:24:10.98 on Tue 03/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3838.2813 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdwserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Yowpa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Yowpa\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.facebook.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Auto EPSON Stylus Photo R200 Series (Copy 1) on YOWPAS] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2h1.exe /p54 "auto epson stylus photo r200 series (copy 1) on yowpas" /o17 "\\yowpas\Printer5" /M "Stylus Photo R200"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\yowpa\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Search - ?p=GRman000
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207167158820
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {C3A95E5F-1F11-4DE3-9375-43C369582FF6} = 209.193.72.2,209.193.68.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\yowpa\applic~1\mozilla\firefox\profiles\i3gi5inr.main\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\yowpa\application data\mozilla\firefox\profiles\i3gi5inr.main\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\yowpa\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-30 93360]
R2 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2009-10-15 106496]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-10 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2009-1-16 98984]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-28 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-2-28 339984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-13 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-13 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-13 170480]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2009-10-15 27072]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-28 29744]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2009-10-15 42000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-13 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-3-3 1122304]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 TKFsAc;TKFsAc;\??\c:\windows\system32\tkfsac2k.sys --> c:\windows\system32\TKFsAc2k.sys [?]
S3 TKFsAv;TKFsAv;\??\c:\windows\system32\tkfsav2k.sys --> c:\windows\system32\TKFsAv2k.sys [?]
S3 TKFsFt;TKFsFt;\??\c:\windows\system32\tkfsft2k.sys --> c:\windows\system32\TKFsFt2k.sys [?]
S3 TKRgAc;TKRgAc;\??\c:\windows\system32\tkrgac2k.sys --> c:\windows\system32\TKRgAc2k.sys [?]
S3 TKRgFt;TKRgFt;\??\c:\windows\system32\tkrgftxp.sys --> c:\windows\system32\TKRgFtXp.sys [?]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-28 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-2-28 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-2-28 689416]
S3 WEC600N;Linksys Dual-Band Wireless-N ExpressCard WEC600N Driver;c:\windows\system32\drivers\WEC600N.SYS [2009-10-15 1265536]

=============== Created Last 30 ================

2010-03-02 16:36:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 16:35:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 16:35:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 19:53:58 0 d-----w- c:\program files\Bonjour
2010-02-28 17:39:14 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-02-28 17:39:14 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-02-28 17:39:14 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-28 17:33:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-02-28 15:46:56 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2010-02-28 15:46:46 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-02-28 15:46:46 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-02-28 15:46:46 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-02-28 15:46:46 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-02-28 15:46:46 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-02-27 16:02:40 0 d-----w- c:\program files\TrendMicro
2010-02-27 15:17:27 0 d-----w- c:\docume~1\yowpa\applic~1\Malwarebytes
2010-02-27 15:17:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-24 03:11:08 374492 ----a-w- c:\documents and settings\yowpa\.recently-used.xbel
2010-02-23 01:04:11 0 d-----w- c:\docume~1\yowpa\applic~1\Softplicity
2010-02-23 01:02:46 0 d-----w- c:\program files\TotalHTMLConverter
2010-02-22 22:18:39 224016 ----a-w- c:\windows\system32\tabctl32.ocx
2010-02-22 22:18:25 57016 ----a-w- c:\windows\system32\imsys.dll
2010-02-22 22:18:06 343224 ----a-w- c:\windows\system32\iimds.dll
2010-02-22 22:18:05 14848 ----a-w- c:\windows\system32\iimir.dll
2010-02-22 22:18:04 233144 ----a-w- c:\windows\system32\IMImage.dll
2010-02-22 22:15:51 0 d-----w- c:\program files\iMacros
2010-02-14 02:45:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-01 02:33:04 28 ----a-w- c:\windows\pdf995.ini
2010-02-01 00:03:24 100 ----a-w- c:\windows\wpd99.drv
2010-02-01 00:03:24 0 d-----w- c:\docume~1\alluse~1\applic~1\pdf995
2010-02-01 00:03:21 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-02-01 00:03:21 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-02-01 00:02:14 0 d-----w- C:\pdf995

==================== Find3M ====================

2010-02-25 00:18:33 5892 ----a-w- c:\docume~1\yowpa\applic~1\wklnhst.dat
2010-02-24 21:53:16 27335 ----a-w- c:\windows\system32\nvModes.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 08:13:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-19 15:23:03 3064832 ----a-w- c:\documents and settings\yowpa\SFrame.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-09 05:53:44 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-06 00:42:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys

============= FINISH: 13:24:59.10 ===============


DDS
:thanks:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2008 3:58:36 PM
System Uptime: 3/2/2010 1:08:05 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WY040
Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 30.398 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP676: 12/3/2009 5:04:29 AM - System Checkpoint
RP677: 12/4/2009 8:45:10 AM - System Checkpoint
RP678: 12/5/2009 10:46:48 AM - System Checkpoint
RP679: 12/6/2009 11:36:47 AM - System Checkpoint
RP680: 12/7/2009 12:06:21 PM - System Checkpoint
RP681: 12/7/2009 9:14:47 PM - Installed Opera 10.10.
RP682: 12/8/2009 10:17:52 PM - System Checkpoint
RP683: 12/9/2009 11:38:24 PM - System Checkpoint
RP684: 12/10/2009 3:00:38 AM - Software Distribution Service 3.0
RP685: 12/11/2009 3:32:07 AM - System Checkpoint
RP686: 12/12/2009 4:43:22 AM - System Checkpoint
RP687: 12/13/2009 5:37:18 AM - System Checkpoint
RP688: 12/14/2009 1:54:25 PM - System Checkpoint
RP689: 12/15/2009 6:10:46 PM - System Checkpoint
RP690: 12/16/2009 7:28:13 PM - System Checkpoint
RP691: 12/17/2009 2:38:59 PM - Installed Windows XP KB915800-v4.
RP692: 12/17/2009 2:39:37 PM - Installed Windows XP Windows Search 4.0.
RP693: 12/18/2009 4:15:59 PM - System Checkpoint
RP694: 12/19/2009 3:01:54 AM - Software Distribution Service 3.0
RP695: 12/20/2009 3:39:00 AM - System Checkpoint
RP696: 12/21/2009 5:29:34 PM - System Checkpoint
RP697: 12/22/2009 5:18:45 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP698: 12/22/2009 5:19:12 PM - Installed PHOTOfunSTUDIO HD Edition
RP699: 12/22/2009 6:44:08 PM - Installed Software Suite
RP700: 12/22/2009 9:53:41 PM - Installed Connect Service
RP701: 12/22/2009 10:46:42 PM - Installed Connect Service
RP702: 12/23/2009 3:00:23 AM - Software Distribution Service 3.0
RP703: 12/24/2009 6:22:42 AM - Installed Connect Service
RP704: 12/24/2009 9:15:15 PM - Move file to quarantine: WLTRYSVC.EXE
RP705: 12/24/2009 9:16:31 PM - Move file to quarantine: Windows Search Namespace Manager
RP706: 12/24/2009 9:16:52 PM - Move file to quarantine: Sigmatel Audio system tray application
RP707: 12/26/2009 9:14:53 PM - System Checkpoint
RP708: 12/27/2009 10:08:01 PM - System Checkpoint
RP709: 12/29/2009 12:02:09 AM - System Checkpoint
RP710: 12/30/2009 12:58:39 AM - System Checkpoint
RP711: 12/31/2009 1:23:49 AM - System Checkpoint
RP712: 1/1/2010 1:34:18 AM - System Checkpoint
RP713: 1/2/2010 1:44:19 AM - System Checkpoint
RP714: 1/3/2010 2:33:16 AM - System Checkpoint
RP715: 1/4/2010 9:08:27 AM - System Checkpoint
RP716: 1/5/2010 10:04:36 AM - System Checkpoint
RP717: 1/6/2010 4:01:36 PM - System Checkpoint
RP718: 1/7/2010 5:23:15 PM - System Checkpoint
RP719: 1/8/2010 10:52:32 PM - System Checkpoint
RP720: 1/9/2010 11:07:33 PM - System Checkpoint
RP721: 1/11/2010 12:50:20 AM - System Checkpoint
RP722: 1/12/2010 1:48:03 AM - System Checkpoint
RP723: 1/12/2010 9:18:53 AM - Avg8 Update
RP724: 1/12/2010 9:23:02 AM - Avg8 Update
RP725: 1/13/2010 6:23:05 AM - Software Distribution Service 3.0
RP726: 1/14/2010 8:48:45 AM - System Checkpoint
RP727: 1/15/2010 11:58:32 AM - System Checkpoint
RP728: 1/21/2010 3:00:21 AM - Software Distribution Service 3.0
RP729: 1/22/2010 3:00:19 AM - Software Distribution Service 3.0
RP730: 1/23/2010 9:43:01 AM - System Checkpoint
RP731: 1/24/2010 3:36:24 PM - System Checkpoint
RP732: 1/25/2010 5:57:38 PM - System Checkpoint
RP733: 1/26/2010 1:19:02 PM - Installed Roxio Update Manager
RP734: 1/27/2010 4:27:30 PM - System Checkpoint
RP735: 1/28/2010 5:11:42 PM - System Checkpoint
RP736: 1/29/2010 5:32:24 PM - System Checkpoint
RP737: 1/30/2010 5:47:49 PM - Software Distribution Service 3.0
RP738: 1/31/2010 2:24:53 AM - Software Distribution Service 3.0
RP739: 1/31/2010 5:48:25 PM - Software Distribution Service 3.0
RP740: 1/31/2010 7:04:13 PM - Printer Driver PDF995 Printer Driver Installed
RP741: 2/1/2010 6:04:13 PM - Software Distribution Service 3.0
RP742: 2/2/2010 9:29:25 AM - Avg8 Update
RP743: 2/3/2010 4:13:12 PM - System Checkpoint
RP744: 2/4/2010 1:48:04 PM - Software Distribution Service 3.0
RP745: 2/5/2010 1:57:46 PM - System Checkpoint
RP746: 2/5/2010 5:01:31 PM - Software Distribution Service 3.0
RP747: 2/6/2010 7:04:18 PM - System Checkpoint
RP748: 2/7/2010 2:23:34 AM - Software Distribution Service 3.0
RP749: 2/8/2010 2:47:17 AM - System Checkpoint
RP750: 2/9/2010 2:53:18 AM - System Checkpoint
RP751: 2/9/2010 10:13:31 PM - Software Distribution Service 3.0
RP752: 2/10/2010 3:00:23 AM - Software Distribution Service 3.0
RP753: 2/11/2010 3:44:04 AM - System Checkpoint
RP754: 2/12/2010 3:52:05 AM - System Checkpoint
RP755: 2/12/2010 7:43:30 AM - Software Distribution Service 3.0
RP756: 2/13/2010 8:21:21 AM - System Checkpoint
RP757: 2/13/2010 9:42:22 PM - Software Distribution Service 3.0
RP758: 2/13/2010 9:45:13 PM - Installed AVG Free 9.0
RP759: 2/14/2010 1:50:11 AM - Software Distribution Service 3.0
RP760: 2/15/2010 1:59:07 AM - System Checkpoint
RP761: 2/15/2010 12:24:41 PM - Software Distribution Service 3.0
RP762: 2/16/2010 1:08:59 PM - System Checkpoint
RP763: 2/16/2010 8:36:48 PM - Software Distribution Service 3.0
RP764: 2/18/2010 3:19:21 AM - System Checkpoint
RP765: 2/18/2010 8:20:16 PM - Software Distribution Service 3.0
RP766: 2/20/2010 3:46:45 AM - System Checkpoint
RP767: 2/20/2010 7:49:53 PM - Software Distribution Service 3.0
RP768: 2/21/2010 1:58:44 AM - Software Distribution Service 3.0
RP769: 2/21/2010 7:50:00 PM - Software Distribution Service 3.0
RP770: 2/22/2010 7:53:29 PM - Software Distribution Service 3.0
RP771: 2/23/2010 7:01:56 PM - Software Distribution Service 3.0
RP772: 2/23/2010 7:59:02 PM - Software Distribution Service 3.0
RP773: 2/24/2010 8:02:12 PM - Software Distribution Service 3.0
RP774: 2/25/2010 8:47:46 PM - System Checkpoint
RP775: 2/26/2010 8:47:50 AM - Software Distribution Service 3.0
RP776: 2/27/2010 8:29:45 AM - Software Distribution Service 3.0
RP777: 2/27/2010 11:02:03 AM - Installed HiJackThis
RP778: 2/28/2010 2:04:34 AM - Software Distribution Service 3.0
RP779: 2/28/2010 12:31:33 PM - Installed Trend Micro Internet Security
RP780: 3/1/2010 11:03:11 AM - Software Distribution Service 3.0
RP781: 3/1/2010 4:35:05 PM - Removed Opera 10.10.
RP782: 3/2/2010 11:17:01 AM - Removed AVG Free 9.0
RP783: 3/2/2010 1:20:15 PM - Software Distribution Service 3.0

==== Installed Programs ======================

4U AVI MPEG Converter (version 5.6.9)
AAC Decoder
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.3.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI RoboForm (All Users)
albelli photo book creator express
albelli photo books
Amazon MP3 Downloader 1.0.5
Any Video Converter Professional 2.7.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Audacity 1.3.4 (Unicode)
AutoUpdate
Bejeweled 2 Deluxe 1.1.3.2523
BlackBerry Desktop Software 4.6
BlackBerry Device Software Updater
Bonjour
Broadcom Management Programs
Chromium
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
ConvertXtoDVD 3.5.3.139
Corel Photo Album 7
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Music Converter
Dell Driver Download Manager
Dell Touchpad
Digital Line Detect
DirectX 9 Runtime
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus (DAP)
DVD Shrink 3.2
EMC 11 Content
ERUNT 1.1j
ffdshow [rev 3164] [2009-12-14]
FormatFactory
Fraps (remove only)
GIMP 2.4.6
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
HandBrake 0.9.3
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iMacros V6.90
ImTOO 3GP Video Converter
INI_FCFG_V03.14A05
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
KhalInstallWrapper
kuler
LeapFrog Connect
LeapFrog My Pals Plugin
Left 4 Dead
Lexmark 7600 Series
Lexmark Printable Web
Lexmark Toolbar
Linksys Wireless-N Notebook Adapter - WEC600N
Linksys WUSB100 RangePlus Wireless USB Adapter
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
MKV Splitter
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.5.8)
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
NetWaiting
nProtect Security Platform 2007
NVIDIA Drivers
OpenOffice.org 2.4
PDF Settings CS4
Pdf995
PdfEdit995
PDFZilla V1.2.7
Photo Viewer 2.4
PHOTOfunSTUDIO HD Edition
Photoshop Camera Raw
Picasa 3
QuickSet
QuickTime
Rappelz
Roxio Activation Module
Roxio BackOnTrack
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio File Backup
Roxio High-Def/Blu-ray Disc Plug-In
Roxio Media Manager
Roxio Update Manager
RunAlyzer
Safari
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skype web features
Skype™ 4.1
SmartSound Quicktracks Plugin
Snagit 9.1.1
Sonic Activation Module
Steam
Suite Shared Configuration CS4
Supercast
TaxCut New York 2008
TaxCut Premium + Efile 2008
TeamSpeak 2 RC2
TotalHTMLConverter
Trend Micro Internet Security
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WebFldrs XP
Windows Driver Package - Intel (NETw5x32) net (11/17/2008 12.2.0.11)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinX DVD Author 5.5
WinZip 12.1
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
ZIP Reader 8.00.0018
Zynga Toolbar

==== Event Viewer Messages From Past Week ========

3/1/2010 4:35:31 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/1/2010 11:40:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Unauthorized Change Prevention Service service to connect.
3/1/2010 11:40:45 PM, error: Service Control Manager [7000] - The Trend Micro Unauthorized Change Prevention Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2010 8:31:45 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/27/2010 12:27:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
2/27/2010 12:27:26 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2010 12:26:29 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/27/2010 12:08:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
2/27/2010 12:07:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
2/27/2010 12:07:23 PM, error: Service Control Manager [7001] - The Intel(R) PROSet/Wireless SSO Service service depends on the Intel(R) PROSet/Wireless WiFi Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
2/27/2010 12:07:23 PM, error: Service Control Manager [7000] - The Broadcom Wireless LAN Tray Service service failed to start due to the following error: The system cannot find the file specified.
2/27/2010 12:07:22 PM, error: Service Control Manager [7003] - The Intel(R) PROSet/Wireless WiFi Service service depends on the following nonexistent service: s24trans
2/27/2010 12:05:23 PM, error: Print [23] - Printer Fax Lexmark 7600 Series failed to initialize because a suitable Fax Lexmark 7600 Series Printer driver could not be found.
2/27/2010 11:23:05 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A517969B-9E48-453B-A. The master browser is stopping or an election is being forced.
2/27/2010 10:02:29 AM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
2/25/2010 7:55:08 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00236928E48D has been denied by the DHCP server 198.212.218.35 (The DHCP Server sent a DHCPNACK message).
2/23/2010 7:48:09 PM, error: Dhcp [1002] - The IP address lease 10.120.30.4 for the Network Card with network address 00236928E48D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

ken545
2010-03-02, 20:40
Hi,

c:\program files\imacros
www.fileplanet.com
Most times using programs and sites like this can get you into trouble malwarewise.


Nothing jumping out at me. What we will do here is check for a Rootkit and if none is found than I believe your issues are not malware related and if so I can link you to other forums that deal with windows issues, but lets hang off on that until I see the results of the scan.

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Please download GMER from one of the following locations and save it to your desktop:
Main Mirror (http://gmer.net/download.php)
This version will download a randomly named file (Recommended)
Zipped Mirror (http://gmer.net/gmer.zip)
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html) so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.




To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

aeneas3
2010-03-03, 00:30
i got a BSOD my first scan - I assume it is normal for this scan to take a long time. Interestingly enough I did disable the real time protection and firewall for trendnet and windows defender but still got an "allow" message for gmer. that surprised me.
how do I know when the scan is fully completed for gmer? when it stops listing files?
anyway, going to scan again will post results.
thanks again

ken545
2010-03-03, 01:15
Sometimes GMER takes awhile, just let it run and post the log

aeneas3
2010-03-03, 04:38
ok on my 4thscan the last two froze :(
am I doing something wrong?
no big deal.

i just wanted to make sure i know when it is done - the "stop" greys out? because while watching the list of files as it scans it lists one in the bottom left of the program on the same bar as OK and cancel. And it goes lists ones that it has before. the last two times it just freezes and I get the hourglass mouse symbol over it.
:oops:

aeneas3
2010-03-03, 04:47
ps
i was thinking about trying again and letting it scan overnight. Would it be feasible to renable thru defogger and reenable my real time security and then restart with disabling the security and disabling thru defogger tonight prior to bed? would that ruin anything?
thanks

ken545
2010-03-03, 11:28
If its giving you problems and you cant get it to run you can try running it in Safemode, still use Defogger and disable your AV

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

aeneas3
2010-03-03, 13:26
morning ken
it ran overnight :)
this is the log file. it looked completed to me so hopefully that is the case. I was going to try safe mode had this one failed, ty for that suggestion:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-03 06:14:45
Windows 5.1.2600 Service Pack 3
Running: hokc9o5o.exe; Driver: C:\DOCUME~1\Yowpa\LOCALS~1\Temp\pxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A69360, 0x307447, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3144] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat B1727D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----

thanks again:euro:

ken545
2010-03-03, 14:14
Nothing really bad in any of the scans.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

aeneas3
2010-03-04, 02:18
hi ken
just an update. ES is scanning and doing a wonderful job it seems. it has found 3 items already. it is about 1/3 done after 5.5hrs. Figure it will be done in the AM and i will post the log
thanks again!:rockon:

aeneas3
2010-03-04, 07:21
hi ken
it found 5 files.
looks like someone was doing some downloading when they were visiting :/
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8789f5945e68af46977e82e467d33334
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-03 06:37:36
# local_time=2010-03-03 01:37:36 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=258 16776894 0 58 14877584 63829382 0 0
# compatibility_mode=513 16777045 100 100 0 0 0 0
# compatibility_mode=1024 16777215 100 0 598921 598921 0 0
# compatibility_mode=5891 16776533 100 100 0 22177164 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=83647
# found=0
# cleaned=0
# scan_time=9009
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8789f5945e68af46977e82e467d33334
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-04 04:48:29
# local_time=2010-03-03 11:48:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=258 16776894 0 58 14886695 63838493 0 0
# compatibility_mode=513 16777045 100 100 0 0 0 0
# compatibility_mode=1024 16777215 100 0 608032 608032 0 0
# compatibility_mode=5891 16776533 100 100 0 22186275 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=243710
# found=5
# cleaned=5
# scan_time=36553
C:\Documents and Settings\Yowpa\My Documents\Downloads\VSO ConvertXtoDVD[v3.5.3.139] LnDL[h33t][Dave3737]\VSO ConvertXtoDVD[v3.5.3.139] LnDL[h33t][Dave3737].rar probably a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Yowpa\My Documents\Downloads\VSO ConvertXtoDVD[v3.5.3.139] LnDL[h33t][Dave3737]\Patch\Patch.exe probably a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Downloads\frostwire-4.17.0.windows.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Installer\14d5fd2.msi a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

ken545
2010-03-04, 11:59
Hi,

frostwire <--Downloading files with File Sharing sites like this and the others like Limewire, the Torrents are really dangerous, your downloading that file from an unknown source and most contain malicious code bundled with them.


How are things running now ?

aeneas3
2010-03-04, 16:23
hi
things are better it seems.
thanks again for all of your help!

ken545
2010-03-04, 20:15
Your very welcome :bigthumb:



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

ken545
2010-03-11, 14:05
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.