can't access "my computer" and "my documents"

N

Nicholas Assue

New member
When i click on my documents and computer I get a "windows explorer has encountered a problem" message and sometimes windows explorer shuts down and restarts. I think I might be infected.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:32 PM, on 01/27/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: BhoApp Class - {08804AF8-7D13-B6A8-52F0-5286F0CAF48A} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SpyPsy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\System32\gopfa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222017318852
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7425566-F5C3-4172-BAC7-D56EC7080EF9}: NameServer = 85.255.116.126,85.255.112.215

--
End of file - 4708 bytes


Service pack still missing while instructed to update in previous topic
 
Last edited by a moderator:
Hi Nicholas Assue

Your log indicates that your system is seriously lacking in security updates. That issue needs to be addressed prior to cleaning your system. If you are for any reason unable to install security updates, it will not be possible to secure your system to any degree as it will just keep getting reinfected.

Accordingly, please do the following:

  • Download a diagnostic tool (MGADiag.exe) from >here< and save the tool to your Desktop.
  • Double-click on MGADiag.exe.
  • Select "Continue."
  • Next, the Windows tab should open with a report in it. Select the "Copy" button.
  • Open Notepad and paste the contents of the clipboard into a Notepad text file and save it to your Desktop.
  • Paste the contents of that text file into a reply in this topic.
 
not working

I've tried downloading the software you mentioned using the link you sent me but every time I click on it, I keep getting a loading error page.:scratch:what should I do?
 
Hi Nicholas Assue

You will need to validate your copy of Windows, please use Internet Explorer for the next step

  • Click here to visit Microsoft website.
  • Click on the Validate Windows button on the top right hand corner to validate your Windows.
  • Click on Continue.
  • You will be prompted to install an ActiveX. Please install it.
  • Please copy and paste the results of the validation in your next reply.

Thanks peku006
 
something still wrong

I've done the first two steps you suggested, but I don't see a continue button like your third step mentioned. Instead the link below comes up so I try following that first but there's a problem. Their instructions were to right click the info bar in order to install the Active X Control you wanted me to install in the first place, but on my computer I'm not getting an info bar like in their example picture. I'm using Microsoft Internet Explorer like you said even to send you this message.








http://www.microsoft.com/genuine/validate/?displaylang=en&sGuid=769fc02d-fc99-4c96-a174-9f233716addd
 
What's wrong with my computer

Hey. Sorry for the constant inconvenience, but something is still wrong. I clicked on the link to download the software and the page came up fine. But when I clicked on the download button I got that error page again. I tried several times at different times of the day. I even tried on Internet Explorer and there the page just comes up blank. What could be causing these continuous interferences?:sad:
 
Hi Nicholas Assue

1. You can´t run MGADiag.exe.

2. You can´t Validate Windows.

3. You can´t download Windows XP Service Pack 1a

Sounds as though you may not have a legal copy of Windows.
 
It's not an illegal copy, it came with the computer.

Plus, I don't know nothing about computers. I am not savvy enough to know what an illegal copy is, let alone use one.
 
Hi Nicholas Assue

Where did you bought your computer
Any reason why your windows isn't up to date?

You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Before we continue, please do this (please use Internet Explorer)
visit windowsupdate
 
maby this is the problem

It's still not working but this may be why.

I once had to reinstall the operating system because of a previous problem using the back up disks available. My computer was inresponsive to attempted internet connections. Plus my entire desktop had dissappeared from the screen, including the start bar. All my files and information were still on the computer but the shortcuts were not.

Anyway this is what I got this time when I clicked on your link.

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
 
Hi Nicholas Assue

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006
 
something finally worked:

MBAB-log:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600

02/10/2009 6:19:39 PM
mbam-log-2009-02-10 (18-19-39).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 69457
Time elapsed: 16 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 14
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95c6f0d7-507c-41e3-9e07-a78e15433e2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d71c4af2-9e0d-4eb3-98a6-f542e6f360d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhclp9j0e129 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08804af8-7d13-b6a8-52f0-5286f0caf48a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08804af8-7d13-b6a8-52f0-5286f0caf48a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhclp9j0e129 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxob.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b7425566-f5c3-4172-bac7-d56ec7080ef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.126,85.255.112.215 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b7425566-f5c3-4172-bac7-d56ec7080ef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.126,85.255.112.215 -> Delete on reboot.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\768890 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\System32\kdxob.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\gopfa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CDE44F99-D6C1-47C2-A0A8-FE56651260EB}\RP41\A0004104.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

RSIT-logs:

log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nicholas at 2009-02-10 18:27:08
Microsoft Windows XP Home Edition
System drive C: has 70 GB (92%) free of 76 GB
Total RAM: 127 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:25 PM, on 02/10/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nicholas\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicholas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222017318852

--
End of file - 4741 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-18 843804]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2001-08-23 331830]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]
"BVRPLiveUpdate"=C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-08-18 13312]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-19 342848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk - C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-02-10 18:27:08 ----D---- C:\rsit
2009-02-10 17:43:02 ----D---- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes
2009-02-10 17:42:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-10 17:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-23 17:53:20 ----D---- C:\Config.Msi
2009-01-23 17:52:19 ----D---- C:\Program Files\DNA
2009-01-23 17:52:19 ----D---- C:\Program Files\BitComet
2009-01-23 17:51:51 ----D---- C:\Program Files\LimeWire
2009-01-23 17:51:51 ----D---- C:\Program Files\Kazaa

======List of files/folders modified in the last 1 months======

2009-02-10 18:23:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-10 18:22:58 ----A---- C:\WINDOWS\RTacDbg.txt
2009-02-10 18:22:50 ----D---- C:\WINDOWS
2009-02-10 18:22:46 ----D---- C:\WINDOWS\Temp
2009-02-10 18:22:43 ----D---- C:\Documents and Settings\Nicholas\Application Data\DNA
2009-02-10 18:22:09 ----D---- C:\WINDOWS\Debug
2009-02-10 18:21:55 ----RD---- C:\Program Files
2009-02-10 18:21:55 ----D---- C:\WINDOWS\System32\drivers
2009-02-10 18:21:55 ----D---- C:\WINDOWS\system32
2009-02-10 18:21:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-10 18:19:32 ----D---- C:\WINDOWS\Prefetch
2009-02-04 18:11:23 ----D---- C:\Program Files\AskBarDis
2009-02-02 23:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-02 16:30:52 ----A---- C:\WINDOWS\wininit.ini
2009-01-29 18:56:52 ----A---- C:\WINDOWS\ModemLog_Generic SoftK56.txt
2009-01-23 17:53:48 ----D---- C:\WINDOWS\System32\config
2009-01-23 17:53:38 ----D---- C:\WINDOWS\System32\wbem
2009-01-23 17:53:37 ----D---- C:\WINDOWS\Registration
2009-01-23 17:53:25 ----SHD---- C:\WINDOWS\Installer
2009-01-23 17:53:06 ----D---- C:\WINDOWS\System32\DirectX
2009-01-23 17:52:49 ----D---- C:\WINDOWS\RegisteredPackages
2009-01-23 17:52:46 ----D---- C:\Program Files\Xvid
2009-01-23 17:52:45 ----D---- C:\Program Files\Windows Media Player
2009-01-23 17:50:07 ----D---- C:\WINDOWS\System32\Restore
2009-01-23 17:09:32 ----D---- C:\WINDOWS\System32\CatRoot2
2009-01-23 16:55:34 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-01-23 16:55:20 ----HD---- C:\WINDOWS\inf
2009-01-23 16:55:17 ----D---- C:\WINDOWS\System32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2002-01-01 21035]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-04-08 295168]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 rtl8185;Airlink101 802.11g Wireless Cardbus/PCI Adapter Driver; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [2007-06-14 306560]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-04-04 459944]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-08-17 50688]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-08-17 18944]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\System32\drivers\Ndisprot.sys []
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\System32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\s916obex.sys [2007-11-02 100008]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.05 2009-02-10 18:27:28

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Airlink101 Cardbus & PCI Wireless Configuration Utility-->C:\Program Files\InstallShield Installation Information\{94FE8955-027B-41E0-8192-89F14A9E25F7}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{B7425566-F5C3-4172-BAC7-D56EC7080EF9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 16214
Source Name: Tcpip
Time Written: 20090129205917.000000-300
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040F4F8A126. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 16213
Source Name: Dhcp
Time Written: 20090129205912.000000-300
Event Type: warning
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{B7425566-F5C3-4172-BAC7-D56EC7080EF9} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 16212
Source Name: Tcpip
Time Written: 20090129205912.000000-300
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{B7425566-F5C3-4172-BAC7-D56EC7080EF9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 16211
Source Name: Tcpip
Time Written: 20090129205857.000000-300
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040F4F8A126. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 16210
Source Name: Dhcp
Time Written: 20090129205852.000000-300
Event Type: warning
User:

Application event log

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1000
Message: Faulting application wmplayer.exe, version 8.0.0.4477, faulting module msvcrt.dll, version 7.0.2600.0, fault address 0x00034748.

Record Number: 84
Source Name: Application Error
Time Written:
Event Type: error
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4097
Message: The application, C:\Program Files\Windows Media Player\wmplayer.exe, generated an application error
The error occurred on 01/01/2050 @ 18:17:02.108
The exception generated was c0000005 at address 77C44748 (MSVCRT!Gettnames)

Record Number: 83
Source Name: DrWatson
Time Written:
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1000
Message: Faulting application wmplayer.exe, version 8.0.0.4477, faulting module msvcrt.dll, version 7.0.2600.0, fault address 0x00034748.

Record Number: 82
Source Name: Application Error
Time Written:
Event Type: error
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4097
Message: The application, C:\Program Files\Windows Media Player\wmplayer.exe, generated an application error
The error occurred on 01/01/2050 @ 18:15:29.468
The exception generated was c0000005 at address 77C44748 (MSVCRT!Gettnames)

Record Number: 81
Source Name: DrWatson
Time Written:
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1000
Message: Faulting application wmplayer.exe, version 8.0.0.4477, faulting module msvcrt.dll, version 7.0.2600.0, fault address 0x00034748.

Record Number: 80
Source Name: Application Error
Time Written:
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
 
Hi Nicholas Assue

Your system is heavily infected with lots of crap. ...
(I do not understand how it is possible, you do not know how to update windows , but you know how to use P2P programs)

There are three things which you need to do before we continue (if you do not do so....I can´t help you more)
visit this website Download and install Windows XP Service Pack 1a

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

DNA
BitComet
LimeWire
Kazaa



I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

There is no sign of an antivirus installed on your system. There are several reasons for it. Either you have disabled your antivirus or there's no antivirus installed.

If you have disabled it, please re-enable it. If you have no antivirus installed, please get ONE antivirus and install it. Restart the computer for changes to take effect.

avast! 4 Home Edition
AntiVir Free Edition

Please post back a new HijackThis log after installing the antivirus and Service Pack 1
 
Last edited:
I did what you said and I installed the "avast" antivirus. I have the "spybot search and destroy" antivirus system already, I don't know how come you didn't see it in my last log files, but then again I haven't been upgrading it like you said so maby that's why, so I just installed the one you suggested. Let me know if I should uninstall the spybot system. Also I'm not sure how come you saw those file sharing programs as well. I got rid of the kazaa a long time ago and the bit torrent and limewire a few months ago. The only one I saw left was DNA but I just uninstalled today like you said. I didn't run a scan with the avast antivirus but after I reboot my p.c. I tried going into it and it said that I needed a license key word or something, so I tried exiting right away but when I did that my computer started freezing alot. It was like that for a while but now it seems to be operating normally again now. Should that be of any concern.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:17 PM, on 02/11/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222017318852
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5385 bytes
 
Hi Nicholas Assue

I did what you said and I installed the "avast" antivirus. I have the "spybot search and destroy" antivirus system already, I don't know how come you didn't see it in my last log files, but then again I haven't been upgrading it like you said so maby that's why, so I just installed the one you suggested. Let me know if I should uninstall the spybot system
Click to expand...
spybot search and destroy is not a antivirus program...

Also I'm not sure how come you saw those file sharing programs as well. I got rid of the kazaa a long time ago and the bit torrent and limewire a few months ago. The only one I saw left was DNA but I just uninstalled today like you said.
Click to expand...
from you rsit log:

======List of files/folders created in the last 1 months======
2009-01-23 17:52:19 ----D---- C:\Program Files\DNA
2009-01-23 17:52:19 ----D---- C:\Program Files\BitComet
2009-01-23 17:51:51 ----D---- C:\Program Files\LimeWire
2009-01-23 17:51:51 ----D---- C:\Program Files\Kazaa

how is this possible if you have removed them a few months ago

I needed a license key word or something
Click to expand...
you need to register it....Registration of avast! 4 Home Edition

I also noticed you only have 127 MB of RAM.....127 is really too little memory for XP..........

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
 
hi. So should I leave the spybot search and destroy system? also my computer is still moving alot slower than usual. Can you help me with that, please?

ComboFix 09-02-12.03 - Nicholas 2009-02-12 17:04:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.127.8 [GMT -5:00]
Running from: c:\documents and settings\Nicholas\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://theupdatedownload.com
.
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2078-01-01 19:57 . 2009-01-30 17:03 54,156 --ah----- c:\windows\QTFont.qfn
2078-01-01 19:57 . 2078-01-01 19:57 1,409 --a------ c:\windows\QTFont.for
2009-02-12 16:12 . 2009-02-12 16:12 <DIR> d-------- c:\windows\LastGood
2009-02-12 15:49 . 2005-02-24 22:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-12 15:47 . 2009-02-12 15:53 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 15:41 . 2009-02-12 16:28 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-11 23:21 . 2004-03-29 20:48 36,864 --a------ c:\windows\system32\mf3216.dll
2009-02-11 23:21 . 2004-03-29 20:48 36,864 --a--c--- c:\windows\system32\dllcache\mf3216.dll
2009-02-11 19:28 . 2009-02-11 19:28 <DIR> d-------- c:\program files\Alwil Software
2009-02-11 19:28 . 2003-03-18 15:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-02-11 19:28 . 2003-03-18 14:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-02-11 19:28 . 2003-02-20 22:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2009-02-11 18:36 . 2009-02-11 18:36 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-11 18:36 . 2009-02-11 18:36 <DIR> d-------- c:\windows\ehome
2009-02-11 18:24 . 2002-08-29 05:41 3,494,303 --------- c:\windows\system32\nv4_disp.dll
2009-02-11 18:23 . 2005-05-04 14:45 2,890,240 --a------ c:\windows\system32\msi.dll
2009-02-11 18:21 . 2002-08-29 05:40 1,180,672 --a------ c:\windows\system32\d3d8.dll
2009-02-11 18:20 . 2002-08-29 05:41 578,560 --a------ c:\windows\system32\appwiz.cpl
2009-02-10 18:27 . 2009-02-10 18:27 <DIR> d-------- C:\rsit
2009-02-10 17:43 . 2009-02-10 17:43 <DIR> d-------- c:\documents and settings\Nicholas\Application Data\Malwarebytes
2009-02-10 17:42 . 2009-02-10 17:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 17:42 . 2009-02-10 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 17:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 17:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 17:52 . 2009-02-11 19:03 <DIR> d-------- c:\program files\DNA
2009-01-23 17:52 . 2009-01-23 17:52 <DIR> d-------- c:\program files\BitComet
2009-01-23 17:51 . 2009-01-23 17:51 <DIR> d-------- c:\program files\LimeWire
2009-01-23 17:51 . 2009-01-23 17:51 <DIR> d-------- c:\program files\Kazaa
2009-01-23 16:55 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-23 16:55 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-23 16:55 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-23 16:55 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 23:56 --------- d-----w c:\program files\MSN Messenger
2009-02-04 23:11 --------- d-----w c:\program files\AskBarDis
2009-02-03 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 22:52 --------- d-----w c:\program files\Xvid
2009-01-01 22:19 --------- d-----w c:\program files\Common Files\Adobe
2009-01-01 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 22:10 --------- d-----w c:\program files\Samsung
2008-12-23 02:08 --------- d-----w c:\program files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk - c:\program files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe [2002-01-01 811008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-11 114768]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2002-01-01 38144]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2mpaa.sys [2001-12-31 281856]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2002-01-16 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2002-01-16 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2002-01-16 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2002-01-16 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2002-01-16 100008]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Messenger
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uploadmgr
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmdmPmSp
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\d6u2id5x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 17:06:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\System32\ODBC32.dll
c:\windows\SYSTEM32\RTL8185\RtlGina.DLL

- - - - - - - > 'lsass.exe'(656)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-02-12 17:09:38
ComboFix-quarantined-files.txt 2009-02-12 22:09:34

Pre-Run: 70,982,455,296 bytes free
Post-Run: 70,979,346,432 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

194 --- E O F --- 2009-02-12 20:59:11



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:47 PM, on 02/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222017318852
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5054 bytes
 
Hi Nicholas Assue

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

DNA
BitComet
LimeWire
Kazaa

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW


  • Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Thanks peku006
 
hi. I don't know how you keep seeing these file sharing programs but like I said last time, I already uninstalled them a long time ago. I go into the control panel and add or remove programs page but I don't see these programs anywhere. Plus my p.c. was freezing worse than before. This time it took me almost an hour to get into my internet.


Adobe Flash Player 10 Plugin
Airlink101 Cardbus & PCI Wireless Configuration Utility
Apple Software Update
Ask Toolbar
ATI Display Driver
Avanquest update
avast! Antivirus
CCleaner (remove only)
Dell ResourceCD
HijackThis 2.0.2
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.0.6)
OpenOffice.org Installer 1.0
QuickTime
Security Update for Windows XP (KB912919)
Shockwave
Sony Ericsson PC Suite 3.209.00
SoundMAX
Spybot - Search & Destroy
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q815021
Windows XP Service Pack 1a
 
Hi Nicholas Assue
I don't know how you keep seeing these file sharing programs but like I said last time, I already uninstalled them a long time ago.
Click to expand...
Because you said earlier : "I got rid of the kazaa a long time ago and the bit torrent and limewire a few months ago"
and all of the folders was created 2009-01-23, it is not a long time ago
Plus my p.c. was freezing worse than before. This time it took me almost an hour to get into my internet.
Click to expand...
You did not have antivirus or service pack 1 installed on your system previously
Like I already said: you only have 127 MB of RAM, it is not enough...(you can never upgrade to service pack 2)
It is not possible keep your computer clean without an Antivirus and if windows are not updated
--------------------------------------------------------------------------------------------------------------------------------------
System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

1 - Update Java

Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.
  • Click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
  • A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 12.

  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

2 - Clean temp files

  • Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:

    • Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache
      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

3 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
 
You must log in or register to reply here.
Back
Top